Mongoldap check failing

Hi all,

For the chapter - “LDAP Authorization Setup”, I spun up both vagrant machines m034 and ldap and then I tried to check ldap settings using mongoldap and got below error. I am new to LDAP and know nothing! So, please help me what I need to to on ldap vagrant box to resolve this issue.

Error -
vagrant@m034:/shared$ mongoldap --user alice --password secret -f /shared/mongod.cnf
Running MongoDB LDAP authorization validation checks…
Version: 3.4.0

Checking that an LDAP server has been specified…
[OK] LDAP server found

Connecting to LDAP server…
[FAIL] Could not connect to any of the specified LDAP servers
* Error: UnknownError: LDAP Operation <ldap_search_ext_s>, Failed to perform query: Can’t contact LDAP server’ Query was: 'BaseDN: “”, Scope: “base”, Filter: “(objectclass=*)”, Attributes: “supportedSASLMechanisms”, '". (-1/Can’t contact LDAP server)
* The server may be down, or ‘security.ldap.servers’ or ‘security.ldap.transportSecurity’ may be incorrectly configured.
* Alternatively the server may not allow anonymous access to the RootDSE.

Hi anudeepsp,

A couple of things to check

  • verify that you can ping between the ldap server and the database server. (this is probably good as indicated by the OK message - I’d check anyway !)

  • Over on the ldap server check that ldap service is running

sudo service slapd status

sudo service slapd start

sudo service slapd stop

Hope this helps,

David

@dschupp
As you mentioned ldap service was not running and I started the ldap server.
Now, I am encountered with below error. There are many ldif files on /vagrant directory of ldap machine, please let me know how I can use them to get rid of below authentication error.

vagrant@m034:/shared$ mongoldap --user alice --password secret -f /shared/mongod.cnf
Running MongoDB LDAP authorization validation checks…
Version: 3.4.0

Checking that an LDAP server has been specified…
[OK] LDAP server found

Connecting to LDAP server…
[OK] Connected to LDAP server

Parsing MongoDB to LDAP DN mappings…
[OK] MongoDB to LDAP DN mappings appear to be valid

Attempting to authenticate against the LDAP server…
2018-09-21T04:37:32.604+0000 E ACCESS [main] Failed to bind to LDAP server at default: Invalid credentials. Bind parameters were: {BindDN: uid=alice,ou=Users,dc=mongodb,dc=com, authenticationType: simple}
[FAIL] Failed to authenticate alice to LDAP server
* OperationFailed: LDAP bind failed with error: Invalid credentials

@dschupp
Got the solution from Homework 1.6.

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f pw.ldif
sudo ldapadd -x -D “cn=Manager,dc=mongodb,dc=com” -w password -f Domain.ldif
sudo ldapadd -x -D “cn=Manager,dc=mongodb,dc=com” -w password -f Users.ldif

After doing the above, mongoldap checks are “OK”

1 Like

Glad you’re making progress - there is a lot of configuration in that lesson !

Hi David, I’ve got the same error as above and tried the same commands but while restarting the ldap I get following errors:
[vagrant@ldap ~]$ sudo service slapd start
Checking configuration files for slapd: [FAILED]
5c6bef29 olcRootPW: value #0: can only be set when rootdn is under suffix
5c6bef29 config error processing olcDatabase={0}config,cn=config: can only be set when rootdn is under suffix
slaptest: bad configuration file!

These are the commands I executed before :
[vagrant@ldap ~]$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /vagrant/pw.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry “olcDatabase={0}config,cn=config”

modifying entry “olcDatabase={2}bdb,cn=config”

modifying entry “olcDatabase={1}monitor,cn=config”

[vagrant@ldap ~]$ sudo ldapadd -x -D “cn=Manager,dc=mongodb,dc=com” -w password -f /vagrant/Domain.ldif
adding new entry “dc=mongodb,dc=com”

[vagrant@ldap ~]$ sudo ldapadd -x -D “cn=Manager,dc=mongodb,dc=com” -w password -f /vagrant/Users.ldif
adding new entry “ou=Users,dc=mongodb,dc=com”
adding new entry “ou=dba,dc=mongodb,dc=com”
adding new entry “uid=alice,ou=Users,dc=mongodb,dc=com”
adding new entry “cn=admins,ou=Users,dc=mongodb,dc=com”
adding new entry “uid=maria,ou=Users,dc=mongodb,dc=com”
adding new entry “cn=writers,ou=Users,dc=mongodb,dc=com”
adding new entry “uid=bob,ou=Users,dc=mongodb,dc=com”
adding new entry “cn=readers,ou=Users,dc=mongodb,dc=com”

I am getting the same issue

@Doreen_46207 & @anudeepsp

Notice that this post is (a) more than 6 months old and (b) was solved. Please create a new post with your actual issues in detail and I’ll try to help. Thanks.