Open jay-va opened 10 months ago
I'm looking into this...
OK "work for me" but with enormous caveats: I believe that you may have been misled (most likely by ourselves!) and that's why you were getting in trouble.
For instance, recently we made a change renaming 'groups' to 'ldapgroups' -- I included a table name migration in there but did not have the time to update the documentation accordingly so it's likely that your insert statements partially failed.
Here is whhat the latest (trunk) version works with:
INSERT INTO ldapgroups(name, gidnumber)
VALUES('superheros', 5501);
INSERT INTO ldapgroups(name, gidnumber)
VALUES('svcaccts', 5502);
INSERT INTO ldapgroups(name, gidnumber)
VALUES('civilians', 5503);
INSERT INTO ldapgroups(name, gidnumber)
VALUES('caped', 5504);
INSERT INTO ldapgroups(name, gidnumber)
VALUES('lovesailing', 5505);
INSERT INTO ldapgroups(name, gidnumber)
VALUES('smoker', 5506);
INSERT INTO includegroups(parentgroupid, includegroupid)
VALUES(5503, 5501);
INSERT INTO includegroups(parentgroupid, includegroupid)
VALUES(5504, 5502);
INSERT INTO includegroups(parentgroupid, includegroupid)
VALUES(5504, 5501);
INSERT INTO users(name, uidnumber, primarygroup, passsha256)
VALUES('hackers', 5001, 5501,
'6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a');
INSERT INTO users(name, uidnumber, primarygroup, passsha256)
VALUES('johndoe', 5002, 5502,
'6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a');
INSERT INTO users(name, mail, uidnumber, primarygroup, passsha256)
VALUES('serviceuser', "serviceuser@example.com", 5003, 5502,
'652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0');
INSERT INTO users(name, uidnumber, primarygroup, passsha256, othergroups)
VALUES('user4', 5004, 5504,
'652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0',
'5505,5506');
INSERT INTO capabilities(userid, action, object)
VALUES(5001, "search", "ou=superheros,dc=glauth,dc=com");
INSERT INTO capabilities(userid, action, object)
VALUES(5003, "search", "*");
I had already discovered this before I submitted my post. I grep'd for insert statements in the golang executable release and found that the "groups" table gets renamed to "ldapgroups". So I had the correct database tables and columns in by sql DB. Just to make sure I blew everything away and re-created the database, and used the insert statements you listed above. Unfortunately, I still get the "user not found username=serviceuser" error along with "ldap_bind: Invalid credentials (49)". It must be something else on my end, since you were able to get it to work with the same database setup.
I've been pounding my head in the wall trying to run the latest version of glauth (2.3) with a sqlite3 backend using the latest glauth-sqlite plugin "sqlite-darwin-arm64.so". Not sure what I'm doing wrong. I am having a problem trying to run the sample ldapsearch:
ldapsearch -LLL -H ldap://localhost:3893 -D cn=serviceuser,ou=svcaccts,dc=glauth,dc=com -w mysecret -x -bdc=glauth,dc=com cn=hackers
This returns the error:
ldap_bind: Invalid credentials (49)
The log in the glauth server window returns the following:
I am running on a MacBook Pro (Ventura 13.6.3) with the following setup:
config.cfg
file:My sqlite DB has been populated with the example entries from glauth as follows:
Just for giggles, I changed one line in my config to use the file instead of the DB as such (WITHOUT the arrow obviously): FROM:
TO:
As expected, I received all the correct user info ldap query and the following log entry in the glauth server window:
I then commented out the serviceuser users entry in the config file like so:
and received the identical response I posted at the top of this issue,
ldap_bind: Invalid credentials (49)
. While I'm not sure what's going on, it is behaving as if the serviceuser entry is not even in the database when I do the search with the sqlite plugin module. I'm not sure what I may be missing or have possibly mis-configured.Any help would be appreciated. Thank you in advance!