Unable to integrate chef server 12 to ActiveDirectory

Hello Chef,

I am trying to Integrate AD to enterprise Chef Server 12.3.1 but it is not working. I get different errors with changing ports or encryption values. Below are listed errors I see -

I created /etc/opscode/chef-server.rb Added following lines in file -

ldap[‘host’] = '<HOST_IP>'
ldap[‘port’] = '636’
ldap[‘bind_dn’] = 'bind_user_name’
ldap[‘bind_password’] = ‘XXXXXX’
ldap[‘base_dn’] = 'OU=ADUsers,OU=DEV,DC=dev-example,DC=local’
ldap[‘login_attribute’] = ‘sAMAccountName’
#ldap[‘ssl_enabled’] = true
#ldap[‘tls_enabled’] = ‘false’
#ldap[‘system_adjective’] = ‘LDAP’

chef-server-ctl reconfigure && chef-manage-ctl reconfigure

With port 389 without encryption or port 636 with (tried both ssl_enabled set to false or true ). I get this error -

Could not bind as [100,101,118,45,100,105,115,99,111,118,101,114,121,127,101,118,45,114,97,120,116,105,101,114,49,45,50], please check private-chef.rb for correct bind_dn, bind_password, host, port and encrpytion values. Error: invalidCredentials

With port 636 and tls_enabled set to true or false, i get this error -

“[error] start_tls on ldap session failed during upgrade phase: {gen_tcp_error,closed}”

I can confirm that credentials and connection over both 636 and 389 works with ldapsearch, also verified integrating rundeck with my ldap.

What i am missing here? Any suggestions.

In one of topics listed in this discourse, i noticed chef staff mentioned it is broken in version 12 RC4 but that post is from 2014. Is it still an open issue ?


I was able to resolve this issue on my end.

Unlike other LDAP clients which worked with bind_user name, for chef server I had to explicitly give full DN.

ldap[‘host’] = ''
ldap[‘port’] = '636’
ldap[‘bind_dn’] = 'cn=bind_user_name,DC=dev-example, dc = local’
ldap[‘bind_password’] = ‘XXXXXX’
ldap[‘base_dn’] = 'OU=ADUsers,OU=DEV,DC=dev-example,DC=local’
ldap[‘login_attribute’] = ‘sAMAccountName’