search

rackslab / Slurm-web

Open source web dashboard for Slurm HPC clusters
https://slurm-web.com
GNU General Public License v3.0
340 stars 97 forks source link

Ldap Issue #305

Closed hpc-tau closed 5 months ago

hpc-tau commented 5 months ago

def login(self, user: str, password: str) -> AuthenticatedUser: """Verify provided user/password are valid and return the corresponding AuthenticatedUser. Raise LDAPAuthenticationError if restricted groups are set and the user in not member of any of these groups.""" fullname = None groups = None connection = self.connection() if user is None or password is None: raise LDAPAuthenticationError("Invalid authentication request") try:

Try simple authentication with user/password on LDAP directory

       user_dn = f"cn={user},{self.user_base}"
       #user_dn = f"uid={user},{self.user_base}"

in the file: /usr/lib/python3.9/site-packages/rfl/authentication/ldap.py I changed from uid= to cn= and now I am able to login 🙂 on line 214 Maybe add a try/except block?

rezib commented 5 months ago

Hello @hpc-tau,

Thank you for reporting! I must say I am surprised, I have never seen LDAP directory where user logins are stored within cn attribute. I am feeling curious here, do you know the implementation of this LDAP server? Is it Active Directory?

rezib commented 5 months ago

Hello @hpc-tau,

With the upcoming release v3.1.0, you will be able to setup user_name_attribute=cn in [ldap] section of /etc/slurm-web/gateway.ini.

rezib commented 4 months ago

@hpc-tau, Slurm-web v3.1.0 is now available (https://github.com/rackslab/Slurm-web/discussions/311), can you try it fixes your issue?

rseaman2016 commented 3 months ago

Hi @rezib. I can put this in a new issue if you'd like. I'm working on configuring slurm-web in a multi-cluster setup and have set sAMAccountName as the user_name_attribute in the gateway.ini file for use against Active Directory. However, ldap.py in the RFL package does not seem to respect that custom setting (setting it statically in ldap.py works)

My gateway.ini file (Internal information hidden):

[ui]
host=slurm-web.companydomain.org
enabled=True

[agents]
url=
  https://slurmwebagent.companydomain.org/agent

[authentication]
enabled=true
method=ldap

[ldap]
uri=ldaps://fqdn:636
cacert=/etc/ssl/certs/ca.cer
user_base=OU=Enterprise,DC=redacted,DC=redacted,DC=org
group_base=DC=redacted,DC=redacted,DC=org
user_class=person
user_name_attribute=sAMAccountName
group_name_attribute=cn
bind_dn=CN=svc_slurmweb,OU=Service Accounts,OU=Enterprise,DC=redacted,DC=redacted,DC=org
bind_password=redacted

The error I receive when I run slurm-web-ldap-check --debug --debug-flags rfl is [ERROR] ⸬slurmweb.apps.ldap:45 ↦ LDAP error: Unable to extract user uid from user entries

Thanks!

rezib commented 3 months ago

Hi @rezib. I can put this in a new issue if you'd like.

Yes please! This one is closed but something has been done. Maybe your issue needs something else to be done.