Start a Conversation

Unsolved

JF

2 Posts

27

January 26th, 2024 16:26

Unable to connect Openmanage Entreprise to LDAP because the service is making and anonymous bind instead of using bind_dn

Hello,

I'm trying to connect our Openmanage Enterprise to our ldap cluster (based on openldap) and I'm getting an error saying that the auth information are incorrect (spoiler, they are not).

After searching around in openmanage's logs, I've found the following traces :

[WARN ] 2024-01-26 16:58:31.254 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] OMENetworkResolutionImpl - Entered resolveFQDNByResolveConf() - host name: example.com
[WARN ] 2024-01-26 16:58:31.714 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] OMENetworkResolutionImpl - List of IP addresses: [1.2.3.4]
[WARN ] 2024-01-26 16:58:31.714 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] OMENetworkResolutionImpl - Exiting getAllIPsByName()
[ERROR] 2024-01-26 16:58:31.746 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] DirectroyServerManagerImpl - Exception while getting bind DN - null, javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - anonymous bind disallowed]
[ERROR] 2024-01-26 16:58:31.808 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] BusinessMethodExecutor - Failure executing Business method:: com.dell.enterprise.core.business.ldapmgr.dirservice.DirectroyServerManagerImpl.testLDAPAccountProvider
[ERROR] 2024-01-26 16:58:31.808 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] BusinessMethodExecutor - null
[...] (java stack trace)
[ERROR] 2024-01-26 16:58:31.814 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] MCSIActionProcessor - javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - anonymous bind disallowed]
[...] (java stack trace)
[ERROR] 2024-01-26 16:58:31.823 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] ADController - UIC - ADController.testAdConnections(): org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 401: "{"error":{"code":"Base.1.0.GeneralError","message":"A general error has occurred. See ExtendedInfo for more information.","@Message.ExtendedInfo":[{"MessageId":"CSEC5002","RelatedProperties":[],"Message":"Impossible de se connecter au serveur LDAP ou AD, car les informations dauthentification saisies ne sont pas valides.","MessageArgs":[],"Severity":"Critique","Resolution":"Vérifiez que la configuration d'entrée saisie pour le serveur est valide, puis réessayez."}]}}"org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 401: "{"error":{"code":"Base.1.0.GeneralError","message":"A general error has occurred. See ExtendedInfo for more information.","@Message.ExtendedInfo":[{"MessageId":"CSEC5002","RelatedProperties":[],"Message":"Impossible de se connecter au serveur LDAP ou AD, car les informations dauthentification saisies ne sont pas valides.","MessageArgs":[],"Severity":"Critique","Resolution":"Vérifiez que la configuration d'entrée saisie pour le serveur est valide, puis réessayez."}]}}"
[...] (java stack trace)

And indeed, in my ldaps logs I've found connection attemps from openmanage's ip without bind_dn.

It looks like the console either :
- do not use the value from the configuration
- is doing a first connection as anonimous to check if the bind_dn exist

For security reasons, we do not wish to enable anonymous bind on our cluster. How can we get the ldap bind working with the provided bind_dn ?

Regards,
Jean-François

Moderator

 • 

8.4K Posts

January 26th, 2024 21:16

Jean-Francois.GUILAUME,
 
Would you clarify if the results you are seeing are based on using the Test function? I ask as the Test function of LDAP setup can only use the Bind DN. Now if not, then would you reply to the Private Message I sent you with the settings you are using and I can see about testing them for you. 
 
Let me know.
 
 

January 29th, 2024 13:47

Hello,

I'm getting this error both on "Test connection" and when I try to import users from openldap.

I'm testing with both the bind_dn and my account.

Regards,

Jeff

Moderator

 • 

8.4K Posts

January 29th, 2024 20:00

Jeff,

 

Sorry for the delay, but upon extensive testing we can't get it to fail in the way you have it. So there is something either uniquely broken with your appliance or there is a config thing separate from this that triggers it. So what I would recommend is that you call in to the OpenManage team, so that you can show them the issue, and they would have access to review the logs. 

 

 

No Events found!

Top