Landscape AD integration fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Landscape Charm |
New
|
Undecided
|
Unassigned |
Bug Description
Below procedure was applied on landscape server to enbale LDAP integration. This is effecting current deployment in customer production environment.
To enable the AD Integration ssh to the Landscape-server machine:
$ juju ssh landscape-server/0
During the libpam-ldap installation, the package prompts for the Ldap server uri in ALL UPPERCASE. For example, enter ldaps:/
$ sudo apt install libpam-ldap -y
Repeated the same step for the landscape-servers 1 and 2.
On the controller node run this script to edit the ldap config on every node:
$ export PASSWORD=<ldap account pwd>
$ for i in {0..2}; do juju run --unit landscape-server/$i "
sudo tee /etc/ldap.conf << EOF
base dc=vinfra,dc=tech
uri ldaps:/
ldap_version 3
binddn svc1_ubls_ldap
bindpw ${PASSWORD}
scope sub
pam_filter |(memberOf=
pam_login_attribute sAMAccountName
pam_password ad
ssl on
EOF"; juju run --unit landscape-server/$i "sudo systemctl daemon-reload; sudo systemctl restart libnss-
Now create the file /etc/pam.
$ for i in {0..2}; do juju run --unit landscape-server/$i "
sudo tee /etc/pam.
#%PAM-1.0
auth required pam_ldap.so
account required pam_ldap.so
EOF"; done
You should be able to see the Landscape login page with appropriate PAM fields:
>> With this procedure LDAP users were not able to log-in to Landscape, no errors in /var/log/syslog. Landscape UI returns Invalid credentials
landscape-version , Rev: 111 , channel = latest/stable , ppa:landscape/