https://tracker.ceph.com/https://tracker.ceph.com/favicon.ico2018-09-20T18:11:54ZCeph rgw - Bug #35988: RGW Ldap Authorization failshttps://tracker.ceph.com/issues/35988?journal_id=1211002018-09-20T18:11:54ZMatt Benjaminmbenjamin@redhat.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>Assignee</strong> set to <i>Matt Benjamin</i></li></ul><p>Hi Warren,</p>
<p>Ok, actually this looks like RGW isn't attempting to use the ExternalAuthStrategy. It does look like you proved the ldap search creds are good, the bind creds might not be, but I would not assume that.</p>
<p>Matt</p> rgw - Bug #35988: RGW Ldap Authorization failshttps://tracker.ceph.com/issues/35988?journal_id=1288762019-02-06T15:08:41ZBernhard Krieger
<ul></ul><p>Matt Benjamin wrote:</p>
<blockquote>
<p>Hi Warren,</p>
<p>Ok, actually this looks like RGW isn't attempting to use the ExternalAuthStrategy. It does look like you proved the ldap search creds are good, the bind creds might not be, but I would not assume that.</p>
<p>Matt</p>
</blockquote>
<p>Running into same issue (13.2.4 CentOS7)<br />Cred and filter are correct. Bind to ldap is working when rgw starts.</p>
<p>I did a tcpdump.<br />Rgw didnt make a user lookup to the ldap server when a s3client is connecting to rgw instance.</p> rgw - Bug #35988: RGW Ldap Authorization failshttps://tracker.ceph.com/issues/35988?journal_id=1288772019-02-06T15:22:04ZMatt Benjaminmbenjamin@redhat.com
<ul></ul><p>Warren's issue turned out to be internal iiuc, but perhaps Warren, you can comment?</p>
<p>In my experience w/Centos, RHEL, this would most likely be related to TLS cert verification, and I'd suggest experimentally disabling it to find out.</p>
<p>regards,</p>
<p>Matt</p>