Ralph Asset Management System - User Group

Add LDAP authentication

Is there a package to install from RALPH repo for Ubuntu that automatically downloads all the requirements/*.txt and all the dependancies to allow us to follow the instructions as per in

https://ralph-ng.readthedocs.io/en/stable/installation/configuration/#LDAP Authentication

So far I had to manually install:
apt -get install build-essential
apt -get install autoconf
apt -get install libtool
apt -get install pkg-config

and I am manually copying all *.txt requirement files

Thanks
Rosario

After manually adding all requirements and executing pip install -r prod_ldap.txt I get

In file included from Modules/LDAPObject.c:3:0:
Modules/common.h:9:10: fatal error: Python.h: No such file or directory
#include “Python.h”
^~~~~~~~~~
compilation terminated.
error: command ‘x86_64-linux-gnu-gcc’ failed with exit status 1

Any idea how to fix it?
Shall I run

apt-get install python

could this mess up with the python installed under /opt?

Thanks
Rosario

@romcheg I think we should ship AD integration by default - it’s the most #1 requested plugin.
How can we do it?

Just let’s not forget to run all the necessary scripts at the next update…

Its any place where i can find a guide to enable LDAP in new installation for ralph?

Hi Marcin, any update on this?

Currently - it’s possible, but not so easy to install, since we don’t ship auth_ldap python package in mainstream package. You need to install it alongside the package. The good part is - we plan to change this, to include it in one ralph distribution.

If you’re willing to configure it anyway, there is description on the main gitter channel

:point_up: May 30, 2019 1:31 PM

and there is technical tutorial here: https://ralph-ng.readthedocs.io/en/stable/installation/configuration/.

Install python3.6-dev.

I also tried to make LDAP work. I got to the point where ralphctl ldap_sync gets me this error in ralph.log:

ldap_sync - LDAP::check_settings_existence Setting AUTH_LDAP_SERVER_URI is not provided

I have ldap.conf in /etc/ralph/conf.d with:

AUTH_LDAP_SERVER_URI="ldap://172.xxx:389"
#AUTH_LDAP_PROTOCOL_VERSION = '3'
#AUTH_LDAP_USER_USERNAME_ATTR = "sAMAccountName"
AUTH_LDAP_BIND_DN='xxx'
AUTH_LDAP_BIND_PASSWORD='xxx'
AUTH_LDAP_USER_SEARCH_BASE='xxx'
AUTH_LDAP_USER_FILTER='(&(objectCategory=Person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
AUTH_LDAP_USER_ATTR_MAP='{"first_name": "givenName", "last_name": "sn", "email": "mail"}'
#AUTH_LDAP_GROUP_MAPPING='{"CN=...,OU=...,...": "active"}'

# 1.2.840.113556.1.4.1941 is a weird number from LDAP documentation
#AUTH_LDAP_NESTED_FILTER='(memberOf:1.2.840.113556.1.4.1941:={})'

#AUTH_LDAP_NESTED_GROUPS='JUST LIKE AUTH_LDAP_GROUP_MAPPING'
AUTH_LDAP_ALWAYS_UPDATE_USER=1

xxx are masked values.
Any ideas?

Hi Arek, have you solved the issue?

Just an idea, if you look at https://django-auth-ldap.readthedocs.io/en/latest/authentication.html

it puts spaces before and after the ‘=’ symbol… maybe the parsing of the config file requires those spaces?

Hey Rosario, no the doc is wrong. There should be no spaces. There’s a reason why variables have underscores in names :wink:
With spaces you’ll get:

/etc/ralph/conf.d/ldap.conf: line 1: AUTH_LDAP_SERVER_URI: command not found

There’s sanity check in /opt/ralph/ralph-core/lib/python3.6/site-packages/ralph/accounts/management/commands/ldap_sync.py

    def check_settings_existence(self):
        """Check if all needed settings are defined in settings.py"""
        options = [
            'AUTH_LDAP_SERVER_URI',
            'AUTH_LDAP_USER_SEARCH_BASE',
            'AUTH_LDAP_USER_USERNAME_ATTR',
            'AUTH_LDAP_PROTOCOL_VERSION',
            'AUTH_LDAP_BIND_DN',
            'AUTH_LDAP_BIND_PASSWORD',
        ]
        for option in options:
            if not hasattr(settings, option):
                logger.error((
                    'LDAP::check_settings_existence\tSetting {} is not provided'
                ).format(option))
                sys.exit(1)

If I comment it out I get:

Traceback (most recent call last):
  File "/opt/ralph/ralph-core/bin/ralph", line 10, in <module>
    sys.exit(prod())
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/ralph/__main__.py", line 28, in prod
    main('ralph.settings.prod')
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/ralph/__main__.py", line 14, in main
    execute_from_command_line(sys.argv)
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/django/core/management/__init__.py", line 354, in execute_from_command_line
    utility.execute()
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/django/core/management/__init__.py", line 346, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/django/core/management/base.py", line 394, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/django/core/management/base.py", line 445, in execute
    output = self.handle(*args, **options)
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/ralph/accounts/management/commands/ldap_sync.py", line 271, in handle
    synced = self.populate_users()
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/ralph/accounts/management/commands/ldap_sync.py", line 277, in populate_users
    for user_dn, ldap_dict in self._get_users():
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/ralph/accounts/management/commands/ldap_sync.py", line 187, in _run_ldap_query
    with LDAPConnectionManager() as conn:
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/ralph/accounts/management/commands/ldap_sync.py", line 41, in __init__
    self.conn = ldap.initialize(settings.AUTH_LDAP_SERVER_URI)
  File "/opt/ralph/ralph-core/lib/python3.6/site-packages/django/conf/__init__.py", line 49, in __getattr__
    return getattr(self._wrapped, name)
AttributeError: 'Settings' object has no attribute 'AUTH_LDAP_SERVER_URI'

@rdarioc did you manage to run LDAP?

Hi Marcin,

any progress on having LDAP packages shipped with your mainstream package for an easy way to enable LDAP authentication on RALPH?

Thank you