You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@vcl.apache.org by Scania 2019 <cr...@gmail.com> on 2020/09/08 12:10:46 UTC
Request for authentication config using Active Directory
Good day,
I would like to authenticate VCL users using Active Directory.
Kindly assist me with instructions to achieve this. The ones I have seen on
the VCL website are not clear to me.
Regards,
CS
Re: Request for authentication config using Active Directory
Posted by Josh Thompson <jo...@ncsu.edu>.
Hi CS,
I don't have a list of instructions specific to AD.
a) Your Active Directory server has an SSL certificate it uses to encrypt LDAP
connections. That SSL certificate will have been signed by a root level
certificate - either from a public certificate authority (CA), in which case
you would have submitted a certificate signing request (CSR) to the CA, or
from a root level certificate you've generated for your AD site. If you are
using a certificate signed by a public CA, you shouldn't need to install
anything on your web server. If you are using a certificate signed by a root
level certificate you've generated, you'll need to install that root level
certificate to your web server, and possibly any intermediate certificates
between the root certificate and the one used for LDAP. I've never run an AD
server. So, I can't explain where you'd find the root level certificate or
how you would export it. Once you do get it exported, you'd install it on the
web server as is explained on our documentation page.
Alternatively, you can configure your web server not to validate the
certificate (though with less security) by setting "TLS_REQCERT never" in
/etc/openldap/ldap.conf (you'll need to restart httpd after making changes to
ldap.conf).
b) If everything is correct in the query you listed, it should work. I'm
thinking the single quotes around UDB may not be the correct quotes. It
should be the single quote key that also has the double quote on it when
shifted.
Josh
On Sunday, September 13, 2020 3:15:48 PM EDT Scania 2019 wrote:
> Hi Josh,
>
> The instructions on https://vcl.apache.org/docs/ldapauth.html apply to both
> LDAP and Active Directory authentication. With no previous experience
> working with LDAP, and I'm having trouble separating what applies to LDAP
> and Active Directory.
>
> It would have been great to have specific steps just for AD similar to the
> format you gave me for the initial VCL installation in a single host, which
> was a breeze.
>
> However, questions I have are as follows:
>
> a.) For Active Directory authentication, do I still require to install an
> SSL certificate in my VCL Web Server? If yes, I should also install the
> same SSL cert on my Active Directory server?
>
> b.) As per https://vcl.apache.org/docs/ldapauth.html I have done *mysql
> vcl*, then *INSERT INTO affiliation (name) VALUES (‘UDB’);*
> - I got: *ERROR 1054 (42S22): Unknown column '‘UDB’' in 'field list'*
> - I repeated the *INSERT INTO* command without *(name)* and got the
> same error
>
> Please assist on the above.
>
> Regards,
> CS
>
> On Wed, 9 Sep 2020 at 15:12, Josh Thompson <jo...@ncsu.edu> wrote:
> > Hi CS,
> >
> > Authenticating VCL users using Active Directory is done via LDAP. The
> > steps
> > to set that up are on our documentation page on using LDAP for
> > authentication:
> >
> > https://vcl.apache.org/docs/ldapauth.html
> >
> > Can you ask some specific questions on which steps you don't understand?
> >
> > Thanks,
> > Josh
> >
> > On Tuesday, September 8, 2020 8:10:46 AM EDT Scania 2019 wrote:
> > > Good day,
> > >
> > > I would like to authenticate VCL users using Active Directory.
> > >
> > > Kindly assist me with instructions to achieve this. The ones I have seen
> >
> > on
> >
> > > the VCL website are not clear to me.
> > >
> > > Regards,
> > > CS
> >
> > --
> > -------------------------------
> > Josh Thompson
> > Systems Programmer
> > Virtual Computing Lab (VCL)
> > North Carolina State University
> >
> > Josh_Thompson@ncsu.edu
> > 919-515-5323
> >
> > my GPG/PGP key can be found on pool.sks-keyservers.net
> >
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
--
-------------------------------
Josh Thompson
Systems Programmer
Virtual Computing Lab (VCL)
North Carolina State University
Josh_Thompson@ncsu.edu
919-515-5323
my GPG/PGP key can be found on pool.sks-keyservers.net
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
Re: Request for authentication config using Active Directory
Posted by Scania 2019 <cr...@gmail.com>.
Hi Josh,
The instructions on https://vcl.apache.org/docs/ldapauth.html apply to both
LDAP and Active Directory authentication. With no previous experience
working with LDAP, and I'm having trouble separating what applies to LDAP
and Active Directory.
It would have been great to have specific steps just for AD similar to the
format you gave me for the initial VCL installation in a single host, which
was a breeze.
However, questions I have are as follows:
a.) For Active Directory authentication, do I still require to install an
SSL certificate in my VCL Web Server? If yes, I should also install the
same SSL cert on my Active Directory server?
b.) As per https://vcl.apache.org/docs/ldapauth.html I have done *mysql vcl*,
then *INSERT INTO affiliation (name) VALUES (‘UDB’);*
- I got: *ERROR 1054 (42S22): Unknown column '‘UDB’' in 'field list'*
- I repeated the *INSERT INTO* command without *(name)* and got the
same error
Please assist on the above.
Regards,
CS
On Wed, 9 Sep 2020 at 15:12, Josh Thompson <jo...@ncsu.edu> wrote:
> Hi CS,
>
> Authenticating VCL users using Active Directory is done via LDAP. The
> steps
> to set that up are on our documentation page on using LDAP for
> authentication:
>
> https://vcl.apache.org/docs/ldapauth.html
>
> Can you ask some specific questions on which steps you don't understand?
>
> Thanks,
> Josh
>
> On Tuesday, September 8, 2020 8:10:46 AM EDT Scania 2019 wrote:
> > Good day,
> >
> > I would like to authenticate VCL users using Active Directory.
> >
> > Kindly assist me with instructions to achieve this. The ones I have seen
> on
> > the VCL website are not clear to me.
> >
> > Regards,
> > CS
> --
> -------------------------------
> Josh Thompson
> Systems Programmer
> Virtual Computing Lab (VCL)
> North Carolina State University
>
> Josh_Thompson@ncsu.edu
> 919-515-5323
>
> my GPG/PGP key can be found on pool.sks-keyservers.net
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
Re: Request for authentication config using Active Directory
Posted by Josh Thompson <jo...@ncsu.edu>.
Hi CS,
Authenticating VCL users using Active Directory is done via LDAP. The steps
to set that up are on our documentation page on using LDAP for authentication:
https://vcl.apache.org/docs/ldapauth.html
Can you ask some specific questions on which steps you don't understand?
Thanks,
Josh
On Tuesday, September 8, 2020 8:10:46 AM EDT Scania 2019 wrote:
> Good day,
>
> I would like to authenticate VCL users using Active Directory.
>
> Kindly assist me with instructions to achieve this. The ones I have seen on
> the VCL website are not clear to me.
>
> Regards,
> CS
--
-------------------------------
Josh Thompson
Systems Programmer
Virtual Computing Lab (VCL)
North Carolina State University
Josh_Thompson@ncsu.edu
919-515-5323
my GPG/PGP key can be found on pool.sks-keyservers.net
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.