search

DeviceFarmer / stf

Control and manage Android devices from your browser.
https://devicefarmer.github.io
Other
2.65k stars 423 forks source link

mac openstf and ldap auth fail (Authentication Failure for "test account") #743

Closed QA-Jihyun closed 5 months ago

QA-Jihyun commented 5 months ago

I'm trying to use stf on mac. I am using the following firmware for "stf-ldap" connection

rethinkdb --bind all
sudo /usr/libexec/slapd -h ldap://111.222.333.444 -d 50
sudo stf local --port 8100 --public-ip 111.222.333.444 --auth-type ldap --auth-options '["--ldap-url","ldap://111.222.333.444","--ldap-search-dn","dc=test,dc=com","--ldap-bind-dn","cn=admin,dc=test,dc=com","--ldap-bind-credentials","!@test34","--ldap-search-field","email","--ldap-username-field","email"]'

Afterwards, connect to stf in the browser. (111.222.333.444/auth/ldap)

username field = ldap email password = password of ldap user

ldap log

658b6e5f odusers_copy_krbrealm: No entry associated with KerberosKDC cn=kerberoskdc,cn=config,dc=test,dc=com
658b6e5f odusers_krb_auth: could not retrieve krb realm while authing younjihyun+email=test@test.co+sn=jihyun
  0000:  30 0c 02 01 03 61 07 0a  01 32 04 00 04 00         0....a...2....
ldap_write: want=14, written=14
  0000:  30 0c 02 01 03 61 07 0a  01 32 04 00 04 00         0....a...2....
ldap_read: want=8, got=7
  0000:  30 05 02 01 04 42 00                               0....B.
ber_dump: buf=0x600002124a40 ptr=0x600002124a40 end=0x600002124a45 len=5
  0000:  02 01 04 42 00                                     ...B.
ldap_read: want=8 error=Resource temporarily unavailable

stf log

WRN/auth-ldap 26828 [::1] Authentication failure for "test@test.com"

apache Directory Studio is I am connecting to DIT with bind DN >> cn=admin,dc=test,dc=scom and bindpassword, and DIT settings seem to be set up well.

Does anyone know why ldap login keeps failing?

4d1b4c366505fdd83d1c79bee6335f14 972bad8e5ea170040586b10b523708e9 a757197e3a1e46b5de3ffa21de09dc63

denis99999 commented 5 months ago

@QA-Jihyun ,

  1. You have to know that STF is not fully supported on Mac OS environment, you should prefer Linux one
  2. I don't know if you LDAP installation is correct, did you test it outside STF usage ?
  3. Try to remove --ldap-username-field option, put uid value in --ldap-search-field option, and grant your LDAP database schema, for information here is a template I use to add user in my LDAP database: 
    dn: cn=_USER_,dc=_XXX_,dc=_YYY_
uid: _USER_
sn: _USER_
mail: _EMAIL_
objectClass: inetOrgPerson
objectClass: top
userPassword: _PASSWORD_
QA-Jihyun commented 5 months ago

@QA-Jihyun ,

  1. You have to know that STF is not fully supported on Mac OS environment, you should prefer Linux one

  2. I don't know if you LDAP installation is correct, did you test it outside STF usage ?

  3. Try to remove --ldap-username-field option, put uid value in --ldap-search-field option, and grant your LDAP database schema, for information here is a template I use to add user in my LDAP database:


dn: cn=_USER_,dc=_XXX_,dc=_YYY_

uid: _USER_

sn: _USER_

mail: _EMAIL_

objectClass: inetOrgPerson

objectClass: top

userPassword: _PASSWORD_

I tried connecting to stf from outside. And even if you remove --ldap-username-field, the same error occurs. And the same error is occurring on the PC running stf.

denis99999 commented 5 months ago

I tried connecting to stf from outside

My question was: did you test your ldap database alone, without STF ?

Did you well replace email value by uid value in --ldap-search-field option ?

Did you well change your ldap database schema as specified (i.e. in particular objectClass: inetOrgPerson) ?

QA-Jihyun commented 5 months ago

I tried connecting to stf from outside

My question was: did you test your ldap database alone, without STF ?

Did you well replace email value by uid value in --ldap-search-field option ?

Did you well change your ldap database schema as specified (i.e. in particular objectClass: inetOrgPerson) ?

Searching ldap's DIT with ldapsearch succeeds. I also changed --ldap-search-field to uid, but stf login fails. Login fails even if you specify the ou=test group in the --ldap-search-dn option in the stf run options. I'm wondering if I need to set up the Kerberos realm on Mac, but I'm having trouble setting up Kerberos because I'm not familiar with the Mac environment.

If you ask chat gpt or google bard, they will tell you to set none in stf auth type, but there doesn't seem to be a none option.

Thank you for your interest in my question.

denis99999 commented 5 months ago

@QA-Jihyun , so what you can do if it works well with ldapsearch command is to take the provided filter and put it as value in the --ldap-search-filter option, here is an example: --ldap-search-filter "(&(objectClass=inetOrgPerson)(uid=*)(memberOf=cn=stf-users,ou=groups,dc=test,dc=org))" (e.g. filtering on a LDAP group)