[stork-users] Stork Server LDAP hook loading but not functioning

Slawek Figiel slawek at isc.org
Mon Oct 28 17:02:34 UTC 2024


Hello Donald!

Could you describe what means the LDAP hook doesn't work for you? Do you 
see the LDAP authentication method on the Stork login page?

I see your LDAP server is served over TLS. Another user reported a 
problem with this kind of configuration: 
https://gitlab.isc.org/isc-projects/stork/-/issues/1488 . Could you 
check if you can use LDAP if it is served without TLS? We are analyzing 
this problem, so any additional feedback would be appreciated.

If you run the Stork server as a systemD service, you can check the 
detailed logs by calling `journalctl -u isc-stork-server` command.

Regards,
Slawek Figiel

On 28/10/2024 17:54, Donald Birtch wrote:
> Hi All,
> 
>    I have been stumped with getting the Stork Server LDAP hook working.  
> Maybe someone can see a glaring issue with my configuration or have some 
> additional things to troubleshoot the issue.  I see no logs relating to 
> LDAP.  Here are the installed packages:
> 
> hi  isc-stork-server                       
> 1.19.0.240927162608                     amd64        ISC Stork Server
> 
> hi  isc-stork-server-hook-ldap             
> 1.19.0.240927162031                     amd64        ISC Stork server 
> ldap hook
> 
> The LDAP hook appears to be loaded:
> 
> # lsof -p $(pgrep stork-server) | grep stork-server-ldap.so
> 
> stork-ser 409743 stork-server  mem       REG              253,0 12268368 
> 16789136 /usr/lib/stork-server/hooks/stork-server-ldap.so
> 
> Here are the server.env entries that I added based on the “stork-server 
> –help” output:
> 
> STORK_SERVER_HOOK_LDAP_URL=ldaps://ldap-server
> 
> STORK_SERVER_HOOK_LDAP_SKIP_SERVER_TLS_VERIFICATION=true
> 
> STORK_SERVER_HOOK_LDAP_BIND_USERDN=uid=username,ou=users,dc=server,dc=local
> 
> STORK_SERVER_HOOK_LDAP_BIND_PASSWORD=password123
> 
> STORK_SERVER_HOOK_LDAP_ROOT=dc=server,dc=local
> 
> STORK_SERVER_HOOK_LDAP_DEBUG=true
> 
> STORK_SERVER_HOOK_LDAP_MAP_GROUPS=true
> 
> STORK_SERVER_HOOK_LDAP_GROUP_ALLOW=admins
> 
> STORK_SERVER_HOOK_LDAP_GROUP_ADMIN=admins
> 
> STORK_SERVER_HOOK_LDAP_GROUP_SUPER_ADMIN=admins
> 
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_USER=inetOrgPerson
> 
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_USER_ID=uid
> 
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_USER_EMAIL=mail
> 
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_USER_LAST_NAME=sn
> 
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_USER_FIRST_NAME=displayName
> 
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_GROUP=posixGroup
> 
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_GROUP_COMMON_NAME=cn
> 
> STORK_SERVER_HOOK_LDAP_OBJECT_CLASS_GROUP_MEMBER=memberUid
> 
> Any help is appreciated.
> 
> Cheers,
> 
> Don
> 
> 
> ------------------------------------------------------------------------
> 
> This e-mail may contain confidential, personal and/or health 
> information(information which may be subject to legal restrictions on 
> use, retention and/or disclosure) for the sole use of the intended 
> recipient. Any review or distribution by anyone other than the person 
> for whom it was originally intended is strictly prohibited. If you have 
> received this e-mail in error, please contact the sender and delete all 
> copies.
> 



More information about the Stork-users mailing list