open ldap not work

 
1
0
-1

Hi guys, i have this scenario :

COMMUNITY VERSION

version 3.5.1 of Open-AudIT.
tester31, and it's OS is LinuxCENTOS 7.7.1908
mysqli (version 5.5.65-MariaDB).
 Apache/2.4.6 (CentOS) PHP/5.4.16 .
 PHP version is 5.4.16 

I want configure OpenLdap parameter for the user acces.

I did a lot of tests  but I can't set up user access;
this is my configuration:






In my ldapserver  no error :


[18/Nov/2020:15:05:33.229988796 +0100] conn=6304717 fd=270 slot=270 connection from 172.31.11.224 to 172.23.11.100
[18/Nov/2020:15:05:33.230080894 +0100] conn=6304717 op=0 BIND dn="uid=lala.lala,ou=People,dc=rm,dc=it,dc=noverca,dc=com" method=128 version=3
[18/Nov/2020:15:05:33.230461091 +0100] conn=6304717 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=lala.lala,ou=people,dc=rm,dc=it,dc=noverca,dc=com"
[18/Nov/2020:15:05:33.242457159 +0100] conn=6304717 op=1 BIND dn="uid=pippo.pippo,ou=People,dc=rm,dc=it,dc=noverca,dc=com" method=128 version=3
[18/Nov/2020:15:05:33.242926563 +0100] conn=6304717 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=pippo.pippo,ou=people,dc=rm,dc=it,dc=noverca,dc=com"
[18/Nov/2020:15:05:33.244269426 +0100] conn=6304717 op=2 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(uid=lala.lala)" attrs=ALL
[18/Nov/2020:15:05:33.245134333 +0100] conn=6304717 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[18/Nov/2020:15:05:33.246544305 +0100] conn=6304717 op=3 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(&(cn=open-audit_roles_admin)(memberUid=lala.lala))" attrs=ALL
[18/Nov/2020:15:05:33.246683740 +0100] conn=6304717 op=3 RESULT err=0 tag=101 nentries=0 etime=0
[18/Nov/2020:15:05:33.247349056 +0100] conn=6304717 op=4 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(&(cn=open-audit_roles_org_admin)(memberUid=lala.lala))" attrs=ALL
[18/Nov/2020:15:05:33.247413431 +0100] conn=6304717 op=4 RESULT err=0 tag=101 nentries=0 etime=0
[18/Nov/2020:15:05:33.248025889 +0100] conn=6304717 op=5 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(&(cn=open-audit_roles_reporter)(memberUid=lala.lala))" attrs=ALL
[18/Nov/2020:15:05:33.248072273 +0100] conn=6304717 op=5 RESULT err=0 tag=101 nentries=0 etime=0
[18/Nov/2020:15:05:33.248750018 +0100] conn=6304717 op=6 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(&(cn=open-audit_roles_user)(memberUid=lala.lala))" attrs=ALL
[18/Nov/2020:15:05:33.248811612 +0100] conn=6304717 op=6 RESULT err=0 tag=101 nentries=0 etime=0
[18/Nov/2020:15:05:33.249559142 +0100] conn=6304717 op=7 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(&(cn=open-audit_roles_collector)(memberUid=lala.lala))" attrs=ALL
[18/Nov/2020:15:05:33.249609554 +0100] conn=6304717 op=7 RESULT err=0 tag=101 nentries=0 etime=0
[18/Nov/2020:15:05:33.250428527 +0100] conn=6304717 op=8 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(&(cn=open-audit_roles_agent)(memberUid=lala.lala))" attrs=ALL
[18/Nov/2020:15:05:33.250475981 +0100] conn=6304717 op=8 RESULT err=0 tag=101 nentries=0 etime=0
[18/Nov/2020:15:05:33.251087611 +0100] conn=6304717 op=9 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(&(cn=open-audit_orgs_default_organisation)(memberUid=lala.lala))" attrs=ALL
[18/Nov/2020:15:05:33.251155655 +0100] conn=6304717 op=9 RESULT err=0 tag=101 nentries=0 etime=0
[18/Nov/2020:15:05:33.251819668 +0100] conn=6304717 op=10 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(&(cn=open-audit_orgs_it)(memberUid=lala.lala))" attrs=ALL
[18/Nov/2020:15:05:33.251887815 +0100] conn=6304717 op=10 RESULT err=0 tag=101 nentries=0 etime=0
[18/Nov/2020:15:05:33.252580601 +0100] conn=6304717 op=11 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(&(cn=open-audit_orgs_netscaperoot)(memberUid=lala.lala))" attrs=ALL
[18/Nov/2020:15:05:33.252630218 +0100] conn=6304717 op=11 RESULT err=0 tag=101 nentries=0 etime=0
[18/Nov/2020:15:05:33.253294172 +0100] conn=6304717 op=12 SRCH base="dc=rm,dc=it,dc=noverca,dc=com" scope=2 filter="(&(cn=open-audit_orgs_people)(memberUid=lala.lala))" attrs=ALL
[18/Nov/2020:15:05:33.253374856 +0100] conn=6304717 op=12 RESULT err=0 tag=101 nentries=0 etime=0
[18/Nov/2020:15:05:33.680853133 +0100] conn=6301957 op=3 UNBIND
[18/Nov/2020:15:05:33.680872187 +0100] conn=6301957 op=3 fd=127 closed - U1


Help me !!! 

Have you a Open Ldap configuration to show me .

What are step by step a setting for open ldap .I searched and found only guide for active directory.


Thanks a lot 

    CommentAdd your comment...

    4 answers

    1.  
      2
      1
      0

      There is a troubleshooting page on the wiki - Troubleshooting LDAP logins

      1. gigix gigix

        Hi my Very Best Friend, 

        thanks a lot for troubleshooting information 

        I think I have identified the problem. :

        logon","fail","User has no roles and no orgs","User lala.lala exists in LDAP (diretto-100) and attempted to logon, but does not belong to any OA groups for Roles or Organisations.",
"6631","2020-11-19 17:54:51","1605804891.3855","system","5","notice","13220","","tester31","10.2.5.16","logon","","m_logon::logon","HTTP/1.1 401 Unauthorized","Invalid logon attempt.","Could not authenticate and/or authorise user lala.lala from IP 10.2.5.16"

        it appears as if the user is not configured in the openaudit group, but instead it is


        su - lala.lala
        Last login: Thu Nov 19 11:49:22 CET 2020 on pts/1
        -bash-4.2$ id
        uid=9874(lala.lala) gid=3020(open-audit_orgs_default_organisation) groups=3020(open-audit_orgs_default_organisation)

        I also tried to create the user on openaudit hoping that he would inherit org and groups but nothing

        "fail","User has no roles and no orgs","User lala.lala exists in LDAP (diretto-100) and attempted to logon
        HELP i THINK THIS IS  A BUG

        this is part of log :
        "6613","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","","","logon","success","set format","Set format to screen, according to HEADERS.",
"6614","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","Retrieved LDAP Servers","1 LDAP servers retrieved from database.",
"6615","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","success","Successful LDAP bind","Successful bind using credentials for LDAP server at 172.23.11.100: Success",
"6616","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP filter","(uid=lala.lala)",
"6617","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP BaseDN","dc=rm,dc=it,dc=noverca,dc=com",
"6618","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","success","LDAP found user","LDAP search successful for user lala.lala at 172.23.11.100, ldap_search($ldap_connection, '{$ldap->base_dn}', '{$ldap->filter}')",
"6619","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","success","LDAP retrieved entries","LDAP entries retrieval successful for user lala.lala at 172.23.11.100",
"6620","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_admin succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_admin)(memberUid=lala.lala))",
"6621","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_org_admin succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_org_admin)(memberUid=lala.lala))",
"6622","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_reporter succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_reporter)(memberUid=lala.lala))",
"6623","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_user succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_user)(memberUid=lala.lala))",
"6624","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_collector succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_collector)(memberUid=lala.lala))",
"6625","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_agent succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_agent)(memberUid=lala.lala))",
"6626","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for org open-audit_orgs_default_organisation succeeded, lala.lala is NOT in group.","(&(cn=open-audit_orgs_default_organisation)(memberUid=lala.lala))",
"6627","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for org open-audit_orgs_it succeeded, lala.lala is NOT in group.","(&(cn=open-audit_orgs_it)(memberUid=lala.lala))",
"6628","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for org open-audit_orgs_netscaperoot succeeded, lala.lala is NOT in group.","(&(cn=open-audit_orgs_netscaperoot)(memberUid=lala.lala))",
"6629","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for org open-audit_orgs_people succeeded, lala.lala is NOT in group.","(&(cn=open-audit_orgs_people)(memberUid=lala.lala))",
"6630","2020-11-19 17:54:51","1605804891.3855","system","5","notice","13220","","tester31","10.2.5.16","logon","","m_logon::logon","fail","User has no roles and no orgs","User lala.lala exists in LDAP (diretto-100) and attempted to logon, but does not belong to any OA groups for Roles or Organisations.",
"6631","2020-11-19 17:54:51","1605804891.3855","system","5","notice","13220","","tester31","10.2.5.16","logon","","m_logon::logon","HTTP/1.1 401 Unauthorized","Invalid logon attempt.","Could not authenticate and/or authorise user lala.lala from IP 10.2.5.16",
"6632","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00011992454528809)","/* m_configuration::load */ SELECT NOW() as `timestamp`",
"6633","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.0001518726348877)","/* m_configuration::load */ SELECT TIME_FORMAT(TIMEDIFF(NOW(),CONVERT_TZ(NOW(),@@session.time_zone,'+00:00')),'%H%i') AS `tz`",
"6634","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00044798851013184)","/* m_configuration::load */ SELECT count(*) as device_count FROM `system`",
"6635","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","","","logon","success","set format","Set format to screen, according to HEADERS.",
"6636","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00037813186645508)","/* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'oae_license'",
"6637","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.0031790733337402)","/* m_configuration::update */ UPDATE configuration SET value = 'none', edited_by = 'system', edited_date = NOW() WHERE id = 141",
"6638","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00032210350036621)","/* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'oae_product'",
"6639","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00057291984558105)","/* m_configuration::update */ UPDATE configuration SET value = 'Open-AudIT Community', edited_by = 'system', edited_date = NOW() WHERE id = 143",
"6640","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00041699409484863)","/* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'server_ip'",
"6641","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.0014381408691406)","/* m_configuration::update */ UPDATE configuration SET value = '172.31.11.224,10.254.2.224', edited_by = 'system', edited_date = NOW() WHERE id = 153",
"6642","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00036001205444336)","/* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'modules'",
"6643","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00077199935913086)","/* m_configuration::update */ UPDATE configuration SET value = '{\""NMIS8\"":{\""name\"":\""NMIS8\"",\""file\"":\""\\/cgi-bin\\/nmiscgi.pl\"",\""link\"":\""\\/cgi-nmis8\\/nmiscgi.pl\"",\""url\"":\""https:\\/\\/opmantek.com\\/network-management-system-nmis\\/\""},\""opAddress\"":{\""name\"":\""opAddress\"",\""file\"":\""\\/bin\\/opaddress-cli.pl\"",\""link\"":\""\\/omk\\/opAddress\\/\"",\""url\"":\""https:\\/\\/community.opmantek.com\\/display\\/opAddress\\/Home\""},\""opCharts\"":{\""name\"":\""opCharts\"",\""file\"":\""\\/public\\/omk\\/js\\/opCharts_a_external_packed.js\"",\""link\"":\""\\/omk\\/opCharts\"",\""url\"":\""https:\\/\\/opmantek.com\\/opcharts-dashboards-charts-management\\/\""},\""opConfig\"":{\""name\"":\""opConfig\"",\""file\"":\""\\/install\\/opconfigd.init.d\"",\""link\"":\""\\/omk\\/opConfig\"",\""url\"":\""https:\\/\\/opmantek.com\\/network-configuration-management-opconfig\\/\""},\""Open-AudIT\"":{\""name\"":\""Open-AudIT\"",\""file\"":\""\\/bin\\/oae-tasks.sh\"",\""link\"":\""\\/omk\\/open-audit\\/\"",\""url\"":\""https:\\/\\/opmantek.com\\/network-audit-software\\/\""},\""opEvents\"":{\""name\"":\""opEvents\"",\""file\"":\""\\/install\\/opeventsd.init.d\"",\""link\"":\""\\/omk\\/opEvents\\/\"",\""url\"":\""https:\\/\\/opmantek.com\\/opevents-traps-network-event-management\\/\""},\""opFlow\"":{\""name\"":\""opFlow\"",\""file\"":\""\\/bin\\/opflow-cli.pl\"",\""link\"":\""\\/omk\\/opFlow\"",\""url\"":\""https:\\/\\/opmantek.com\\/netflow-analyzer-collector-opflow\\/\""},\""opHA\"":{\""name\"":\""opHA\"",\""file\"":\""\"",\""link\"":\""\\/omk\\/opHA\"",\""url\"":\""https:\\/\\/opmantek.com\\/distributed-network-management-system\\/\""},\""opLicensing\"":{\""name\"":\""opLicensing\"",\""file\"":\""\\/lib\\/opLicense.pm.exe\"",\""link\"":\""\\/omk\\/opLicense\"",\""url\"":\""#\""},\""opReports\"":{\""name\"":\""opReports\"",\""file\"":\""\\/bin\\/opreports-cli.pl\"",\""link\"":\""\\/omk\\/opReports\\/\"",\""url\"":\""https:\\/\\/opmantek.com\\/network-configuration-management-opconfig\\/\""},\""opSLA\"":{\""name\"":\""opSLA\"",\""file\"":\""\"",\""link\"":\""\\/omk\\/opSLA\"",\""url\"":\""https:\\/\\/opmantek.com\\/ip-sla-monitor-cisco-ipsla\\/\""},\""Other Modules\"":{\""name\"":\""Other Modules\"",\""link\"":\""https:\\/\\/opmantek.com\\/network-management-system-tools\\/\"",\""url\"":\""https:\\/\\/opmantek.com\\/network-management-system-tools\\/\""}}', edited_by = 'system', edited_date = NOW() WHERE id = 138",
"6644","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_networks::upsert","success","running sql (0.00038290023803711)","/* m_networks::upsert */ SELECT * FROM networks WHERE networks.org_id = 1 AND networks.network = '127.0.0.0/8'",
"6645","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_networks::upsert","success","running sql (0.0002281665802002)","/* m_networks::upsert */ SELECT * FROM networks WHERE networks.org_id = 1 AND networks.network = '172.31.0.0/20'",
"6646","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_networks::upsert","success","running sql (0.00023794174194336)","/* m_networks::upsert */ SELECT * FROM networks WHERE networks.org_id = 1 AND networks.network = '10.254.0.0/18'",
"6647","2020-11-19 17:55:11","1605804911.9456","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00013589859008789)","/* m_configuration::load */ SELECT NOW() as `timestamp`",
"6648","2020-11-19 17:55:11","1605804911.9456","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00015401840209961)","/* m_configuration::load */ SELECT TIME_FORMAT(TIMEDIFF(NOW(),CONVERT_TZ(NOW(),@@session.time_zone,'+00:00')),'%H%i') AS `tz`",
"6649","2020-11-19 17:55:11","1605804911.9456","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00045013427734375)","/* m_configuration::load */ SELECT count(*) as device_count FROM `system`",
"6650","2020-11-19 17:55:11","1605804911.9456","system","7","debug","14513","","tester31","10.2.5.16","","","logon","success","set format","Set format to screen, according to HEADERS.",
"6651","2020-11-19 17:55:11","1605804911.9456","system","7","debug","14513","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","Retrieved LDAP Servers","1 LDAP servers retrieved from database.",
"6652","2020-11-19 17:55:11","1605804911.9456","system","6","info","14513","","tester31","10.2.5.16","logon","","m_logon::logon","fail","Invalid credentials","Invalid user supplied credentials for LDAP server at 172.23.11.100, skipping.",
"6653","2020-11-19 17:55:12","1605804911.9456","system","5","notice","14513","","tester31","10.2.5.16","logon","","m_logon::logon","success","User logged on","Existing user admin logged on (local account).",
"6654","2020-11-19 17:55:12","1605804912.0382","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00010919570922852)","/* m_configuration::load */ SELECT NOW() as `timestamp`",
"6655","2020-11-19 17:55:12","1605804912.0382","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00014615058898926)","/* m_configuration::load */ SELECT TIME_FORMAT(TIMEDIFF(NOW(),CONVERT_TZ(NOW(),@@session.time_zone,'+00:00')),'%H%i') AS `tz`",
"6656","2020-11-19 17:55:12","1605804912.0382","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00046205520629883)","/* m_configuration::load */ SELECT count(*)
      2. gigix gigix

        User lala.lala 

        "User has no roles and no orgs" how set this ?
      CommentAdd your comment...
    2.  
      1
      0
      -1

      Is the user in a Role group as well as an Org group? The logs state it is not.

      Should likely be a member of:

      open-audit_roles_admin

      open-audit_roles_org_admin

      open-audit_orgs_default_organisation

      The user account must be a direct member of these groups, not a member of a group that is a member of these groups.


      LDAP search for org open-audit_orgs_default_organisation succeeded, lala.lala is NOT in group.


      1. gigix gigix

        hi,

        first i have create a group open-audit_orgs_default_organisation in my ldap server.

        Then i have create a user lala.lala in my open-ldap server with open-audit_orgs_default_organisation :

        this is my login in my openaudit server  switch user from root to lala.lala

        [root@tester31 ~]# su - lala.lala
        Last login: Thu Nov 19 18:18:04 CET 2020 on pts/0
        -bash-4.2$ id
        uid=9874(lala.lala) gid=3020(open-audit_orgs_default_organisation) groups=3020(open-audit_orgs_default_organisation)
        -bash-4.2$

        what's wrong ?

        what's the exactly ldap search command that openaudit do for this search ? i want launch it manually for troubleshooting ?

        Can you send me a step by step how-to with openldap. All how-to in the your site are also Active directory based.

        thanks a lot


      2. Mark Unwin

        Should be a member of:

        open-audit_roles_admin, open-audit_roles_org_admin, open-audit_orgs_default_organisation

        The user account must be a direct member of all of these groups, not a member of a group that is a member of these groups.

      3. gigix gigix

        ok Now my user lala.lala is a member of all of these groups.

        But not work with the same error :

        reading data","LDAP search for role open-audit_roles_admin succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_admin)(memberUid=lala.lala))",

        I think the problem is on the ldapsearch that fail and not match lala.lala in the
        group ( ... lala.lala is NOT in group.","(&(cn=open-audit_roles_admin)(memberUid=lala.lala))")
        but lala.lala is in all group.

        If i use option USE ROLES = no   all work fine .



        this is my ldap situation :

        # open-audit_roles_admin, Groups, rm.it.noverca.com
        dn: cn=open-audit_roles_admin,ou=Groups,dc=rm,dc=it,dc=noverca,dc=com
        gidNumber: 3018
        description: gruppo admin ldap
        objectClass: top
        objectClass: groupofuniquenames
        objectClass: posixgroup
        uniqueMember: uid=luigi.staniscia,ou=People,dc=rm,dc=it,dc=noverca,dc=com
        uniqueMember: uid=pippo.pippo,ou=People,dc=rm,dc=it,dc=noverca,dc=com
        uniqueMember: uid=lala.lala,ou=People,dc=rm,dc=it,dc=noverca,dc=com
        cn: open-audit_roles_admin


        # open-audit_orgs_default_organisation, Groups, rm.it.noverca.com
        dn: cn=open-audit_orgs_default_organisation,ou=Groups,dc=rm,dc=it,dc=noverca,d
        c=com
        gidNumber: 3020
        objectClass: top
        objectClass: groupofuniquenames
        objectClass: posixgroup
        uniqueMember: uid=pippo.pippo,ou=People,dc=rm,dc=it,dc=noverca,dc=com
        uniqueMember: uid=nino.nino,ou=People,dc=rm,dc=it,dc=noverca,dc=com
        uniqueMember: uid=lala.lala,ou=People,dc=rm,dc=it,dc=noverca,dc=com
        uniqueMember: uid=luigi.staniscia,ou=People,dc=rm,dc=it,dc=noverca,dc=com
        cn: open-audit_orgs_default_organisation


        # open-audit_roles_org_admin, Groups, rm.it.noverca.com
        dn: cn=open-audit_roles_org_admin,ou=Groups,dc=rm,dc=it,dc=noverca,dc=com
        objectClass: top
        objectClass: groupofuniquenames
        objectClass: posixgroup
        gidNumber: 3021
        uniqueMember: uid=lala.lala,ou=People,dc=rm,dc=it,dc=noverca,dc=com
        uniqueMember: uid=luigi.staniscia,ou=People,dc=rm,dc=it,dc=noverca,dc=com
        cn: open-audit_roles_org_admin

      4. Mark Unwin

        I'm sorry, but I do not know.

        I do not have an openLDAP server to test against.

        All I can say is that when the code was written, I did have an openLDAP server and it did work.

        As a paying customer you would be entitled to a support contract and support assistance.

        I'm unsure I can help much more than this.

      CommentAdd your comment...
    3.  
      1
      0
      -1

      hi Mark any idea?

      How create a user ?

      I have create my user lala.lala on my openldap server with  a openaudit group. But not work.

      I must create a ORGANIAZION in my openldap server ?

        CommentAdd your comment...
      1.  
        1
        0
        -1

        Hi my Very Best Friend, 

        thanks a lot for troubleshooting information 

        I think I have identified the problem. :

        logon","fail","User has no roles and no orgs","User lala.lala exists in LDAP (diretto-100) and attempted to logon, but does not belong to any OA groups for Roles or Organisations.",
"6631","2020-11-19 17:54:51","1605804891.3855","system","5","notice","13220","","tester31","10.2.5.16","logon","","m_logon::logon","HTTP/1.1 401 Unauthorized","Invalid logon attempt.","Could not authenticate and/or authorise user lala.lala from IP 10.2.5.16"

        it appears as if the user is not configured in the openaudit group, but instead it is


        su - lala.lala
        Last login: Thu Nov 19 11:49:22 CET 2020 on pts/1
        -bash-4.2$ id
        uid=9874(lala.lala) gid=3020(open-audit_orgs_default_organisation) groups=3020(open-audit_orgs_default_organisation)

        I also tried to create the user on openaudit hoping that he would inherit org and groups but nothing

        "fail","User has no roles and no orgs","User lala.lala exists in LDAP (diretto-100) and attempted to logon
        HELP i THINK THIS IS  A BUG

        this is part of log :
        "6613","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","","","logon","success","set format","Set format to screen, according to HEADERS.",
"6614","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","Retrieved LDAP Servers","1 LDAP servers retrieved from database.",
"6615","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","success","Successful LDAP bind","Successful bind using credentials for LDAP server at 172.23.11.100: Success",
"6616","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP filter","(uid=lala.lala)",
"6617","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP BaseDN","dc=rm,dc=it,dc=noverca,dc=com",
"6618","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","success","LDAP found user","LDAP search successful for user lala.lala at 172.23.11.100, ldap_search($ldap_connection, '{$ldap->base_dn}', '{$ldap->filter}')",
"6619","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","success","LDAP retrieved entries","LDAP entries retrieval successful for user lala.lala at 172.23.11.100",
"6620","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_admin succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_admin)(memberUid=lala.lala))",
"6621","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_org_admin succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_org_admin)(memberUid=lala.lala))",
"6622","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_reporter succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_reporter)(memberUid=lala.lala))",
"6623","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_user succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_user)(memberUid=lala.lala))",
"6624","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_collector succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_collector)(memberUid=lala.lala))",
"6625","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for role open-audit_roles_agent succeeded, lala.lala is NOT in group.","(&(cn=open-audit_roles_agent)(memberUid=lala.lala))",
"6626","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for org open-audit_orgs_default_organisation succeeded, lala.lala is NOT in group.","(&(cn=open-audit_orgs_default_organisation)(memberUid=lala.lala))",
"6627","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for org open-audit_orgs_it succeeded, lala.lala is NOT in group.","(&(cn=open-audit_orgs_it)(memberUid=lala.lala))",
"6628","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for org open-audit_orgs_netscaperoot succeeded, lala.lala is NOT in group.","(&(cn=open-audit_orgs_netscaperoot)(memberUid=lala.lala))",
"6629","2020-11-19 17:54:51","1605804891.3855","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","LDAP search for org open-audit_orgs_people succeeded, lala.lala is NOT in group.","(&(cn=open-audit_orgs_people)(memberUid=lala.lala))",
"6630","2020-11-19 17:54:51","1605804891.3855","system","5","notice","13220","","tester31","10.2.5.16","logon","","m_logon::logon","fail","User has no roles and no orgs","User lala.lala exists in LDAP (diretto-100) and attempted to logon, but does not belong to any OA groups for Roles or Organisations.",
"6631","2020-11-19 17:54:51","1605804891.3855","system","5","notice","13220","","tester31","10.2.5.16","logon","","m_logon::logon","HTTP/1.1 401 Unauthorized","Invalid logon attempt.","Could not authenticate and/or authorise user lala.lala from IP 10.2.5.16",
"6632","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00011992454528809)","/* m_configuration::load */ SELECT NOW() as `timestamp`",
"6633","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.0001518726348877)","/* m_configuration::load */ SELECT TIME_FORMAT(TIMEDIFF(NOW(),CONVERT_TZ(NOW(),@@session.time_zone,'+00:00')),'%H%i') AS `tz`",
"6634","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00044798851013184)","/* m_configuration::load */ SELECT count(*) as device_count FROM `system`",
"6635","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","","","logon","success","set format","Set format to screen, according to HEADERS.",
"6636","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00037813186645508)","/* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'oae_license'",
"6637","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.0031790733337402)","/* m_configuration::update */ UPDATE configuration SET value = 'none', edited_by = 'system', edited_date = NOW() WHERE id = 141",
"6638","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00032210350036621)","/* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'oae_product'",
"6639","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00057291984558105)","/* m_configuration::update */ UPDATE configuration SET value = 'Open-AudIT Community', edited_by = 'system', edited_date = NOW() WHERE id = 143",
"6640","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00041699409484863)","/* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'server_ip'",
"6641","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.0014381408691406)","/* m_configuration::update */ UPDATE configuration SET value = '172.31.11.224,10.254.2.224', edited_by = 'system', edited_date = NOW() WHERE id = 153",
"6642","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00036001205444336)","/* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'modules'",
"6643","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_configuration::update","success","running sql (0.00077199935913086)","/* m_configuration::update */ UPDATE configuration SET value = '{\""NMIS8\"":{\""name\"":\""NMIS8\"",\""file\"":\""\\/cgi-bin\\/nmiscgi.pl\"",\""link\"":\""\\/cgi-nmis8\\/nmiscgi.pl\"",\""url\"":\""https:\\/\\/opmantek.com\\/network-management-system-nmis\\/\""},\""opAddress\"":{\""name\"":\""opAddress\"",\""file\"":\""\\/bin\\/opaddress-cli.pl\"",\""link\"":\""\\/omk\\/opAddress\\/\"",\""url\"":\""https:\\/\\/community.opmantek.com\\/display\\/opAddress\\/Home\""},\""opCharts\"":{\""name\"":\""opCharts\"",\""file\"":\""\\/public\\/omk\\/js\\/opCharts_a_external_packed.js\"",\""link\"":\""\\/omk\\/opCharts\"",\""url\"":\""https:\\/\\/opmantek.com\\/opcharts-dashboards-charts-management\\/\""},\""opConfig\"":{\""name\"":\""opConfig\"",\""file\"":\""\\/install\\/opconfigd.init.d\"",\""link\"":\""\\/omk\\/opConfig\"",\""url\"":\""https:\\/\\/opmantek.com\\/network-configuration-management-opconfig\\/\""},\""Open-AudIT\"":{\""name\"":\""Open-AudIT\"",\""file\"":\""\\/bin\\/oae-tasks.sh\"",\""link\"":\""\\/omk\\/open-audit\\/\"",\""url\"":\""https:\\/\\/opmantek.com\\/network-audit-software\\/\""},\""opEvents\"":{\""name\"":\""opEvents\"",\""file\"":\""\\/install\\/opeventsd.init.d\"",\""link\"":\""\\/omk\\/opEvents\\/\"",\""url\"":\""https:\\/\\/opmantek.com\\/opevents-traps-network-event-management\\/\""},\""opFlow\"":{\""name\"":\""opFlow\"",\""file\"":\""\\/bin\\/opflow-cli.pl\"",\""link\"":\""\\/omk\\/opFlow\"",\""url\"":\""https:\\/\\/opmantek.com\\/netflow-analyzer-collector-opflow\\/\""},\""opHA\"":{\""name\"":\""opHA\"",\""file\"":\""\"",\""link\"":\""\\/omk\\/opHA\"",\""url\"":\""https:\\/\\/opmantek.com\\/distributed-network-management-system\\/\""},\""opLicensing\"":{\""name\"":\""opLicensing\"",\""file\"":\""\\/lib\\/opLicense.pm.exe\"",\""link\"":\""\\/omk\\/opLicense\"",\""url\"":\""#\""},\""opReports\"":{\""name\"":\""opReports\"",\""file\"":\""\\/bin\\/opreports-cli.pl\"",\""link\"":\""\\/omk\\/opReports\\/\"",\""url\"":\""https:\\/\\/opmantek.com\\/network-configuration-management-opconfig\\/\""},\""opSLA\"":{\""name\"":\""opSLA\"",\""file\"":\""\"",\""link\"":\""\\/omk\\/opSLA\"",\""url\"":\""https:\\/\\/opmantek.com\\/ip-sla-monitor-cisco-ipsla\\/\""},\""Other Modules\"":{\""name\"":\""Other Modules\"",\""link\"":\""https:\\/\\/opmantek.com\\/network-management-system-tools\\/\"",\""url\"":\""https:\\/\\/opmantek.com\\/network-management-system-tools\\/\""}}', edited_by = 'system', edited_date = NOW() WHERE id = 138",
"6644","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_networks::upsert","success","running sql (0.00038290023803711)","/* m_networks::upsert */ SELECT * FROM networks WHERE networks.org_id = 1 AND networks.network = '127.0.0.0/8'",
"6645","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_networks::upsert","success","running sql (0.0002281665802002)","/* m_networks::upsert */ SELECT * FROM networks WHERE networks.org_id = 1 AND networks.network = '172.31.0.0/20'",
"6646","2020-11-19 17:54:56","1605804896.5076","system","7","debug","13220","","tester31","10.2.5.16","logon","","m_networks::upsert","success","running sql (0.00023794174194336)","/* m_networks::upsert */ SELECT * FROM networks WHERE networks.org_id = 1 AND networks.network = '10.254.0.0/18'",
"6647","2020-11-19 17:55:11","1605804911.9456","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00013589859008789)","/* m_configuration::load */ SELECT NOW() as `timestamp`",
"6648","2020-11-19 17:55:11","1605804911.9456","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00015401840209961)","/* m_configuration::load */ SELECT TIME_FORMAT(TIMEDIFF(NOW(),CONVERT_TZ(NOW(),@@session.time_zone,'+00:00')),'%H%i') AS `tz`",
"6649","2020-11-19 17:55:11","1605804911.9456","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00045013427734375)","/* m_configuration::load */ SELECT count(*) as device_count FROM `system`",
"6650","2020-11-19 17:55:11","1605804911.9456","system","7","debug","14513","","tester31","10.2.5.16","","","logon","success","set format","Set format to screen, according to HEADERS.",
"6651","2020-11-19 17:55:11","1605804911.9456","system","7","debug","14513","","tester31","10.2.5.16","logon","","m_logon::logon","reading data","Retrieved LDAP Servers","1 LDAP servers retrieved from database.",
"6652","2020-11-19 17:55:11","1605804911.9456","system","6","info","14513","","tester31","10.2.5.16","logon","","m_logon::logon","fail","Invalid credentials","Invalid user supplied credentials for LDAP server at 172.23.11.100, skipping.",
"6653","2020-11-19 17:55:12","1605804911.9456","system","5","notice","14513","","tester31","10.2.5.16","logon","","m_logon::logon","success","User logged on","Existing user admin logged on (local account).",
"6654","2020-11-19 17:55:12","1605804912.0382","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00010919570922852)","/* m_configuration::load */ SELECT NOW() as `timestamp`",
"6655","2020-11-19 17:55:12","1605804912.0382","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00014615058898926)","/* m_configuration::load */ SELECT TIME_FORMAT(TIMEDIFF(NOW(),CONVERT_TZ(NOW(),@@session.time_zone,'+00:00')),'%H%i') AS `tz`",
"6656","2020-11-19 17:55:12","1605804912.0382","system","7","debug","14513","","tester31","10.2.5.16","","","m_configuration::load","success","running sql (0.00046205520629883)","/* m_configuration::load */ SELECT count(*) as device_count FROM `system`",

          CommentAdd your comment...