-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't Authenticate Against Joined Data Source #92
Comments
When debugging joins, the first thing I generally do is add a DumpTransactions insert to each namespace to see what operations are being performed on each namespace, what mappings are happening, etc. I see that you're mapping between title and uid. I've found that having different attribute names can cause issues because we attempt to figure out which base to search first. You want to have the attribute names lineup in the joinFilter. You can do this by adding a
That said, what are you attempting to do? It looks like you have one directory for groups and another for users? |
Everything with the join works fine. The issue is with authentication. It looks like the bindPrimaryFirst config should control this, but no matter what it is set to (or not set) authentication is not working against the joined namespace. Authenticating against the joined namespace directly through the proxy works fine. There are two matching users and when I added the clearAttributes as suggested in the other issues, the attributes come back fine. It is a quick test to check the attributes and authentication. It isn't an actual set of data. Sorry, I was under the impression that putting the DumpTransactions in the global chain it would apply to everything, but it doesn't look to work that way, I guess. |
No, the joiner doesn't go back through the global chain so you need to add |
I have added a DumpTransactions to the joiner and there is still no obvious information as to why authentication against the joined target is not working.
Any ideas? |
is the password on the primary or the joined entries? |
Both. I can authenticate with the password on the primary account, but I can't authenticate with the password on the joined account. I have tried not setting bindPrimaryFirst, leaving it blank, setting it to true and setting it to false. None of the the variations seem to make a difference. We did test this with version 0.9x (I believe since I didn't actually perform the test) with the same configuration and it worked when set to false. I can't see to get this working in 1.0.9, though. Thanks. |
OK, so i want to make sure i understand, is this accurate?
|
That looks like the behavior I am seeing. Thanks. |
ok, so i think whats happening is that when the search happens to look for the joined entries, MyVD finds the user in |
OK. I will give that a shot. We do have AttributeCleaner specified in the global chain (which allowed the joined attributes to come back), but I will try adding it at that level as well. The results are joined correctly and the joined attributes are there. I think I did not export the operational attributes before which caused the confusion. Sorry.
I appreciate it. |
I added the AttributeCleaner to BaseServer and BaseServer2 and I am still seeing the same behavior. Please let me know if you want me to try anything else. I also tried adding it directly to the join. Thanks. |
I'm wondering if this is a bug. i'll add a test case and see if i can reproduce |
Thanks. I appreciate it. |
We have configured a join between two LDAP data sources. I can authenticate users against the primary, but I cannot authenticate the user with the password associated with the joined source. If I authenticate directory against the proxy for the joined source it works. I have tried not setting bindPrimaryFirst, leaving it blank, setting it to true and setting it to false. None of the the variations seem to make a difference.
I have attached a debug log and the conf file. I'm not sure that I even see an attempted bind against the joined source.
Any ideas are appreciated. Thanks.
myvd.conf.txt
myvd.log.zip
The text was updated successfully, but these errors were encountered: