[Stork-dev] Stork and LDAP Auth

Brendan Kearney bpk678 at gmail.com
Sun Oct 15 02:48:03 UTC 2023


list members,

i am a new kea and stork user, but have been using dhcpd for quite some 
time.  i am setting up stork, and want to point at ldap for auth.  i set 
things up, but have run into an issue.

i have set:

STORK_SERVER_HOOK_LDAP_GROUP_ADMIN="cn=dhcpAdmins,ou=domainGroups,ou=Groups,dc=bpk2,dc=com"
STORK_SERVER_HOOK_LDAP_GROUP_SUPER_ADMIN="cn=dhcpEngineers,ou=domainGroups,ou=Groups,dc=bpk2,dc=com"

and no user in those groups winds up getting access.  all users get an 
access error:

HTTP Error 403 Forbidden. Access to this page is forbidden for the 
currently logged in user. If you think you should have access to this 
page please contact your system administrator to verify your permissions.

the users are in the groups, and authentication works it seems because 
the login happens, but authorization is not working.  even when i set 
the group manually for the users, those settings do not persist in 
postgresql.  i watched the number of rows in system_user_to_group shrink 
from 3 to 2 to 1 during iterative logins, where the mappings were being 
deleted from the table.

are there tips and tricks to get ldap auth working?  any insights would 
be appreciated.

thank you,

brendan kearney



More information about the stork-dev mailing list