AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Duo authentication proxy 2.4.171/16/2024 ![]() It didn't work, gives 0 users and an error me Hi I have recently installed lldap in Hi, I have recently installed lldap in docker. FYI: Trying out auto-threading to keep each support discussion in its own thread FireShare let's talk about fireShare here NextCloud memberOf Hi, I pulled the new image and tried the filter again. It appears proxmox or lldap don't seem t FYI: Trying out auto-threading to keep each sup. Hello all, wanted to seek some guidance on my LDAP queries. regarding VMware vcenter: I see in the logs lots of root dse requests, where VMware is query Hello all, wanted to seek some guidance on my L. ![]() Uncomm regarding VMware vcenter: I see in the. I would say everything looks fine in my config file:ġ. Come on, guys, we have threads here! I'll move your messages to the thread hardypart - Can't log in after initial setup. "You can use the re nitnelave - Come on, guys, we have threads here. hello i am try to use the refresh token to get another JWT , Homura_left_得得B - hello i am try to use the ref. Would you think it's also worth adding a section for those who need to use LDAP for certain edge cases? If you do, I wouldn't mind writing something up and sending it to you. ![]() I know that in your homeassistant example you have people targeting the graphql API (and that may be the prefered way). : | resolved_attributes: Īlso set BaseDN to "ou=people,dc=example,dc=com" and the event Ignoring unknown group attribute ""memberof"" in filter stops showing up in the logs.ĭoes still show Ignoring unknown user attribute "objectcategory" in filter and Ignoring unrecognized group attribute: objectsid, but whatever □ LDAPMessage(id=3, value=LDAPSearchRequest(baseObject=b'ou=people,dc=example,dc=com', scope=2, derefAliases=3, sizeLimit=0, timeLimit=0, typesOnly=0, filter=LDAPFilter_and(value=), attributes=), controls=None) Safe_username = escape_filter_chars(os.environ)įILTER = f"(&(uid=)(memberOf=cn=ha_rw,ou=groups,dc=example,dc=com))" Thank - hey, just wanted to let you know that with the right filter in place I got it to work. (memberOf=CN=ha_hw,ou=groups,dc=example,dc=com)Īny idea what the filter should look like? (running lldap 0.5.1-alpha). (memberOf=CN=Home Assistant,OU=Security Groups,OU=Accounts,DC=ad,DC=example,DC=com)Īnd that's what I've attempted to change it to. ![]() This is the original filter in the script (basically for AD): But it must work because DUO is also pulling a memberof query to allow certain LLDAP users through and that's not generating a log entry on the LLDAP server. I thought memberof was a person attribute so I loaded up an LDAP browser (Apache DS) but can't find the attribute on either groups or people. I've tried a bunch of flavors for the filter, but the lldap log continues to throw : Ignoring unknown group attribute ""memberof"" in filter messages. It's working beautifully using a a custom auth provider for HA (python script using ldap3 library: ), but the only thing I can't get right is the filter so that only members of a group cn=ha_rw,ou=groups,dc=example,dc=com can authenticate. I can't use the example config as I'm using HA > LDAP > DUO > LDAP > LLDAP. Hi □ I'm running homeassistant (HA), lldap and the cisco duo authentication proxy (DUO) on k8s.
0 Comments
Read More
Leave a Reply. |