Light

LDAP bind with GSSAPI about ldap2pg HOT 8 CLOSED

djkube commented on July 29, 2024 1

LDAP bind with GSSAPI

from ldap2pg.

Comments (8)

bersace commented on July 29, 2024 1

Great idea. actually, libldap does support kerberos. It's a matter of proper setup and testing.

from ldap2pg.

bersace commented on July 29, 2024

@djkube would you mind help me testing kerberos once i got some code to test ?

from ldap2pg.

djkube commented on July 29, 2024

Sure, I can't have it sooner.

from ldap2pg.

bersace commented on July 29, 2024

Hi @djkube can you show me how you setup ldapsearch to query LDAP server with keytab ?

from ldap2pg.

djkube commented on July 29, 2024

Hi @bersace , I actually didn't tried using ldapsearch with keytab up to now, but figured it out after some fiddling.
I'm not sure what part of the setup you need, so I'll list the general direction and let me know if you need any details:
Everything bellow is on the client machine, except keytab preparation.

realm join domain.com
authconfig --enablesssd --enablesssdauth --enablelocauthorize --enableldap --enableldapauth --ldapserver=dc.domain.com --enableldaptls --ldapbasedn=dc=domain,dc=com--enableshadow --enablerfc2307bis --enablemkhomedir --enablecachecreds --update (not all the parameters required)
sssd.conf should be configured, say if you need any info.
A keytab file should be created and saved in the client.
If all is well, you should be able to run kinit '[email protected]' -t /etc/krb5.keytab
If all is well, you should be able to run ldapsearch -Z -Y GSSAPI dc.domain.com -b DC=DOMAIN,DC=COM

from ldap2pg.

djkube commented on July 29, 2024

@bersace some additional info that may be relevant:
https://www.openldap.org/lists/openldap-technical/201509/msg00060.html

from ldap2pg.

djkube commented on July 29, 2024

@bersace tried it but if breaks on me:

[ldap2pg.config INFO] Starting ldap2pg 4.17.
[ldap2pg.config DEBUG] Trying ./ldap2pg.yml.
[ldap2pg.config INFO] Using /root/ldap2pg.yml.
[ldap2pg.config DEBUG] Read verbosity from argv.
[ldap2pg.config DEBUG] Read ldap:uri from YAML.
[ldap2pg.config DEBUG] Read postgres:databases_query from YAML.
[ldap2pg.config DEBUG] Read postgres:owners_query from YAML.
[ldap2pg.config DEBUG] Read postgres:managed_roles_query from YAML.
[ldap2pg.config DEBUG] Read postgres:schemas_query from YAML.
[ldap2pg.config DEBUG] Read privileges from YAML.
[ldap2pg.config DEBUG] Read sync_map from YAML.
[ldap2pg.config DEBUG] Configuration loaded.
[ldap2pg.script DEBUG] Connecting to LDAP directory.
[ldap2pg.ldap DEBUG] Ignoring: [Errno 2] No such file or directory: '/etc/ldap/ldap.conf'
[ldap2pg.ldap DEBUG] Found rcfile /root/ldaprc.
[ldap2pg.ldap DEBUG] Read TLS_CACERTDIR from /root/ldaprc.
[ldap2pg.ldap DEBUG] Read SASL_NOCANON from /root/ldaprc.
[ldap2pg.ldap DEBUG] Read URI from /root/ldaprc.
[ldap2pg.ldap DEBUG] Read BASE from /root/ldaprc.
[ldap2pg.ldap DEBUG] Found rcfile /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read TLS_CACERTDIR from /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read SASL_NOCANON from /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read URI from /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read BASE from /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read SASL_MECH from /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read URI from YAML.
[ldap2pg.ldap DEBUG] Read HOST from YAML.
[ldap2pg.ldap DEBUG] Read PORT from YAML.
[ldap2pg.ldap DEBUG] Read BINDDN from YAML.
[ldap2pg.ldap DEBUG] Read PASSWORD from YAML.
[ldap2pg.ldap DEBUG] Read REFERRALS from YAML.
[ldap2pg.ldap DEBUG] Connecting to LDAP server ldap://dc.domain.com.
[ldap2pg.ldap DEBUG] Trying SASL GSSAPI auth.
[ldap2pg.script ERROR] Unhandled error:
[ldap2pg.script ERROR] Traceback (most recent call last):
[ldap2pg.script ERROR] File "/usr/local/lib/python3.6/site-packages/ldap2pg/script.py", line 94, in main
[ldap2pg.script ERROR] exit(wrapped_main(config))
[ldap2pg.script ERROR] File "/usr/local/lib/python3.6/site-packages/ldap2pg/script.py", line 34, in wrapped_main
[ldap2pg.script ERROR] ldapconn = ldap.connect(**config['ldap'])
[ldap2pg.script ERROR] File "/usr/local/lib/python3.6/site-packages/ldap2pg/ldap.py", line 247, in connect
[ldap2pg.script ERROR] conn.sasl_interactive_bind_s("", sasl.sasl(cb_values, auth))
[ldap2pg.script ERROR] NameError: name 'cb_values' is not defined
[ldap2pg.script ERROR] Please file an issue at https://github.com/dalibo/ldap2pg/issues with full log.

If you suspect anything is missing in my ldaprc let me know (ldapsearch susccefullly queries the ldap).

from ldap2pg.

djkube commented on July 29, 2024

Thank you so much @bersace!

from ldap2pg.

Related Issues (20)

ERROR: ldap2pg.script: TypeError: unhashable type: 'dict' HOT 2
Configure role per database HOT 2
ldap2pg does not synchronize when using {cn} in name or parent HOT 2
Is predefined role pg_signal_backend required when.using unpriv user? HOT 3
Complex AD configuration V6.0 HOT 1
Configure Python Version of ldap2pg v5.9 HOT 8
Match different Active Directories HOT 5
ldap2pg cron.d HOT 3
endless loop when trying to create roles with parent HOT 3
ldap2pg 6 in official postgres-common repository HOT 2
Drop schema cascade? HOT 1
Issue with Applying Privileges for All Schemas HOT 8
Connect to different Postgres Servers
Use GSSAPI for directory authentication HOT 8
WARN Unexpected DN HOT 11
Privileges for PostgreSQL procedures HOT 7
fallback_owner HOT 5
Typo in documentation
Runtime error : invalid memory address or nil pointer dereference HOT 2
Requesting a new build of 5.xversion

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.