Overview
In this article we will go over troubleshooting LDAP in OneFuse
Considerations
OneFuse will need to be installed/configured and LDAP should already be setup. Please see article below in the additional links on how to setup LDAP if that’s not completed
Troubleshooting
SSH into the OneFuse appliance
Once we’re connected to the appliance, we can open Shell Plus
/opt/cloudbolt/manage.py shell_plus
View current LDAP Configuration
Map LDAPUtility to ldap
Note: Replace domain.com with your actual domainldap = LDAPUtility.objects.get(ldap_domain="domain.net")
View LDAP configuration using “dict”
ldap.__dict__
Output (Example)
Out[6]: {'_state': <django.db.models.base.ModelState at 0x7f5d0b30bcc0>, 'id': 1, 'ip': '192.168.1.1', 'port': 389, 'protocol': 'ldap', 'version': '3', 'serviceaccount': 'admin@domain.net', 'servicepasswd': '', 'ldap_domain': 'domain.net', 'base_dn': 'DC=domain,DC=net', 'ldap_filter': None, 'disabled_filter': 'userAccountControl:1.2.840.113556.1.4.803:=2', 'ldap_username': 'sAMAccountName', 'ldap_first': 'givenName', 'ldap_last': 'sn', 'ldap_mail': 'mail', 'email_format': None, 'auto_create_user': True}
Search for user in LDAP
Run user search from ldap map we made above
ldap.runUserSearch(username="admin")
Output (Good)
Out[11]: [('CN=Admin,OU=Users,DC=domain,DC=net', {})]Output (Bad)
Note: Your base_dn might need to be updated which will be covered in the next section.Out[7]: []
Update LDAP properties
Update the base_dn property or any others that need to be adjusted
ldap.base_dn = "DC=domain,DC=net"
Note: The base DN is used for user and group search. It is recommended to keep it closer to the root DN
(Optional) Feel free to update any other properties at this point using the example below. The properties are listed above when we ran the “__dict__” command
ldap.ldapproperty = newvalue
Once we’ve updated all our properties, we need to save it
ldap.save()
To verify the changes are made, run the below command
ldap.__dict__
View LDAP Mappings
View the LDAP Mappings you configured by running these commands
ldap.ldapmapping_set.all()
Output (Example)
<QuerySet [<LDAPMapping: LDAPMapping object (1)>, <LDAPMapping: LDAPMapping object (2)>]>
Lets grab the first object and return the properties it has
ldap.ldapmapping_set.first().__dict__
Output (Example)
{'_state': <django.db.models.base.ModelState at 0x7f5d0aa04160>, 'id': 1, 'ldap_utility_id': 1, 'ldap_ou_dn': '', 'ldap_group_dn': 'CN=GirAdmins,OU=orisa,OU=build,DC=domain,DC=net', 'is_cbadmin': False, 'is_super_admin': False, 'is_devops_admin': False, 'has_api_access': True, 'is_global_viewer': False}If there are multiples and you want to see all, we can loop through and return any of the properties on each. We’ll map the ldapmapping_set to maps and then loop through it to return the ldap_group_dn for each
maps = ldap.ldapmapping_set.all() for map in maps: print(map.ldap_group_dn)Output (Example)
CN=GirAdmins,OU=orisa,OU=build,DC=domain,DC=net CN=GirUsers,OU=orisa,OU=build,DC=domain,DC=net
Update LDAP Mapping
If we ran the above commands, we should still have maps so we can use that to update the properties for an ldapmappingset. We’ll update the ldap_group_dn on the first element in maps
maps[0].ldap_group_dn = 'CN=GirAdminss,OU=orisa,OU=build,DC=domain,DC=net'
Once we’ve made our changes, we’ll need to save it
maps[0].save()
We can make sure the changes took by running the “__dict__” command
maps[0].__dict__
Output (Example)
{'_state': <django.db.models.base.ModelState at 0x7f5d0a4b8a58>, 'id': 1, 'ldap_utility_id': 1, 'ldap_ou_dn': '', 'ldap_group_dn': 'CN=GirAdminss,OU=orisa,OU=build,DC=domain,DC=net', 'is_cbadmin': False, 'is_super_admin': False, 'is_devops_admin': False, 'has_api_access': True, 'is_global_viewer': False}
Delete LDAP Mappings
If we still have the maps array, we can loop through and delete the ldap mappings. If not, we can run the first command below to map it
maps = ldap.ldapmapping_set.all() for map in maps: ...: map.delete() ldap.ldapmapping_set.all()Output (Good)
<QuerySet []>
Delete LDAP Configuration
We can delete the entire LDAP configuration by running this command below
ldap = LDAPUtility.objects.get(ldap_domain="domain.net") ldap.delete()
Output (Good)
(3, {'accounts.UserProfile_custom_field_values': 0, 'accounts.PasswordHistory': 0, 'sso.BaseSSOProvider_contact_person': 0, 'bookmarks.Bookmark': 0, 'portals.PortalConfig_ldaps': 0, 'utilities.LDAPUtility': 1, 'accounts.GroupRoleMembership': 1, 'accounts.UserProfile': 1})Now we can verify that it’s deleted
LDAPUtility.objects.get(ldap_domain="domain.net")
Output (Good)
--------------------------------------------------------------------------- DoesNotExist Traceback (most recent call last) <ipython-input-17-e9b78a601e50> in <module> ----> 1 ldap = LDAPUtility.objects.get(ldap_domain="domain.net") /usr/local/lib/python3.6/site-packages/django/db/models/manager.py in manager_method(self, *args, **kwargs) 80 def create_method(name, method): 81 def manager_method(self, *args, **kwargs): ---> 82 return getattr(self.get_queryset(), name)(*args, **kwargs) 83 manager_method.__name__ = method.__name__ 84 manager_method.__doc__ = method.__doc__ /usr/local/lib/python3.6/site-packages/django/db/models/query.py in get(self, *args, **kwargs) 406 raise self.model.DoesNotExist( 407 "%s matching query does not exist." % --> 408 self.model._meta.object_name 409 ) 410 raise self.model.MultipleObjectsReturned( DoesNotExist: LDAPUtility matching query does not exist.
0 Comments