Discussion:
[Bacula-users] Baculum and LDAP authentication
Daniel Heitepriem
2017-07-21 07:32:42 UTC
Permalink
Hi everyone,

I'm trying to get Baculum to work with LDAP authentication. The basic
authentication when accessing the wizard of a fresh install is working
fine but after completing the wizard I'm stuck as I get the error "Error
6 - authorization to Baculum error." and no error in Apache error log
nor in baculum.dbg Below is my Apache Auth-config for Baculum and the
content of baculum.dbg.

Apache config:
<Directory /opt/baculum>
Order allow,deny
Allow from all
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php/$1 [L]
AuthName "Baculum Auth"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPURL
"ldap://IP:389/ou=staff,ou=people,dc=example,dc=com?uid"
AuthLDAPBindDN "cn=baculum,ou=LDAPauth,dc=example,dc=com"
AuthLDAPBindPassword "SecretPassword"
Require valid-user
LDAPReferrals Off
</Directory>

baculum.dbg:
Jul 21 07:31:52 [Debug] [Application] Command=setUrlParams, Output=

EXECUTE URL ==> http://10.1.10.243:9095/directors?director= <==

, File=/opt/baculum/protected/Class/API.php, Line=138 (line 89,
/opt/baculum/protected/Class/Logging.php)
Jul 21 07:31:53 [Debug] [Application] Command=preParseOutput,
Output={"output":"Problem with authorization to Baculum
WebGUI.","error":6}, File=/opt/baculum/protected/Class/API.php, Line=256
(line 89, /opt/baculum/protected/Class/Logging.php)
Jul 21 07:31:53 [Debug] [Application] Command=preParseOutput,
Output=stdClass Object
(
[output] => Problem with authorization to Baculum WebGUI.
[error] => 6
)
, File=/opt/baculum/protected/Class/API.php, Line=277 (line 89,
/opt/baculum/protected/Class/Logging.php)

Thanks in advance and regards,
Daniel
Marcin Haba
2017-07-21 11:28:21 UTC
Permalink
Hello Daniel,

I think that it isn't possible to use LDAP authentication with the Baculum 7.4.

The Baculum 7.4 uses auth user file (baculum.users) to store users and
this file is used both by web server and the Baculum itself.

In the Baculum version 9.0 there are two baculum.users files: one for
the web GUI and one for the API part. Also the meaning of the
baculum.users file is changed in 9.0 because it is used only by web
server, and the Baculum GUI and Baculum API only enable to save users
to these files.

I think that more possible it could be use LDAP authentication with
the Baculum 9.0 (for Web GUI or API or both) but the important note is
that in 9.0 the restricted consoles support is a bit changed.
Restricted consoles are possible to define for OAuth2 per API client,
but for Basic authentication the restricted consoles are unavailable.

If you don't use restricted consoles then you can try with 9.0
version. Next week should be available binary packages for this
version.

Best regards.
Marcin Haba (gani)

On 21 July 2017 at 09:32, Daniel Heitepriem
Post by Daniel Heitepriem
Hi everyone,
I'm trying to get Baculum to work with LDAP authentication. The basic
authentication when accessing the wizard of a fresh install is working fine
but after completing the wizard I'm stuck as I get the error "Error 6 -
authorization to Baculum error." and no error in Apache error log nor in
baculum.dbg Below is my Apache Auth-config for Baculum and the content of
baculum.dbg.
<Directory /opt/baculum>
Order allow,deny
Allow from all
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php/$1 [L]
AuthName "Baculum Auth"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPURL
"ldap://IP:389/ou=staff,ou=people,dc=example,dc=com?uid"
AuthLDAPBindDN "cn=baculum,ou=LDAPauth,dc=example,dc=com"
AuthLDAPBindPassword "SecretPassword"
Require valid-user
LDAPReferrals Off
</Directory>
Jul 21 07:31:52 [Debug] [Application] Command=setUrlParams, Output=
EXECUTE URL ==> http://10.1.10.243:9095/directors?director= <==
, File=/opt/baculum/protected/Class/API.php, Line=138 (line 89,
/opt/baculum/protected/Class/Logging.php)
Jul 21 07:31:53 [Debug] [Application] Command=preParseOutput,
Output={"output":"Problem with authorization to Baculum WebGUI.","error":6},
File=/opt/baculum/protected/Class/API.php, Line=256 (line 89,
/opt/baculum/protected/Class/Logging.php)
Jul 21 07:31:53 [Debug] [Application] Command=preParseOutput,
Output=stdClass Object
(
[output] => Problem with authorization to Baculum WebGUI.
[error] => 6
)
, File=/opt/baculum/protected/Class/API.php, Line=277 (line 89,
/opt/baculum/protected/Class/Logging.php)
Thanks in advance and regards,
Daniel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
https://lists.sourceforge.net/lists/listinfo/bacula-users
--
"Greater love hath no man than this, that a man lay down his life for
his friends." Jesus Christ

"Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie
za przyjaciół swoich." Jezus Chrystus
Daniel Heitepriem
2017-07-24 07:42:34 UTC
Permalink
Hello Marcin,

thanks for your answer. I tried Baculum 7.4.7 with a plain configuration
and auth user file "baculum.users" but got the same "Error 6". Baculum
9.0.1 is working on the same host without any problems. So it seems like
the problem isn't related to LDAP based authentication.

Regards,
Daniel
Post by Marcin Haba
Hello Daniel,
I think that it isn't possible to use LDAP authentication with the Baculum 7.4.
The Baculum 7.4 uses auth user file (baculum.users) to store users and
this file is used both by web server and the Baculum itself.
In the Baculum version 9.0 there are two baculum.users files: one for
the web GUI and one for the API part. Also the meaning of the
baculum.users file is changed in 9.0 because it is used only by web
server, and the Baculum GUI and Baculum API only enable to save users
to these files.
I think that more possible it could be use LDAP authentication with
the Baculum 9.0 (for Web GUI or API or both) but the important note is
that in 9.0 the restricted consoles support is a bit changed.
Restricted consoles are possible to define for OAuth2 per API client,
but for Basic authentication the restricted consoles are unavailable.
If you don't use restricted consoles then you can try with 9.0
version. Next week should be available binary packages for this
version.
Best regards.
Marcin Haba (gani)
On 21 July 2017 at 09:32, Daniel Heitepriem
Post by Daniel Heitepriem
Hi everyone,
I'm trying to get Baculum to work with LDAP authentication. The basic
authentication when accessing the wizard of a fresh install is working fine
but after completing the wizard I'm stuck as I get the error "Error 6 -
authorization to Baculum error." and no error in Apache error log nor in
baculum.dbg Below is my Apache Auth-config for Baculum and the content of
baculum.dbg.
<Directory /opt/baculum>
Order allow,deny
Allow from all
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php/$1 [L]
AuthName "Baculum Auth"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPURL
"ldap://IP:389/ou=staff,ou=people,dc=example,dc=com?uid"
AuthLDAPBindDN "cn=baculum,ou=LDAPauth,dc=example,dc=com"
AuthLDAPBindPassword "SecretPassword"
Require valid-user
LDAPReferrals Off
</Directory>
Jul 21 07:31:52 [Debug] [Application] Command=setUrlParams, Output=
EXECUTE URL ==> http://10.1.10.243:9095/directors?director= <==
, File=/opt/baculum/protected/Class/API.php, Line=138 (line 89,
/opt/baculum/protected/Class/Logging.php)
Jul 21 07:31:53 [Debug] [Application] Command=preParseOutput,
Output={"output":"Problem with authorization to Baculum WebGUI.","error":6},
File=/opt/baculum/protected/Class/API.php, Line=256 (line 89,
/opt/baculum/protected/Class/Logging.php)
Jul 21 07:31:53 [Debug] [Application] Command=preParseOutput,
Output=stdClass Object
(
[output] => Problem with authorization to Baculum WebGUI.
[error] => 6
)
, File=/opt/baculum/protected/Class/API.php, Line=277 (line 89,
/opt/baculum/protected/Class/Logging.php)
Thanks in advance and regards,
Daniel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
https://lists.sourceforge.net/lists/listinfo/bacula-users
Loading...