|
From: | Christoph H. Larsen |
Subject: | Re: [Health] LDAP Support in GNU Health Running Tryton 3.4 |
Date: | Fri, 9 Sep 2016 13:40:40 +0300 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.1.0 |
Dear All, I have tested further, and have the feeling that this is not an
issue with the configuration settings inside trytond.conf, but due
to the fact that trytond does not pass on the LDAP request to my
LDAP server. I can telnet into the LDAP server on both port 389 ad 636. I have set up the LDAP client.conf rounitnely, and if I had not, I would probably get TLS errors, but not - - - nothing. I receive an error message from within trytond as: Fri Sep 09 10:34:19 2016] INFO:trytond.protocols.dispatcher:bad login or password '[login.name]' from 127.0.1.105:14103 using JSON-RPC on database 'trytond_health_mmc_test' But the log of the OpenLDAP server remains silent in response to this request, yet is sings out, if I telnet from the same trytond server into my ldap server. I can only conclude that the py-ldap module does not do what it is supposed to do. Does trytond demand SASL? I do not have this, which is why I installed py-ldap from ports to avoid the SASL overhead. TLS is fine instead for me :-). Any ideas? There must be a silly error, missing (silent)
component or what-not... Chris On 07/09/16 17:07, Luis Falcon wrote:
Hi Chris ! On Wed, 7 Sep 2016 16:34:46 +0300 "Christoph H. Larsen" <address@hidden> wrote:Thanks a lot, Luis! I have the stupid feeling that trytond does not establish any connection to the LDAP infrastructure at all. Even with wrong authentication settings, there should be something coming up in the slapd log... but no. I have, in the same envirinment, other apps running using the same LDAP server without problems. So, I feel that there may be an issue with the trytond installation, but I fail to put my finger on it, because the logs are - - - silent.Yes... you definitely should get a response from openldap. Since I have to update the central authentication / ldap chapter, I will try to put the relevant bits of documentation . I will look for some room in these days and it should be up by Friday. Bests Luispy-ldap it is, isn't it? Not yet py-ldap3?That should be for upcoming GNU Health 3.2, which will be Python3 compatible. BestsAny ideas, hunches, whatever? Thanks a lot, Chris On 07/09/16 14:36, Luis Falcon wrote:Hi Chris ! On Mon, 5 Sep 2016 20:25:30 +0300 "Christoph H. Larsen" <address@hidden> wrote:Dear All, I have the task to convert a GNU Health instance sitting on top of Tryton 3.4 to user authentication by OpenLDAP. I understand that this is the first version, where Trytron left the two-module GUI configuration game.Yes. Module ldap_connection was dropped in 3.4, and the connection info are now entries in the trytond.conf The information on the Wikibook still reflects the pre-3.4 config for tryton, but the slap configuration is just fine, so you might want to check it[1] . We already have a task to update it :) Here's one example from Joe's trytond.conf : [ldap_authentication] # The URI to connect to the LDAP server. uri = ldap://<your_ldap_server_ip>/ou=people,dc=gnuhealth,dc=org?objectClass?onelevel Also, here are params for ldap_authentication[2] 1.- https://en.wikibooks.org/wiki/GNU_Health/Central_Authentication 2.- http://doc.tryton.org/3.4/modules/ldap_authentication/doc/index.html#uid Hope it helps Bests -- Dr Christoph H. Larsen synaLinQ 296/33 Lương Định Của, Ngọc Hội 2, Vĩnh Ngọc Nha Trang, Khánh Hòa, Việt Nam Mobile: +84-98-9607357 (Vietnam) +254-776-588224, +254-701-279511 (Kenya) +256-778-121305 (Uganda) +49-176-96456254 (Germany) Fax: +49-231-292734790 E-mail: address@hidden Skype: christoph.larsen |
[Prev in Thread] | Current Thread | [Next in Thread] |