M034 MongoLDAP Authentication setup

I am feeling like I missed a part of this course or that 034 is apart of another course.

I was able to determine that we needed to download the vagrant files and setup the two machines(m034 & ldap).
The video shows the configuration information that is used on the m034 machine before running the command mongoldap -f ./mongod_ldap.cnf --user 'alice' --password secret

I created the matching file on m034 and here is what I have:

vagrant@m034:/shared$ cat mongod_ldap.cnf 
security:
  ldap:
    servers: "192.168.19.100"
    authz:
      queryTemplate: "{USER}?memberOf?base"
    transportSecurity: "none"
    bind:
      method: "simple"
    userToDNMapping: '[{match: "(.+)", substitution: "uid={0},ou=Users,dc=mongodb,dc=com"}]'

If I attempt to run the command as shown in the video here is my output:

vagrant@m034:/shared$ mongoldap -f ./mongod_ldap.cnf --user 'alice' --password secret
Running MongoDB LDAP authorization validation checks...
Version: 3.4.0

Checking that an LDAP server has been specified...
[OK] LDAP server found

Connecting to LDAP server...
[OK] Connected to LDAP server

Parsing MongoDB to LDAP DN mappings...
[OK] MongoDB to LDAP DN mappings appear to be valid

Attempting to authenticate against the LDAP server...
2018-11-15T23:28:24.906+0000 E ACCESS   [main] Failed to bind to LDAP server at default: Invalid credentials. Bind parameters were: {BindDN: uid=alice,ou=Users,dc=mongodb,dc=com, authenticationType: simple}
[FAIL] Failed to authenticate alice to LDAP server
	* OperationFailed: LDAP bind failed with error: Invalid credentials

vagrant@m034:/shared$ 

The only thing I have done on the ldap server is get it setup via vagrant and here is the it starting and status

[vagrant@ldap ~]$ sudo service slapd stop
Stopping slapd:                                            [  OK  ]
[vagrant@ldap ~]$ sudo service slapd start
Starting slapd:                                            [  OK  ]
[vagrant@ldap ~]$ sudo service slapd status
slapd (pid  3719) is running...
[vagrant@ldap ~]$ 

I think a potentially important note is that I am getting this message after install of the ldap vagrant and if I attempt to provision:

ldap: + pip install python-ldap
ldap: /usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
ldap:   InsecurePlatformWarning
ldap: /usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
ldap:   InsecurePlatformWarning
ldap: You are using pip version 7.1.0, however version 18.1 is available.
ldap: You should consider upgrading via the 'pip install --upgrade pip' command.
ldap: Collecting python-ldap
ldap: /usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
ldap:   InsecurePlatformWarning
ldap: /usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
ldap:   InsecurePlatformWarning
ldap: /usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
ldap:   InsecurePlatformWarning
ldap:   Downloading https://files.pythonhosted.org/packages/7f/1c/28d721dff2fcd2fef9d55b40df63a00be26ec8a11e8c6fc612ae642f9cfd/python-ldap-3.1.0.tar.gz (366kB)
ldap:     Complete output from command python setup.py egg_info:
ldap:     Traceback (most recent call last):
ldap:       File "<string>", line 20, in <module>
ldap:       File "/tmp/pip-build-jELGF2/python-ldap/setup.py", line 11, in <module>
ldap:         raise RuntimeError('This software requires Python 2.7 or 3.x.')
ldap:     RuntimeError: This software requires Python 2.7 or 3.x.
ldap:     
ldap:     ----------------------------------------
ldap: Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-jELGF2/python-ldap
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.
cw00dw0rd@cw00dw0rd-desktop:~/JavaScript/MongoDB/MongoU/security/m034/ldap$ 

I attempted to find some fixes online for this error but I am a little stuck and I am beginning to suspect it is my issue.

Is anyone aware of a work around or perhaps something I am missing for the Invalid Credentials message I am getting?

Thank you for any help you can offer!

  • Chris
1 Like

Hi Chris,

Yes these lectures came from a course that introduced version 3.4

If you have the ldap service running then I would run the following to configure (these were in the provisioning script but probably failed due to the error you’ve encountered in provisioning)

run with sudo

ldapadd -Y EXTERNAL -H ldapi:/// -f /vagrant/pw.ldif

ldapadd -x -D "cn=Manager,dc=mongodb,dc=com" -w password -f /vagrant/Domain.ldif

ldapadd -x -D "cn=Manager,dc=mongodb,dc=com" -w password -f /vagrant/Users.ldif

Check out this post

mongoldap-check-failing-

3 Likes

@dschupp
That fixed it! Thank you for the help!

I had just given up on attempting to install python-ldap when I had the idea of adding the ldif files but I am not familiar enough with it to know I wouldn’t be messing something up in the long run.

It’s also good to know I am not crazy :stuck_out_tongue_winking_eye: and that some of these videos came from a different course.

Thanks again for your replies!

I too feel as Chris does:

##################################################################
I am feeling like I missed a part of this course or that 034 is apart of another course.

I was able to determine that we needed to download the vagrant files and setup the two machines(m034 & ldap).
##################################################################

I have the original 2 VMs running:

Current machine states:

database running (virtualbox)
infrastructure running (virtualbox)

I’ve downloaded m034.zip; how do I set up these additional 2 VMs?

Hi @nrmdmcg,

Most of the lectures are not built to follow along, that’s why we have labs.

If you would like to follow along, suggest you do the LDAP lab (Homework 1.6) which comes with more verbose instructions and setup scripts.

1 Like