LDAP configuration issues

smith8dm · March 22, 2019, 8:07pm

My LDAP users cannot authenticate, I have followed the FAQ sections and instructions on PAM configurations and integration of LDAP and still this is not working. Please let me know what I need to produce for your solution. I will add what I think you will ask for:

pamtester: For an LDAP user ID:

/usr/lib/rstudio-server/bin/pamtester --verbose rstudio ruser09 authenticate acct_mgmt
pamtester: invoking pam_start(rstudio, ruser09, ...)
pamtester: performing operation - authenticate
pamtester: User not known to the underlying authentication module
[root@ndwrserver bin]#

[root@ndwrserver bin]# cd /etc/pam.d
[root@ndwrserver pam.d]# cat rstudio
#%PAM-1.0
auth      requisite      pam_succeed_if.so uid >= 500 quiet
auth      required       pam_unix.so nodelay

account   required       pam_unix.so
[root@ndwrserver pam.d]#

For a local user ID:

[root@ndwrserver pam.d]# !1148
/usr/lib/rstudio-server/bin/pamtester --verbose login ruser08 authenticate acct_mgmt
pamtester: invoking pam_start(login, ruser08, ...)
pamtester: performing operation - authenticate
Password:
pamtester: successfully authenticated
pamtester: performing operation - acct_mgmt
pamtester: Authentication service cannot retrieve authentication info
[root@ndwrserver pam.d]#

And on the web-site no users can login now.

[root@ndwrserver rstudio]# cat rserver.conf
# Server Configuration File:
# crafted by Smitty
# Fri Feb  1 08:46:51 EST 2019
#
# settings from the installation instructions:
# smitty
# admin configs:
admin-enabled=1
admin-group=wheel,rstudio-admins
admin-monitor-log-use-server-time-zone=1
# server, logging:
# /var/log/rstudio-server/rserver-http-access.log
admin-superuser-group=rstudio-superuser-admins
audit-r-console=all
audit-r-console-user-limit-mb=100
audit-r-sessions=1
audit-r-sessions-limit-mb=2048
server-health-check-enabled=1
# rserver confs:
#  RSERVER confs: non-ssl
www-address=192.168.30.125
www-port=8010
server-access-log=1
rsession-ld-library-path=/usr/lib:/usr/lib64:/lib:~/lib:~/R/lib
rsession-which-r=/bin/R
# end users MUST be in the following user-group
auth-required-user-group=rstudio-users

The ldapsearch command works for the user but getent will not:

[root@ndwrserver rstudio]# getent passwd ruser09
[root@ndwrserver rstudio]# getent shadow ruser09
[root@ndwrserver rstudio]# getent group ruser09

[root@ndwrserver rstudio]# ldapsearch -v -p 1389 -h ndwLDAP -D "cn=directory manager" "(cn=ruser09)" -W
ldap_initialize( ldap://ndwLDAP:1389 )
Enter LDAP Password:
filter: (cn=ruser09)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (cn=ruser09)
# requesting: ALL
#

# ruser09, People, ngd.com
dn: uid=ruser09,ou=People,dc=ngd,dc=com
userPassword:: e1NTSEE1MTJ9cklFc2dkVGZIM00va3hjSG5MbEpqMHRtdE90aytPODRQQ3draG9
 VZEU3Y1BWeWVyZ2l0Vi9Sb3ZQclFlV3pkWG5Qd1pmcW1MU2haMERqeHdKL2ZKNUJ2Q0JEZlUzb3dK
givenName: ruser09
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
uid: ruser09
displayName: ruser09
cn: ruser09
sn: ruser09

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@ndwrserver rstudio]#

Any help will be appreciated.
Thanks Smitty

cole · March 28, 2019, 2:30am

Sorry for the delay responding to this! What product are you working with? RStudio Server Pro, it looks like? This is probably a better question for our professional support channel at support.rstudio.com or emailing support@rstudio.com.

EconomiCurtis · March 28, 2019, 4:51am

Since this issue appears to be connected to an RStudio Pro product, we are going to refer it to premium support (https://support.rstudio.com/hc/en-us/requests/new)

Should a generalizable solution be reached we'll be sure to return here and share that.

system · August 10, 2019, 11:25pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.