Chef Server/Manage external LDAP Auth?

Using the instructions here

I created a file: /opt/opscode/chef-server.rb
With the following config

ldap['base_dn'] = 'ou=Users,o=UNIQUE,dc=DOMAIN,dc=com'
ldap['bind_dn'] = 'uid=ldap.bind,ou=Users,o=UNIQUE,dc=DOMAIN,dc=com'
ldap['bind_password'] = 'PASSWORD'
ldap['group_dn'] = 'cn=CHEF_ldap,ou=Users,o=UNIQUE,dc=DOMAIN,dc=com'
ldap['host'] = ''
ldap['login_attribute'] = 'uid'
ldap['port'] = '636'

I tested AuthN to Chef Manage WebUI while running tcpdump and no traffic/LDAP attempts even made - I have no clue since the logs dont provide much

I also tested using ldapsearch locally and it does work

Running the following

  • chef-server 12.5.0
  • chef-manage 2.2.1

ANy thoughts | directions?

1 Like


  • Just to make sure, you did run: chef-server-ctl reconfigure and chef-manage-server reconfigure after you modified the chef-server.rb correct? Did you get any errors from either run?

  • Did you tail the logs from erlang, if so what do they say while you’re attempting to login? if so what did they say?
    chef-server-ctl tail opscode-erchef*

  • Since you are setting port 636 for LDAPS, did you set ssl or tls ?

  • Have you tried to set the port to 389 ?

  • Does your ldapsearch query look like this?

ldapsearch -H ldap:// -b 'ou=Users,o=UNIQUE,dc=DOMAIN,dc=com' -D 'uid=ldap.bind,ou=Users,o=UNIQUE,dc=DOMAIN,dc=com' -W '(uid=ldap.bind)'
  • Have you tried using 'sAMAccountName' instead of 'uid' ?

I screwed up -> I created a file: /opt/opscode/chef-server.rb

I put the config in /etc/opscode/chef-server.rb and all worky - thank you for the reply