[stork-users] Stork Server LDAP hook loading but not functioning
Slawek Figiel
slawek at isc.org
Mon Oct 28 17:02:34 UTC 2024
Hello Donald!
Could you describe what means the LDAP hook doesn't work for you? Do you
see the LDAP authentication method on the Stork login page?
I see your LDAP server is served over TLS. Another user reported a
problem with this kind of configuration:
https://gitlab.isc.org/isc-projects/stork/-/issues/1488 . Could you
check if you can use LDAP if it is served without TLS? We are analyzing
this problem, so any additional feedback would be appreciated.
If you run the Stork server as a systemD service, you can check the
detailed logs by calling `journalctl -u isc-stork-server` command.
Regards,
Slawek Figiel
On 28/10/2024 17:54, Donald Birtch wrote:
> Hi All,
>
> I have been stumped with getting the Stork Server LDAP hook working.
> Maybe someone can see a glaring issue with my configuration or have some
> additional things to troubleshoot the issue. I see no logs relating to
> LDAP. Here are the installed packages:
>
> hi isc-stork-server
> 1.19.0.240927162608 amd64 ISC Stork Server
>
> hi isc-stork-server-hook-ldap
> 1.19.0.240927162031 amd64 ISC Stork server
> ldap hook
>
> The LDAP hook appears to be loaded:
>
> # lsof -p $(pgrep stork-server) | grep stork-server-ldap.so
>
> stork-ser 409743 stork-server mem REG 253,0 12268368
> 16789136 /usr/lib/stork-server/hooks/stork-server-ldap.so
>
> Here are the server.env entries that I added based on the “stork-server
> –help” output:
>
> STORK_SERVER_HOOK_LDAP_URL=ldaps://ldap-server
>
> STORK_SERVER_HOOK_LDAP_SKIP_SERVER_TLS_VERIFICATION=true
>
> STORK_SERVER_HOOK_LDAP_BIND_USERDN=uid=username,ou=users,dc=server,dc=local
>
> STORK_SERVER_HOOK_LDAP_BIND_PASSWORD=password123
>
> STORK_SERVER_HOOK_LDAP_ROOT=dc=server,dc=local
>
> STORK_SERVER_HOOK_LDAP_DEBUG=true
>
> STORK_SERVER_HOOK_LDAP_MAP_GROUPS=true
>
> STORK_SERVER_HOOK_LDAP_GROUP_ALLOW=admins
>
> STORK_SERVER_HOOK_LDAP_GROUP_ADMIN=admins
>
> STORK_SERVER_HOOK_LDAP_GROUP_SUPER_ADMIN=admins
>
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_USER=inetOrgPerson
>
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_USER_ID=uid
>
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_USER_EMAIL=mail
>
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_USER_LAST_NAME=sn
>
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_USER_FIRST_NAME=displayName
>
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_GROUP=posixGroup
>
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_GROUP_COMMON_NAME=cn
>
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_GROUP_MEMBER=memberUid
>
> Any help is appreciated.
>
> Cheers,
>
> Don
>
>
> ------------------------------------------------------------------------
>
> This e-mail may contain confidential, personal and/or health
> information(information which may be subject to legal restrictions on
> use, retention and/or disclosure) for the sole use of the intended
> recipient. Any review or distribution by anyone other than the person
> for whom it was originally intended is strictly prohibited. If you have
> received this e-mail in error, please contact the sender and delete all
> copies.
>
More information about the Stork-users
mailing list