LDAP Authentication in GVM 22.6.0 fails

Building from Source and Advanced Topics
1

Hello, I’m trying to set up LDAP authentication, but when I tried to login I keep hitting this error message:

md gmp: WARNING: 2023-08-07 23:43:03 UTC: Authentication failure for 'openvas@xxxx.xxxx.xxx.xxx' from unix_socket
md gmp: DEBUG: 2023-08-07 23:43:03 UTC: Client state set: 0

or this (if I use different format of username to tried to login):

libgvm util:WARNING:2023-08-07 23h58.57 utc:365: StartTLS failed, trying to establish ldaps connection.
libgvm util:WARNING:2023-08-07 23h58.57 utc:365: LDAP authentication failure: Can't contact LDAP server.
libgvm util:  DEBUG:2023-08-07 23h58.57 utc:365: Could not bind to ldap host dc1.xxxx.xxxx.xxxxx.xxxx
md    gmp:WARNING:2023-08-07 23h58.57 utc:365: Authentication failure for 'openvas' from unix_socket
md    gmp:  DEBUG:2023-08-07 23h58.57 utc:365:    client state set: 0

However I’m not sure exactly where the issue is. The system does appear to recognize our CA. I can also connect via telnet or ldapsearch with no problem. I also as you can see enabled the debug level 128, but the information given was much not useful for me.

This is my configuration:

LDAP Host = dc1.xxxx.xxxx.xxxxx.xxxx
Auth. DN = %s@xxxx.xxxx.xxxxx.xxxx

Has anyone else encountered this and found a solution? I’ve looked through the docs and forums, but no luck yet.

If you could share some insights or steps to troubleshoot this issue, I would greatly appreciate it.
Thanks in advance for your help!

2

Did you provided the right TLS certificates ? IMHO you need to do a LDAPS connection, plaintext is due to security reasons no longer supported.

1 Like
3

Yes I provided the right certificates. Also checked the certificate with openssl. Also tried the option: “LDAPS only”, but got the same error message just without

.

4

So that is that reason ?
You need to check why.

5

I think you misunderstood me. What I meant is that when I force the option ‘LDAPS only,’ I am encountering this error:

or this error (if I use different format of username to tried to login)::

.

I believe I’ve tried everything I know, and I’m continuing to explore any ideas that come to mind. That’s why I’m reaching out for assistance. The utility ‘ldapsearch’ (LDAPS enforced) doesn’t encounter any connection problems. The certificate is right (checked via openssl). The information provided by the logs isn’t proving helpful in this particular situation.