Hello together,
Since a couple of weeks, I tried to connect an OpenLDAP server with an iLO board, for an central authentication system. The LDAP server Runs with Open SuSe 10.3 on OpenLDAP 2.3.37 and is configured with PAM, so that a user registration works. My problem is the configuration of the directory settings of iLO. I try to describe my config of the LDAP Server and the problem which I have with the config.
In /etc/openldap/slap.conf, I included a schema called ilo.schema. The ilo.schema looks like:
attributetype (1.3.6.1.4.1.15959.9.1.1 NAME 'memberOf' DESC 'Group which user belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
objectclass (1.3.6.1.4.1.15959.9.2.1 NAME 'memberOf' SUP top AUXILIARY DESC 'Required by Integrated Lights-Out for OpenLDAP' MUST (memberOf))
objectclass (1.3.6.1.4.1.15959.9.2.2 NAME 'user' SUP top AUXILIARY DESC 'Required by Integrated Lights-Out for OpenLDAP')
A test user for the iLO, added on the LDAP like the following schema:
# Max, my-domain.de dn: uid = max, ou = Mitarbeiter, ou = users, dc = my-domain, dc = de cn: Max Doe givenName: Max SN: Foo gidNumber: 100 UID: Max uidNumber: 1003 userPassword: SSHA) (passwortmax homeDirectory: / home / max loginShell: / bin / bash Street: postalCode: l: ST: mail: max.mustermann@my-domain.de telephoneNumber: +49 shadowExpire: 14152 shadowInactive: 10 shadowLastChange: 14042 shadowMax: 14 shadowMin: 1 shadowWarning: 10 memberOf: cn = iloadmin, ou = groups, dc = my-domain, dc = de description: iLO users Max Mustermann objectClass: shadowAccount objectClass: person objectClass: inetOrgPerson objectClass: posixAccount objectClass: organizationalPerson objectClass: memberOf objectClass: user objectClass: top
the cn = iloadmin, ou = groups, dc = my-domain, dc = de look like:
dn: cn = iloadmin, ou = groups, dc = my-domain, dc = de cn: iloadmin objectClass: top objectClass: groupOfNames member: cn = Max Mustermann, ou = Mitarbeiter, ou = users, dc = my-domain, dc = de
The settings I config on iLO web interface as follows: Under Administration -> Directory Settings -> Use Directory DefaultSchema: running Directory Server Address: my-domain.de [or IP] Directory Server LDAP Port: 636 Directory User Context 1: ou = Mitarbeiter, ou = users, dc = my-domain, dc = de And under Administration Groups -> Select a group: Administrator -> View / Modify Security Group Distinguished Name: cn = iloadmin, ou = groups, dc = my-domain, dc = de Administer Group and Accounts, Console Remote Access, Virtual Power and Reset, Virtual Media undConfigure iLO settings are enabled.
If I had a test run, I get the following message: Overall status: Problem Detected Description Test status Ping Directory Server Passed Directory Server IP Address Not run Directory Server DNS name Passed Connect to Directory Server Passed Connect using SSL Passed Certificate of Directory Server Passed Bind to Directory Server Not run Directory administrator login Not Run User Authentication Failed User Authorization Not Run Directory User Context 1 Not run Directory User Not run Context 2 Directory User Context 3 Not run LOM exists Object Not Run LOM Word Object Not Run
Sign Test Initiating diagnostic Directory settings for server my-domain.de Directory Server address my-domain.de resolved to IP address Accepting certificate for Directory Server / C = DE / ST = [state]/ O = [company] / OU = ldapserver / CN = meine-domain.de/EMAIL ca@meine-domain.de signed by / C = DE / ST = [state] / L = [place] / O = [company] / OU = [Department] / CN = [person] / EMAIL = ca@meine-domain.de Warning: certificate does not match my Address Directory Server-domain.de. Unable to authenticate user test max [Invalid credentials] Ceasing tests. Some diagnostics for server FAILED my-domain.de
Complete tests.
I read a lot of threads, but nothing could help me to find a mistake.
I hope someone could help me to find the mistake.
kind regards
SysNewbie