How to debug OpenLDAP



  • Hello Veyon team,
    I am trying to get Veyon running with FreeIPA as LDAP source. It works so far, but I have the problem that he can not resolve the "group members". With OpenLDAP there should be members as key. But unfortunately I always get an error message. And the user gets the message that he is not authorized, although he is in the appropriate group.

    Unfortunately I did not manage to set the logging to see what he is trying to do to fix my error. Can you please help me?

    Many greetings
    Andreas

    Paulinenpflege Winnenden e.V.



  • @DerAndyK what user is the user logging in as on the client to access ldap?
    Docs suggest to create a read only user that client use to access ldap.
    Have you tried using ldapaearch or a GUI and bind to the user you use for ldap and see what errors you get?
    Some ldap systems don't store the group membership with the user. Where are you attempting to get group membership from and what attributes are you defining in veyon?
    An ldif file and/or screenshots would help of both your ldap layout and the client errors etc.



  • This is what I have setup for OpenLDAP, if it helps.

    In OpenLDAP it uses multiple memberUid's for members of groups.

    ldap-group-membership.png

    These setting seem to work with my limited testing and knowledge.

    veyon-env-settings.png

    I changed the group member identification and filtered objects on the different OU's and then used the test to ensure I got back the right objects.

    veyon-advanced-settings.png


Log in to reply