Closed theodotos closed 5 years ago
Hey, sorry for the late reply.
The authenticator connects to the Mumble server via Ice. Make sure ice is running in your Mumble server configuration file. In the LDAP authenticator configuration file see the [ice]
section - this configures the Ice endpoint of the Mumble server to connect to.
@Kissaki thanks for the info. I've figured it out eventually :)
I've prepared a simple guide on how to set LDAP auth for the mumble server. HTH.
In this guide we explain how to setup LDAP authentication for murmurd (aka mumble-server).
ice="tcp -h 127.0.0.1 -p 6502"
icesecretread=MySecretIcePass
icesecretwrite=MySecretIcePass
$ ldapsearch -ZZ -x -H ldap://ldap.example.com -D "cn=mumble,ou=dsa,dc=example,dc=com" -b ou=people,dc=example,dc=com -W -s sub '(uid=myusername)' -LLL
Enter LDAP Password:
dn: uid=myusername,ou=people,dc=example,dc=com
cn: User Name
sn: Name
givenName: User
uid: myusername
displayName: User Name
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
mail: myusername@example.com
roomNumber: 111
userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
Setting up a unique roomNumber is important since this is the field we are using for uniqueness in Mumble.
# curl -s -OL https://raw.githubusercontent.com/mumble-voip/mumble-scripts/master/Authenticators/LDAP/LDAPauth.py
# curl -s -OL https://raw.githubusercontent.com/mumble-voip/mumble-scripts/master/Authenticators/LDAP/LDAPauth.ini
# cp LDAPauth.py /usr/local/sbin/
# chmod +x /usr/local/sbin/LDAPauth.py
# mkdir /etc/mumble-scripts
# cp LDAPauth.ini /etc/mumble-scripts
[user]
id_offset = 1000000000
reject_on_error = True
reject_on_miss = True
[ice]
host = 127.0.0.1
port = 6502
slice = /usr/share/slice/Murmur.ice
secret = MySecretIcePass
watchdog = 30
[ldap]
bind_dn = cn=mumble,ou=dsa,dc=example,dc=com
bind_pass = MySecretLDAPPass
ldap_uri = ldaps://ldap.example.com
users_dn = ou=people,dc=example,dc=com
discover_dn = false
username_attr = uid
number_attr = roomNumber
display_attr = cn
group_cn = cn=all,ou=groups,dc=example,dc=com
group_attr = member
provide_info = True
mail_attr = mail
provide_users = True
[murmur]
servers =
[log]
level =
file = /var/log/mumble-server/LDAPauth.log
[iceraw]
Ice.ThreadPool.Server.Size = 5
[Unit]
Description=LDAP Authentication Service for Mumble Server
Documentation=https://github.com/mumble-voip/mumble-scripts/issues/19
After=network.target mumble-server.service
[Service]
Type=simple
User=mumble-server
Group=mumble-server
WorkingDirectory=/etc/mumble-scripts
ExecStart=/usr/local/sbin/LDAPauth.py
StandardOutput=syslog
StandardError=syslog
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl enable mumble-ldapauth.service
# systemctl start mumble-ldapauth.service
# systemctl status mumble-ldapauth.service
* mumble-ldapauth.service - LDAP Authentication Service for Mumble Server
Loaded: loaded (/etc/systemd/system/mumble-ldapauth.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2019-09-01 00:29:50 PDT; 3s ago
Docs: https://github.com/mumble-voip/mumble-scripts/issues/19
Main PID: 2544 (python)
Tasks: 12 (limit: 4915)
Memory: 44.4M
CGroup: /system.slice/mumble-ldapauth.service
`-2544 python /usr/local/sbin/LDAPauth.py
Sep 01 00:29:50 chat systemd[1]: Started LDAP Authentication Service for Mumble Server.
# systemctl restart mumble-server.service mumble-ldapauth.service
Use these client settings:
@theodotos Would you be willing to add this guide to our documentation wiki?
Or would you mind me copying it there (with attribution)?
@Kissaki grandly :).
The wiki here seems empty. Do you have another wiki?
I don’t think the one on this repository should be enabled. :) I disabled it.
Our documentation wiki is at https://wiki.mumble.info/wiki/Main_Page
You will have to create an account though I have to approve manually.
I would create https://wiki.mumble.info/index.php?search=How+to+set+up+an+LDAP+authenticator&title=Special%3ASearch&go=Go
and we can link it from https://wiki.mumble.info/wiki/3rd_Party_Applications#Authenticators
Thank you 👍
Hello @theodotos and @Kissaki
Thank you for the clear documentaion on the Wiki. I have follwed this documentation, but when i tried to start "mumble-ldapauth.service" i have faced this error :
I just changed the user and group to "root" in the file "mumble-ldapauth.serrvice". Because i d'ont have the "mumble-server" user. I aleready tried with my murmur service user, but same result.
Have you any idea of what happened ? and maybe an idea to solve this issue ?
Thank You
Alexis
@AlGillet can you paste the output of journalctl -xe -u mumble-ldapauth.service
somewhere?
@theodotos
Here is the output : log.txt
Edit : we are using Centos 7.2.1511 (core)
Thank you for your reactivity
Alexis
@AlGillet it doesn't say much. Can you try running /usr/local/sbin/LDAPauth.py
on you terminal and show us the output?
@theodotos
here is the result of the command, but i have to add "python" to laucnh the script :
[root@HOST ~]# python /usr/local/sbin/LDAPauth.py
Traceback (most recent call last):
File "/usr/local/sbin/LDAPauth.py", line 106, in
@AlGillet so you have two problems. First you need to make that script executable:
chmod +x /usr/local/sbin/LDAPauth.py
And then you need to install the python ldap module and whatever other modules necessary for the the script to run without errors. Then try to restart the mumble-ldapauth
service.
@theodotos i have the same issues. How to install the necessary python modules
Without actually knowing, I would expect something like pip3 install ldap
to work
Thanks you that works @Krzmbrzl
Hi,
I have been looking for an example on how to set the LDAP authenticator. I have setup the LDAPauth.ini and run the LDAPauth.py script. It starts a daemon at port 36655:
How can I tell the mumble server to authenticate against this?
Am I missing something very obvious? I couldn't find any documentation on how to do that.