Results 1 to 8 of 8

Thread: LDAP simple auth agains replica

Threaded View

  1. #1
    Join Date
    Nov 2016

    LDAP simple auth agains replica

    I just set up a read-write replica and I cannot remember if I need to do some actions to make users be able to authenticate via LDAP simple authentication to the replica. At it's default state it does not. It only simple-LDAP-authenticates admin user but not normal users. I've set up certificates, got a connection to ports 389 and 636 and I am able to successfully LDAP authenticate with admin.

    Using openldap ldapsearch LDAP simple authentication works with admin user:
    ldapsearch -x -Z -H ldap://hostname -D cn=admin,xxx -W -s sub -b o=xxx 'cn=testlogin' cn

    But non-admin user results in success only with the master replica but does not succeed with read-write replica:
    ldapsearch -x -Z -H ldap://hostname -D cn=testlogin,ou=xxx,ou=xxx,ou=xxx,o=xxx -W -s sub -b o=xxx 'cn=testlogin' cn

    Ndstrace from the read-write replica tells me that it really is wrong password:
    Bind name:cn=testlogin,ou=xxxf,ou=xxx,ou=xxx,o=xxx, version:3, authentication:simple
    Failed to authenticate local on connection 0xe5c5180, err = failed authentication (-669)
    Sending operation result 49:"":"NDS error: failed authentication (-669)" to connection 0xe5c5180
    Monitor 0x5ed3c700 found connection 0xe5c5180 ending TLS session
    DoUnbind on connection 0xe5c5180
    Preempting operation 0x0:0x0 on connection 0xe5c5180 before processing because connection is closing
    Connection 0xe5c5180 closed

    The object does exist in the replica when querying it with admin user.
    Last edited by kuronen; 18-Sep-2018 at 09:25 AM.
    Pekka Kuronen / pegasi.fi

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts