Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Supported by

JATOS and LDAP

I'm the sysadmin for a university Psychology Department, and I've been asked to bring a JATOS server online. Of course, I want to tie it into the university's LDAP environment. In line with the documentation, I've configured it appropriately

# LDAP authentication
# ~~~~~~~~~~~~~~~~~~~
# LDAP url. Leave empty if you have no authentication via LDAP (default is "").
jatos.user.authentication.ldap.url = "ldaps://ldap.example.edu:636"

# LDAP base domain name. Leave empty if you have no authentication via LDAP (default is "").
jatos.user.authentication.ldap.basedn = "dc=example,dc=edu"

# Time to wait for a response from LDAP server (default 5000)
#jatos.user.authentication.ldap.timeout = 10000

...and it doesn't work. Here are my questions:

  • Is there some sort of log of LDAP activity so I can see what happens?
  • I have disabled SELinux, so that's not the problem.
  • Every other LDAP-supporting application I use wants a binding username and password and which attribute to use (uid in this example).

So...am I missing something?

Thanks!

Comments

  • Hi,

    First, two important things:

    - keep in mind that JATOS supports LDAP only minimally at the moment. For example, users have to be created by hand in JATOS, and only then they can access it with their LDAP credentials. We intend to extend all this in the future.

    -we're working on a bug fix and will release an update in the next few days (it's basically done). It really would make sense to wait and configure LDAP with the next release. (We can let you know when).

    On to your problem: The university that we implemented LDAP for had theirs restricted to their internal network. There, a 'public' directory was not a problem. Currently it does not need a binding admin account to look up users - instead it assumes the directory is 'public'.

    Does this help? Let us know if it doesn't

    Elisa

  • I'm in a similar situation - I'd like to integrate with LDAP, and have configured it correctly as far as I can see, and disabled SELinux, but can't log in.

    Is there a way to get more verbose logging?

    Thanks!

  • Sorry, there is only one logging mode. What does your application.log say?

    Buy Me A Coffee

  • c.g.Authentication - Authentication failed: remote address x.x.x.x failed for username xxxxx

  • I hoped for some connection error. But that is just the error that gets logged if the authentication failed, e.g. username or password were incorrect.

    In your original message you wrote 'disabled SELinux' - can you elaborate on this? I'm not familiar with SELinux.

    Does your LDAP needs a 'binding' admin account? Because JATOS doesn't (yet) support this type of LDAP authentication - it just assumes the directory is public.

    Buy Me A Coffee

  • SELinux is "Security Enhanced Linux", which uses configurable policies to allow or deny permission for certain things - e.g. writing to the filesystem or connecting to or listening on sockets - at the system level. By default (in my experience), very little that could be remotely dangerous is allowed by default and installation of applications often requires manually tweaking the policies to get things working.

    For troubleshooting, it's possible to just disable the whole thing (temporarily or permanently), which is what I've tried doing - I thought maybe the SELinux policy was preventing JATOS from connecting an outbound socket to the LDAP server. Disabling made no difference, so SELinux isn't the source of my problem.

    For other webapps I've set up, binding with a known account is used, although ITS is telling me that direct authentication with the given username/password should work.

    Does JATOS make any assumptions about the schema of the LDAP server?

    Also, could you point me at the code where LDAP authentication is happening? I might be able to figure out a way to manually simulate how it's interactive with our infrastructure for troubleshooting purposes.

    (caveat: I'm not an expert on SELinux, nor LDAP!)

  • An update: It turns out our LDAP endpoint is backed by Active Directory. I'm not sure how this interacts with this GitHub issue: https://github.com/JATOS/JATOS/issues/219

    However, I've been given an alternative LDAP configuration to use which is backed by OpenLDAP, and now authentication works, and I don't need further help here, thanks!

  • Nice! Hm, I'm not an LDAP expert but I thought active directory and LDAP are somehow compatible.

    Buy Me A Coffee

Sign In or Register to comment.

agen judi bola , sportbook, casino, togel, number game, singapore, tangkas, basket, slot, poker, dominoqq, agen bola. Semua permainan bisa dimainkan hanya dengan 1 ID. minimal deposit 50.000 ,- bonus cashback hingga 10% , diskon togel hingga 66% bisa bermain di android dan IOS kapanpun dan dimana pun. poker , bandarq , aduq, domino qq , dominobet. Semua permainan bisa dimainkan hanya dengan 1 ID. minimal deposit 10.000 ,- bonus turnover 0.5% dan bonus referral 20%. Bonus - bonus yang dihadirkan bisa terbilang cukup tinggi dan memuaskan, anda hanya perlu memasang pada situs yang memberikan bursa pasaran terbaik yaitu http://45.77.173.118/ Bola168. Situs penyedia segala jenis permainan poker online kini semakin banyak ditemukan di Internet, salah satunya TahunQQ merupakan situs Agen Judi Domino66 Dan BandarQ Terpercaya yang mampu memberikan banyak provit bagi bettornya. Permainan Yang Di Sediakan Dewi365 Juga sangat banyak Dan menarik dan Peluang untuk memenangkan Taruhan Judi online ini juga sangat mudah . Mainkan Segera Taruhan Sportbook anda bersama Agen Judi Bola Bersama Dewi365 Kemenangan Anda Berapa pun akan Terbayarkan. Tersedia 9 macam permainan seru yang bisa kamu mainkan hanya di dalam 1 ID saja. Permainan seru yang tersedia seperti Poker, Domino QQ Dan juga BandarQ Online. Semuanya tersedia lengkap hanya di ABGQQ. Situs ABGQQ sangat mudah dimenangkan, kamu juga akan mendapatkan mega bonus dan setiap pemain berhak mendapatkan cashback mingguan. ABGQQ juga telah diakui sebagai Bandar Domino Online yang menjamin sistem FAIR PLAY disetiap permainan yang bisa dimainkan dengan deposit minimal hanya Rp.25.000. DEWI365 adalah Bandar Judi Bola Terpercaya & resmi dan terpercaya di indonesia. Situs judi bola ini menyediakan fasilitas bagi anda untuk dapat bermain memainkan permainan judi bola. Didalam situs ini memiliki berbagai permainan taruhan bola terlengkap seperti Sbobet, yang membuat DEWI365 menjadi situs judi bola terbaik dan terpercaya di Indonesia. Tentunya sebagai situs yang bertugas sebagai Bandar Poker Online pastinya akan berusaha untuk menjaga semua informasi dan keamanan yang terdapat di POKERQQ13. Kotakqq adalah situs Judi Poker Online Terpercayayang menyediakan 9 jenis permainan sakong online, dominoqq, domino99, bandarq, bandar ceme, aduq, poker online, bandar poker, balak66, perang baccarat, dan capsa susun. Dengan minimal deposit withdraw 15.000 Anda sudah bisa memainkan semua permaina pkv games di situs kami. Jackpot besar,Win rate tinggi, Fair play, PKV Games