Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenLDAP Pass-through Authentication #76824

Open
deeztek opened this issue Jan 31, 2025 · 2 comments
Open

OpenLDAP Pass-through Authentication #76824

deeztek opened this issue Jan 31, 2025 · 2 comments
Assignees
@carrodher
Labels
openldap tech-issues The user has a technical issue about an application triage Triage is needed

Comments

@deeztek
Copy link

deeztek commented Jan 31, 2025
edited by carrodher
Loading

Name and Version

bitnami/openldap:2.6

What architecture are you using?

amd64

What steps will reproduce the bug?

Using the following docker-compose.yml file:

services:
  openldap:
    image: bitnami/openldap:latest
    ports:
      - '1389:1389'
      - '1636:1636'
    environment:
      - LDAP_ROOT=dc=domain,dc=local
      - LDAP_ADMIN_USERNAME=${LDAP_ADMIN_USERNAME}
      - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
      - LDAP_USERS=${LDAP_USERS}
      - LDAP_PASSWORDS=${LDAP_PASSWORDS}
       - LDAP_EXTRA_SCHEMAS=cosine,inetorgperson,nis,argon2
      - BITNAMI_DEBUG=true
    volumes:
      - openldap_data:/bitnami/openldap
      - ../config/openldap/custom/schema/argon2.ldif:/opt/bitnami/openldap/etc/schema/argon2.ldif
      - ../config/openldap/sasl/slapd.conf:/usr/lib/sasl2/slapd.conf
      - ../config/openldap/sasl/saslauthd.conf:/etc/saslauthd.conf

volumes:
  openldap_data:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /mnt/data/openldap

The contents of slapd.conf are as follows:

mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /var/run/sasl2/mux

The contents of saslauthd.conf are as follows:

ldap_servers: ldap://192.168.xxx.xxx.xxx
ldap_search_base: OU=Users,DC=domain,DC=tld
ldap_filter: (uid=%u)

ldap_bind_dn: CN=saslauthd,CN=Users,DC=domain,DC=tld
ldap_password: somepassword

Added a user that already exists in domain.tld in openldap with the following password:

{SASL}[email protected]

What is the expected behavior?

I expect a successful authentication to domain.tld

What do you see instead?

Instead I get the following error:

hermes_openldap_app  | 679ceede.3aa31e0a 0x7f2ff617e6c0 conn=1004 op=1 SRCH attr=uid mail displayName
hermes_openldap_app  | 679ceede.3aa4b816 0x7f2ff617e6c0 conn=1004 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000019 etime=0.000172 nentries=1 text=
hermes_openldap_app  | 679ceede.3aaafd88 0x7f2ff597d6c0 conn=1005 fd=14 ACCEPT from IP=172.16.32.1:47082 (IP=0.0.0.0:1389)
hermes_openldap_app  | 679ceede.3aab8f34 0x7f2ff597d6c0 conn=1005 op=0 BIND dn="[email protected],ou=users,dc=domain,dc=local" method=128
hermes_openldap_app  | 679ceede.3aac9267 0x7f2ff597d6c0 SASL [conn=1005] Failure: cannot connect to saslauthd server: No such file or directory
hermes_openldap_app  | 679ceede.3aad25b9 0x7f2ff597d6c0 conn=1005 op=0 RESULT tag=97 err=49 qtime=0.000005 etime=0.000120 text=
hermes_openldap_app  | 679ceede.3ab0191f 0x7f2ff617e6c0 conn=1005 fd=14 closed (connection lost)
hermes_openldap_app  | 679ceede.3ab3d76a 0x7f2ff597d6c0 conn=1004 fd=13 closed (connection lost)

Additional information

I'm guessing the paths to slapd.conf and saslauthd.conf are probably wrong. I got the config from the openldap admin documentation (https://www.openldap.org/doc/admin26/guide.html#Pass-Through%20authentication), however there is no clear guidance on how to accomplish that with the bitnami openldap container. I would appreciate some help on this.

thanks a lot
@deeztek deeztek added the tech-issues The user has a technical issue about an application label Jan 31, 2025
@github-actions github-actions bot added the triage Triage is needed label Jan 31, 2025
@carrodher
Copy link
Member

Hi, the issue may not be directly related to the Bitnami container image, but rather to how the application is being utilized, configured in your specific environment, or tied to a particular scenario that is not easy to reproduce on our side.

If you think that's not the case and would like to contribute a solution, we'd like to invite you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Please feel free to contact us if you have any questions or need assistance.

If you have any questions regarding the application, customizing its content, or utilizing technology and infrastructure, we strongly recommend that you consult the forums and user guides provided by the project responsible for the application or technology.

With that said, we'll keep this ticket open until the stale bot automatically closes it, in case someone from the community contributes valuable insights.

@deeztek
Copy link
Author

deeztek commented Feb 16, 2025

As far as I can tell, saslauthd does not seem to exist in the bitnami openldap container which is required in order to use pass-through authentication. Could someone point me in the right direction on how I could enable that.

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carrodher carrodher

Labels
openldap tech-issues The user has a technical issue about an application triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@carrodher @deeztek