rancher: OpenLDAP Cannot locate user information for (objectClass=inetOrgPerson)

When enabling openLDAP ,I get a error message : Cannot locate user information for (objectClass=inetOrgPerson). image

I Just set first options 1. Configuer an OpenLDAP server, And the sencond options 2. Customize Schema keeps default value. The same setup was successful in Rancher Version 1.6.25.

Useful Info
Versions Rancher v2.2.2 UI: v2.2.41
Route global-admin.security.authentication.openldap

I got some logs from ldap server when I authenticate with openldap :

[07/May/2019:11:06:36 +0800] SEARCH REQ conn=2532498 op=3 msgID=4 base="uid=xxx,ou=people,o=xxx.com.cn,o=isp" scope=base filter="(objectClass=inetOrgPerson)" attrs="1.1,+,*"
[07/May/2019:11:06:36 +0800] SEARCH RES conn=2532498 op=3 msgID=4 result=0 nentries=0 etime=1

When I get the right user info from ldap server,The Ldap server logs:

[07/May/2019:11:08:47 +0800] SEARCH REQ conn=2532641 op=12 msgID=29 base="uid=xxx,ou=people,o=xxx.com.cn,o=isp" scope=sub filter="(objectClass=inetOrgPerson)" attrs="1.1"
[07/May/2019:11:08:47 +0800] SEARCH RES conn=2532641 op=12 msgID=29 result=0 nentries=1 etime=1

Notice the difference between the two situation is search scope. But There are no options about “scope” in Rancher v2.x.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 21 (9 by maintainers)

Most upvoted comments

That is correct. To be clear - this means that even though we provide a bind user - for other purposes I know - that a “user” has to be allowed to look up all their own information / attributes. Is that correct ?

On Tue, Mar 31, 2020 at 1:43 PM Rajashree Mandaogane < notifications@github.com> wrote:

@wadeholler https://github.com/wadeholler Okay, so are you saying that solved the issue for you?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rancher/rancher/issues/20002#issuecomment-606774199, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADKF3YUDC2NILCANNEMQNALRKITT7ANCNFSM4HK56RGQ .

+1
wadeholler on Mar 31, 2020

I am having the same issue as well, any upates? TestAndApply Error Cannot locate user information for (objectClass=inetOrgPerson)

+1
spirit986 on Jan 24, 2020

I am having the same issue attaching to our ldap provider. I have tried all the objectClasses

Cannot locate user information for (objectClass=inetOrgPerson)

ldapsearch -H ldaps://ldap.xxx.com:636 -x -b "ou=Users,o=xxx,dc=xxx,dc=com" -D "uid=xxx,ou=Users,o=xxx,dc=xxx,dc=com" -W "(objectClass=inetOrgPerson)"

# LDAPv3
# base <ou=Users,o=xxx,dc=xxx,dc=com> with scope subtree
# filter: (objectClass=inetOrgPerson)
# requesting: ALL
#

# xxx, Users, xxx, xxx.com
dn: uid=xxx,ou=Users,o=xxx,dc=xx,dc=com
mail: trudny@xxxxx
displayName: xxx
uidNumber: 5075
gidNumber: 5075
loginShell: /bin/bash
homeDirectory: /home/xxx
givenName: Anthony
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: posixAccount

Any update? Rancher: 2.3.4

+1
dahendel on Jan 22, 2020
Read more comments on GitHub
← rancher: On the Cluster Explorer View State of Deployments is shown as unknown for k8s 1.20 clusters
rancher: panic: creating CRD store resource name may not be empty seen on startup →