Page 3 of 4
Re: Self Service Malfunction
Published: January 14, 2025 - 10:14 AM
by TomTom
Code: Select all
/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh
----------------------------------------------------------------
Test SSO SELFSERVICE LDAP with ldap_account_service_login
----------------------------------------------------------------
Username : mullert
Group test member : Domain Users
----------------------------------------------------------------
[OK] Test SSO SELFSERVICE LDAP with ldap_account_service_login
----------------------------------------------------------------
Test ldap with direct Login
----------------------------------------------------------------
Username ldap: mullert
Password ldap:
Group test member : Domain Users
--------
ALL GOOD
--------
Re: Self Service Malfunction
Published: January 14, 2025 - 10:15 AM
by TomTom
However, with another group of which I am a member:
Code: Select all
/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh
----------------------------------------------------------------
Test SSO SELFSERVICE LDAP with ldap_account_service_login
----------------------------------------------------------------
Username : mullert
Group test member : caduser
----------------------------------------------------------------
[FAIL] username mullert not in group caduser
----------------------------------------------------------------
{'success': True, 'groups': [], 'error': False, 'msg': ''}
Re: Self Service Malfunction
Published: January 14, 2025 - 10:22 AM
by sfonteneau
I'm unsure about the uppercase/lowercase settings;
are the groups entirely lowercase everywhere?
Is there a specific DN base in the WAPT configuration?
Re: Self Service Malfunction
Published: January 14, 2025 - 10:26 AM
by Clafon
@tomtom: Just wondering if you're experiencing the same issue as me: if you change the authentication method in the self-service configuration package to "system", does the self-service feature appear? (You'll need to enter a login/password)
Re: Self Service Malfunction
Published: January 14, 2025 - 10:27 AM
by TomTom
Here is my waptserver.ini:
Code: Select all
[options]
wapt_user = adminwapt
wapt_password = password
wapt_folder = /var/www/wapt
server_uuid = 67837244-907c-11e6-86b1-005056add68a
secret_key = secret
use_kerberos = True
allow_unauthenticated_registration = False
waptwua_folder = /var/www/waptwua
allow_unauthenticated_connect = False
signature_clockskew = 72000
clients_signing_key = /opt/wapt/conf/ca-waptserver.fr.hydac.int.pem
clients_signing_certificate = /opt/wapt/conf/ca-waptserver.fr.hydac.int.crt
remote_repo_support = True
wapt_admin_group = FR-WAPTADMINS
ldap_auth_ssl_enabled = False
ldap_account_service_login = FR-SVC-LDAP@fr.hydac.int
ldap_account_service_password = password
wapt_huey_db = /opt/wapt/db/waptservertasks.sqlite
loglevel_waptserver = info
loglevel_waptcore = info
glpi_server_endpoint = https://fr-for-glpi/glpi/plugins/fusioninventory/index.php
glpi_server_user = fr-svc-glpi
glpi_server_pass = password
glpi_inventory_update_delay = 4
glpi_inventory_update_range = 20
glpi_server_pause_timeout = 20,15
wads_enable = True
token_secret_key = secret
clients_signing_crl = /var/www/ssl/ca-waptserver.fr.hydac.int.crl
clients_signing_crl_url = http://waptserver.fr.hydac.int/wapt/ssl/ca-waptserver.fr.hydac.int.crl
ssl_additional_crls = /var/www/ssl
ad_domain_name = fr.hydac.int
The groups are exactly as written in the "Domain Users" script, with uppercase letters and "caduser" in lowercase
Re: Self Service Malfunction
Published: January 14, 2025 - 10:29 AM
by TomTom
clafon wrote: ↑Jan 14, 2025 - 10:26 AM
@tomtom: just to know if you're in the same situation as me: if you change the authentication method in the self-service configuration package to "system", does the self-service appear? (you'll need to enter a login/password)
I tested it and indeed, with service_auth_type=waptserver-ldap -> not working (empty Self Service) and service_auth_type=system -> OK after entering credentials
However, no selectable categories...
Re: Self Service Malfunction
Published: January 14, 2025 - 11:31
by sfonteneau
TomTom wrote: ↑January 14, 2025 - 10:15
However, with another group of which I am a member:
Code: Select all
/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh
----------------------------------------------------------------
Test SSO SELFSERVICE LDAP with ldap_account_service_login
----------------------------------------------------------------
Username : mullert
Group test member : caduser
----------------------------------------------------------------
[FAIL] username mullert not in group caduser
----------------------------------------------------------------
{'success': True, 'groups': [], 'error': False, 'msg': ''}
This specific case, as shown in testing-ldap-connectivity.sh, interests me
Can you contact our support team so I can see it live?
Re: Self Service Malfunction
Published: January 14, 2025 - 11:55 AM
by sfonteneau
The problem has been reproduced internally.
It's clearly a capitalization issue.
I've put a 'tis' group into testing
within the 'Tis' self-service rule package,
in the 'ad tiS' group
. A temporary solution would be to convert all groups to lowercase.
We'll therefore perform the comparisons ignoring case sensitivity.
Re: Self Service Malfunction
Published: January 14, 2025 - 5:17 PM
by TomTom
So it's strange because the test fails with the group "caduser" which is in lowercase, though.
Re: Self Service Malfunction
Published: January 14, 2025 - 5:56 PM
by sfonteneau
TomTom wrote: ↑Jan 14, 2025 - 5:17 PM
So it's strange because the test fails with the group "caduser" which is in lowercase though.
Yes, in that case there is still a problem for you.
Can you contact us by phone to look into this, mentioning that it was Simon who asked us to call?