You are not logged in.

Announcement

Bonjour, avant de poster, merci de vérifier que vous avez respecté les pré-requis de l'installation et consultez notre documentation : http://docs.blue-mind.net !

Hi, before posting on the forum, please check that you followed installation prerequisites and get a look to our documentation space : http://docs.blue-mind.net

#1 2015-12-04 04:01:31

jvits
Member
Registered: 2015-12-02
Posts: 4

Export LDAP plugin issue

Hello,
I am trying to use the Export LDAP plugin. After i install it and restart, i get the error message "error tagging as directory/bm-master" when trying to enable it from the server roles. Is there a step I am missing to use the ldap server?

Thank you

Offline

#2 2015-12-04 09:55:34

Toony
BlueMind Team
From: Toulouse
Registered: 2012-03-29
Posts: 1,821
Website

Re: Export LDAP plugin issue

Did you install bm-ldap-role package on target LDAP host ?

Else, what's the message in bm-core log /var/log/bm/core.log ?

Offline

#3 2015-12-06 00:26:34

jvits
Member
Registered: 2015-12-02
Posts: 4

Re: Export LDAP plugin issue

I installed the bm-ldap-role on the host, here is the error from core.log:

net.bluemind.core.api.fault.ServerFault: net.bluemind.core.api.fault.ServerFault: Fail to authenticate to LDAP server: 192.168.4.10
    at net.bluemind.system.ldap.LdapHelper.connectLdap(LdapHelper.java:103) ~[na:na]
    at net.bluemind.system.ldap.LdapHelper.connectConfigDirectory(LdapHelper.java:69) ~[na:na]
    at net.bluemind.system.ldap.LdapHook.initLdapTree(LdapHook.java:165) ~[na:na]
    at net.bluemind.system.ldap.LdapHook.onHostTagged(LdapHook.java:141) ~[na:na]
    at net.bluemind.core.handler.host.impl.TagTask.runUnsafe(TagTask.java:65) ~[na:na]
    at net.bluemind.core.handler.host.impl.SilentTask.run(SilentTask.java:56) ~[na:na]
    at net.bluemind.core.taskref.TaskBindingImpl$1.run(TaskBindingImpl.java:93) [net.bluemind.core_1.0.0.b13625.jar:na]
    at java.lang.Thread.run(Thread.java:745) [na:1.7.0_60]
Caused by: net.bluemind.core.api.fault.ServerFault: Fail to authenticate to LDAP server: 192.168.4.10
    at net.bluemind.system.ldap.LdapHelper.connectLdap(LdapHelper.java:99) ~[na:na]
    ... 7 common frames omitted

in var/log/syslog, there is the error

"slapd[10144]: SASL [conn=1000] Failure: cannot connect to saslauthd server: Permission denied

running on Ubuntu 14.04 LTS if that makes any difference

Offline

#4 2015-12-10 20:31:35

Toony
BlueMind Team
From: Toulouse
Registered: 2012-03-29
Posts: 1,821
Website

Re: Export LDAP plugin issue

Strange... I need to test, but it seems that your LDAP server can't contact ynsp which is installed by bm-ldap-role.

Is there something in the ysnp log on LDAP host ?
Can you run on LDAP host:

# ls -ld /var/run/saslauthd
# ls -al /var/run/saslauthd

Offline

#5 2015-12-11 02:07:16

jvits
Member
Registered: 2015-12-02
Posts: 4

Re: Export LDAP plugin issue

the out put of those commands is
# ls -ld /var/run/saslauthd
lrwxrwxrwx 1 root root 36 Dec  9 14:26 /var/run/saslauthd -> /var/spool/postfix/var/run/saslauthd
# ls -al /var/run/saslauthd
lrwxrwxrwx 1 root root 36 Dec  9 14:26 /var/run/saslauthd -> /var/spool/postfix/var/run/saslauthd

the ysnp log shows normal user logins, but there is nothing about the ldap login. Is there any configuration that I should have done in addition to installing bm-ldap-role and bm-core-ldap-export on my bluemind host?

Last edited by jvits (2015-12-11 02:07:27)

Offline

#6 2015-12-11 11:53:47

Toony
BlueMind Team
From: Toulouse
Registered: 2012-03-29
Posts: 1,821
Website

Re: Export LDAP plugin issue

No, all the needed configuration must be done by BlueMind itself.

Is your LDAP installed on your BlueMind host or is it a separated host ?

Sorry, but I make a mistake on the second command, can you run:

# ls -ltr /var/run/saslauthd/

Offline

#7 2015-12-12 22:13:13

jvits
Member
Registered: 2015-12-02
Posts: 4

Re: Export LDAP plugin issue

when i run # ls -ltr /var/run/saslauthd/ it returns permission denied,
With sudo this is the output:
total 0
srwxrwxrwx 1 root root 0 Dec 10 19:17 mux

I am running everything on one host right now, so bluemind and ldap are on the same host

Offline

#8 2015-12-24 17:44:19

Toony
BlueMind Team
From: Toulouse
Registered: 2012-03-29
Posts: 1,821
Website

Re: Export LDAP plugin issue

It seems that apparmor denied access to saslauthd socket.

Is it better after running:

# sudo service apparmor teardown

I open a ticket in BlueMind forge.

You can create file /etc/apparmor.d/disable/usr.sbin.slapd to disable apparmor only for slapd service

Offline

#9 2016-04-11 12:14:43

Maestrie
Member
Registered: 2016-03-30
Posts: 16

Re: Export LDAP plugin issue

hello everyone, is there a solution on that problem, I tried to deactivate the apparmor service, but it's unrecognized.

thanks for the reply!

Offline

#10 2016-04-11 14:20:17

Toony
BlueMind Team
From: Toulouse
Registered: 2012-03-29
Posts: 1,821
Website

Re: Export LDAP plugin issue

The problem was fixed on BlueMind 3.0.28 and greater.

Are you sure that it's the same problem ?
Do you use Ubuntu 14.04 ? Does /etc/apparmor.d/disable/usr.sbin.slapd exist ?

Offline

#11 2016-04-11 15:52:38

Maestrie
Member
Registered: 2016-03-30
Posts: 16

Re: Export LDAP plugin issue

I'm in version 3.0.30, I installed the server on debian 8u3, and the /etc/apparmor.d/disable/usr.sbin.slapd does not exist.

I have the exact same message : "error tagging as directory/bm-master" while i'm trying to activate the ldap role.

is there only one plugin to install for export, or two? I just found a topic that speak about the "bm-ldap-role"
and the "bm-plugin-core-ldap-export" plugin,

i only have the export one is that the possible solution?

thanks for the reply

Offline

#12 2016-04-11 16:26:11

Toony
BlueMind Team
From: Toulouse
Registered: 2012-03-29
Posts: 1,821
Website

Re: Export LDAP plugin issue

Apparmor is supported only on Ubuntu 14.04 for now, so if you use it on Debian, you must create /etc/apparmor.d/disable/usr.sbin.slapd manually and restart apparmor as explain there, or remove apparmor.

You can create a bug in our jira too.


There is only one plugin to export BlueMind account into LDAP, it's bm-plugin-core-ldap-export.

Package bm-ldap-role may be used to install all needed dependencies on server you plan to use to run LDAP service.
LDAP service can run on a separated server or directly on BlueMind server.

Offline

#13 2016-04-11 16:36:39

Maestrie
Member
Registered: 2016-03-30
Posts: 16

Re: Export LDAP plugin issue

okay, thanks for your answer.

is it necessary to disable apparmor?

in fact, I don't know what is apparmor for, so if I don't have to use it, its better

Last edited by Maestrie (2016-04-11 16:37:45)

Offline

#14 2016-04-11 16:45:39

Toony
BlueMind Team
From: Toulouse
Registered: 2012-03-29
Posts: 1,821
Website

Re: Export LDAP plugin issue

AppArmor is a kernel security like SELinux.

BlueMind don't need it to run.
If you don't know what it's and don't master it's management, it's better to remove/disable it for now.

Offline

#15 2016-04-11 16:55:08

Maestrie
Member
Registered: 2016-03-30
Posts: 16

Re: Export LDAP plugin issue

Okay thanks a lot.

I installed the role bm-ldap-role, and managed to activate the export role.

thanks for your help and informations

Offline

Board footer

Powered by FluxBB