search

mumble-voip / mumble-scripts

Mumble scripts is a place for gathering various scripts written for the Mumble VoIP application.
https://www.mumble.info
48 stars 31 forks source link

Simple example of how to use the LDAP authenticator #19

Closed theodotos closed 5 years ago

theodotos commented 6 years ago

Hi,

I have been looking for an example on how to set the LDAP authenticator. I have setup the LDAPauth.ini and run the LDAPauth.py script. It starts a daemon at port 36655:

root@mumble:~# ss -lnptu | grep python
tcp    LISTEN     0      128            127.0.0.1:36655                 *:*      users:(("python",pid=20977,fd=7))

How can I tell the mumble server to authenticate against this?

Am I missing something very obvious? I couldn't find any documentation on how to do that.

Kissaki commented 5 years ago

Hey, sorry for the late reply.

The authenticator connects to the Mumble server via Ice. Make sure ice is running in your Mumble server configuration file. In the LDAP authenticator configuration file see the [ice] section - this configures the Ice endpoint of the Mumble server to connect to.

theodotos commented 5 years ago

@Kissaki thanks for the info. I've figured it out eventually :)

I've prepared a simple guide on how to set LDAP auth for the mumble server. HTH.

Enable LDAP authentication for the Mumble Server

In this guide we explain how to setup LDAP authentication for murmurd (aka mumble-server).

Prerequisites

ice="tcp -h 127.0.0.1 -p 6502"
icesecretread=MySecretIcePass
icesecretwrite=MySecretIcePass
$ ldapsearch -ZZ -x -H ldap://ldap.example.com -D "cn=mumble,ou=dsa,dc=example,dc=com" -b ou=people,dc=example,dc=com -W -s sub '(uid=myusername)' -LLL
Enter LDAP Password: 
dn: uid=myusername,ou=people,dc=example,dc=com
cn: User Name
sn: Name
givenName: User
uid: myusername
displayName: User Name
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
mail: myusername@example.com
roomNumber: 111
userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=

Setting up a unique roomNumber is important since this is the field we are using for uniqueness in Mumble.

Get the LDAP Authenticator

# curl -s -OL https://raw.githubusercontent.com/mumble-voip/mumble-scripts/master/Authenticators/LDAP/LDAPauth.py
# curl -s -OL https://raw.githubusercontent.com/mumble-voip/mumble-scripts/master/Authenticators/LDAP/LDAPauth.ini

Install the Authenticator

# cp LDAPauth.py /usr/local/sbin/
# chmod +x /usr/local/sbin/LDAPauth.py
# mkdir /etc/mumble-scripts
# cp LDAPauth.ini /etc/mumble-scripts
[user]
id_offset       = 1000000000
reject_on_error = True
reject_on_miss  = True

[ice]
host            = 127.0.0.1
port            = 6502
slice           = /usr/share/slice/Murmur.ice
secret          = MySecretIcePass
watchdog        = 30

[ldap]
bind_dn = cn=mumble,ou=dsa,dc=example,dc=com
bind_pass = MySecretLDAPPass
ldap_uri = ldaps://ldap.example.com
users_dn = ou=people,dc=example,dc=com
discover_dn = false
username_attr = uid
number_attr = roomNumber
display_attr = cn
group_cn = cn=all,ou=groups,dc=example,dc=com
group_attr = member
provide_info = True
mail_attr = mail
provide_users = True

[murmur]
servers      = 

[log]
level   =
file    = /var/log/mumble-server/LDAPauth.log

[iceraw]
Ice.ThreadPool.Server.Size = 5

Start LDAPAuth.py as a systemd service

[Unit]
Description=LDAP Authentication Service for Mumble Server
Documentation=https://github.com/mumble-voip/mumble-scripts/issues/19
After=network.target mumble-server.service

[Service]
Type=simple
User=mumble-server
Group=mumble-server
WorkingDirectory=/etc/mumble-scripts
ExecStart=/usr/local/sbin/LDAPauth.py
StandardOutput=syslog
StandardError=syslog

[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl enable mumble-ldapauth.service
# systemctl start mumble-ldapauth.service
# systemctl status mumble-ldapauth.service 
* mumble-ldapauth.service - LDAP Authentication Service for Mumble Server
   Loaded: loaded (/etc/systemd/system/mumble-ldapauth.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-09-01 00:29:50 PDT; 3s ago
     Docs: https://github.com/mumble-voip/mumble-scripts/issues/19
 Main PID: 2544 (python)
    Tasks: 12 (limit: 4915)
   Memory: 44.4M
   CGroup: /system.slice/mumble-ldapauth.service
           `-2544 python /usr/local/sbin/LDAPauth.py

Sep 01 00:29:50 chat systemd[1]: Started LDAP Authentication Service for Mumble Server.
# systemctl restart mumble-server.service mumble-ldapauth.service

Connect to mumble

Use these client settings:

References:

Kissaki commented 5 years ago

@theodotos Would you be willing to add this guide to our documentation wiki?

Or would you mind me copying it there (with attribution)?

theodotos commented 5 years ago

@Kissaki grandly :).

The wiki here seems empty. Do you have another wiki?

Kissaki commented 5 years ago

I don’t think the one on this repository should be enabled. :) I disabled it.

Our documentation wiki is at https://wiki.mumble.info/wiki/Main_Page

You will have to create an account though I have to approve manually.

I would create https://wiki.mumble.info/index.php?search=How+to+set+up+an+LDAP+authenticator&title=Special%3ASearch&go=Go

and we can link it from https://wiki.mumble.info/wiki/3rd_Party_Applications#Authenticators

theodotos commented 5 years ago

@Kissaki Ready:

https://wiki.mumble.info/wiki/How_to_set_up_an_LDAP_authenticator

Kissaki commented 5 years ago

Thank you 👍

AlGillet commented 4 years ago

Hello @theodotos and @Kissaki

Thank you for the clear documentaion on the Wiki. I have follwed this documentation, but when i tried to start "mumble-ldapauth.service" i have faced this error :

I just changed the user and group to "root" in the file "mumble-ldapauth.serrvice". Because i d'ont have the "mumble-server" user. I aleready tried with my murmur service user, but same result.

Have you any idea of what happened ? and maybe an idea to solve this issue ?

Thank You

Alexis

theodotos commented 4 years ago

@AlGillet can you paste the output of journalctl -xe -u mumble-ldapauth.service somewhere?

AlGillet commented 4 years ago

@theodotos

Here is the output : log.txt

Edit : we are using Centos 7.2.1511 (core)

Thank you for your reactivity

Alexis

theodotos commented 4 years ago

@AlGillet it doesn't say much. Can you try running /usr/local/sbin/LDAPauth.py on you terminal and show us the output?

AlGillet commented 4 years ago

@theodotos

here is the result of the command, but i have to add "python" to laucnh the script :

[root@HOST ~]# python /usr/local/sbin/LDAPauth.py Traceback (most recent call last): File "/usr/local/sbin/LDAPauth.py", line 106, in import ldap ImportError: No module named ldap

theodotos commented 4 years ago

@AlGillet so you have two problems. First you need to make that script executable:

chmod +x /usr/local/sbin/LDAPauth.py

And then you need to install the python ldap module and whatever other modules necessary for the the script to run without errors. Then try to restart the mumble-ldapauth service.

fresnohernandez99 commented 3 years ago

@theodotos i have the same issues. How to install the necessary python modules

Krzmbrzl commented 3 years ago

Without actually knowing, I would expect something like pip3 install ldap to work

fresnohernandez99 commented 3 years ago

Thanks you that works @Krzmbrzl