Using the instructions here https://docs.chef.io/server_ldap.html
I created a file: /opt/opscode/chef-server.rb
With the following config
ldap['base_dn'] = 'ou=Users,o=UNIQUE,dc=DOMAIN,dc=com'
ldap['bind_dn'] = 'uid=ldap.bind,ou=Users,o=UNIQUE,dc=DOMAIN,dc=com'
ldap['bind_password'] = 'PASSWORD'
ldap['group_dn'] = 'cn=CHEF_ldap,ou=Users,o=UNIQUE,dc=DOMAIN,dc=com'
ldap['host'] = 'ldap.DOMAIN.com'
ldap['login_attribute'] = 'uid'
ldap['port'] = '636'
I tested AuthN to Chef Manage WebUI while running tcpdump and no traffic/LDAP attempts even made - I have no clue since the logs dont provide much
I also tested using ldapsearch locally and it does work
Running the following
- chef-server 12.5.0
- chef-manage 2.2.1
ANy thoughts | directions?
1 Like
Christopher,
-
Just to make sure, you did run: chef-server-ctl reconfigure and chef-manage-server reconfigure after you modified the chef-server.rb correct? Did you get any errors from either run?
-
Did you tail the logs from erlang, if so what do they say while you’re attempting to login? if so what did they say?
chef-server-ctl tail opscode-erchef*
-
Since you are setting port 636 for LDAPS, did you set ssl or tls ?
-
Have you tried to set the port to 389 ?
-
Does your ldapsearch query look like this?
ldapsearch -H ldap://ldap.DOMAIN.com:636 -b 'ou=Users,o=UNIQUE,dc=DOMAIN,dc=com' -D 'uid=ldap.bind,ou=Users,o=UNIQUE,dc=DOMAIN,dc=com' -W '(uid=ldap.bind)'
- Have you tried using
'sAMAccountName' instead of 'uid' ?
I screwed up -> I created a file: /opt/opscode/chef-server.rb
I put the config in /etc/opscode/chef-server.rb and all worky - thank you for the reply