Closed AdrianDutu closed 4 years ago
Did anything change regarding the way authentication works? As mentioned a previous version works and also if I run ldapsearch on the host machine I get back results:
ldapsearch -b "dc=bwin,dc=adam" -D "CN=s.a.awx,OU=users,DC=bwin,DC=adam" -H ldaps://xxx.xxx.com -W '(memberOf=CN=awx.access,OU=groups,DC=bwin,DC=adam)'
If I run the same command in the awx_web container, with debug on, I get:
attempting to connect: connect success TLS trace: SSL_connect:before SSL initialization TLS trace: SSL_connect:SSLv3/TLS write client hello TLS trace: SSL_connect:SSLv3/TLS write client hello TLS trace: SSL_connect:SSLv3/TLS read server hello TLS certificate verification: depth: 2, err: 19, subject: /CN=ATVA0WIPKI001-Root, issuer: /CN=ATVA0WIPKI001-Root TLS certificate verification: Error, self signed certificate in certificate chain TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in error TLS: can't connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain). ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
I found the issue. The CentOS version changed from 7 to 8. Running update-ca-trust fixed the issue. @ryanpetrello maybe you can do something to run this in the installer playbook as cert auth will not work by default in awx.
ISSUE TYPE
SUMMARY
After upgrading from 6.1.0 to 9.0.1 the LDAP auth fails with the following error:
The same certificates I was using before are installed in /etc/pki/ca-trust/source/anchors. I am using the same LDAP config as before:
ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS
Login successful.
ACTUAL RESULTS
Certificate validation fails.
ADDITIONAL INFORMATION