LDAP Authentication - Nav-users

12 Mar 2007


      Hello,
Is anyone using LDAP to authenticate users on the web interface?
if so, how did you go about doing it?
Thanks!
Greg(lok1)
...
From a.l.prois at usit.uio.no  Mon Mar 12 18:20:13 2007
From: a.l.prois at usit.uio.no (=?ISO-8859-1?Q?Asbj=F8rn_Pr=F8is?=)
Date: Mon Mar 12 18:20:16 2007
Subject: [Nav-users] LDAP Authentication
In-Reply-To: 4ddd24660703120903gc499f13gfacb5ffaf19eba9c@mail.gmail.com
References: 4ddd24660703120903gc499f13gfacb5ffaf19eba9c@mail.gmail.com
Message-ID: Pine.LNX.4.63-L.0703121816590.28028@klodrik.uio.no
On Mon, 12 Mar 2007, Greg Cooper wrote:
...
Hello,
Is anyone using LDAP to authenticate users on the web interface?
if so, how did you go about doing it?
Thanks!
Yes, we (UiO) uses LDAP for authentication.
In /usr/local/nav/etc/webfront/webfront.conf :
[ldap]
enabled = yes
server = ldaps://xxx.uio.no
binddn= cn=yyy,cn=zzz,dc=uio,dc=no
And if your ldap requires it (ours do), you allso need correct settings in
/etc/openldap/ldap.conf. Like path to TLS_CACERT etc.
-Asbj?rn-
...
From gwc2004 at gmail.com  Mon Mar 12 12:31:00 2007
From: gwc2004 at gmail.com (Greg Cooper)
Date: Mon Mar 12 18:31:11 2007
Subject: [Nav-users] Cricket/NAV problem
Message-ID: 4ddd24660703121031h716cb122q8cee4ba790fc632@mail.gmail.com
Hello,
I have some netboxes with IP/Hostnames in my /etc/hosts file.  Not all my
boxes are in there, but some are.  When I browse a netbox and click on a
port to view the statistics, I get an error message like this:
Traceback (most recent call last):
  File "/usr/local/nav/lib/python/nav/web/devBrowser/dispatcher.py", line
100, in handler
    result = handler.process(request)
  File "/usr/local/nav/lib/python/nav/web/devBrowser/rrd.py", line 59, in
process
    return datasources(query, session)
  File "/usr/local/nav/lib/python/nav/web/devBrowser/rrd.py", line 408, in
datasources
    return showGraphs(session)
  File "/usr/local/nav/lib/python/nav/web/devBrowser/rrd.py", line 380, in
showGraphs
    table.add(html.Image(src=images[index].graphUrl(), name=index),
editCell,
  File "/usr/local/nav/lib/python/nav/rrd/presenter.py", line 399, in
graphUrl
    a = rrdtool.info(rrd_filename)
error: opening
'/usr/local/nav/cricket/cricket-config/../cricket-data/switch-ports/10.8.250.3/9_16.rrd':
No such file or directory
The actual path is .../switch-ports/DNS_NAME/9_16.rrd.  When I go through
Cricket and browse to that box, I see the stats and it works fine.  However,
I am setting this up to be used by a lot of people at my work who don't want
to learn "workarounds" :)
Is there something I can do to fix this?
Thanks!
Greg(lok*)
...
From jan.bakke.privat at gmail.com  Tue Mar 13 13:05:55 2007
From: jan.bakke.privat at gmail.com (Jan Bakke)
Date: Tue Mar 13 13:06:10 2007
Subject: [Nav-users] NAV error on CentOS
Message-ID: f2fef6d20703130505t3eb829ecg7621ee1ca7bfb7ce@mail.gmail.com
Hi
I have just installed NAV on CentOS according to
http://metanav.ntnu.no/moin.cgi/InstallingOnRHEL4
CentOS 4.4
NAV nav-3.2.1-1
When I open the web-site the following error shows up;
********************************************************************
Mod_python error: "PythonHeaderParserHandler nav.web"
Traceback (most recent call last):
  File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line 299, in
HandlerDispatch
    result = object(req)
  File "/usr/local/nav/lib/python/nav/web/__init__.py", line 62, in
headerparserhandler
    nav.web.auth.authenticate(req)
  File "/usr/local/nav/lib/python/nav/web/auth.py", line 93, in authenticate
    conn = db.getConnection('navprofile', 'navprofile')
AttributeError: 'module' object has no attribute 'getConnection'
********************************************************************
This error is logged in 'messages'
Mar 13 11:25:45 testserver kernel: audit(1173781545.016:13): avc:  denied  {
read } for  pid=4373 comm="httpd" name="psycopgmodule.so" dev=dm-0
ino=508298 scontext=root:system_r:httpd_t tcontext=root:object_r:user_home_t
tclass=file
Mar 13 11:42:52 testserver init: Trying to re-exec init
How can i fix this?
...
From roger.aas at hsh.no  Tue Mar 13 13:27:17 2007
From: roger.aas at hsh.no (Roger Aas)
Date: Tue Mar 13 13:27:26 2007
Subject: [Nav-users] NAV error on CentOS
In-Reply-To: f2fef6d20703130505t3eb829ecg7621ee1ca7bfb7ce@mail.gmail.com
References: f2fef6d20703130505t3eb829ecg7621ee1ca7bfb7ce@mail.gmail.com
Message-ID: 45F698A5.60101@hsh.no
Jan Bakke wrote:
...
Mar 13 11:25:45 testserver kernel: audit(1173781545.016:13): avc:  
denied  {
read } for  pid=4373 comm="httpd" name="psycopgmodule.so" dev=dm-0
ino=508298 scontext=root:system_r:httpd_t 
tcontext=root:object_r:user_home_t
tclass=file
Mar 13 11:42:52 testserver init: Trying to re-exec init
How can i fix this?
You have probably not disabled SELinux like it says in the installation
manual. Run this command as root to check:
[root@nav3 ~]# sestatus
SELinux status:         disabled
If you get something other than "disabled" you will either have to configure
SELinux to work with NAV or disable SELinux.
If you want to disable SELinux do this:
To just test if this is the problem run this command:
[root@nav3 ~]# setenforce 0
and try to reload the webpage.
To disable it permanently edit this file:
/etc/sysconfig/selinux
to say:
SELINUX=disabled
and reboot the server.
- Roger