External Authentication through LDAP

[Peter Parker]

Hi bros,

I already have installed Config Server Proxy to using External Authentication through LDAP, then I'm following External Authentication Reference Manual

Kindly help me find the answers for the below question:

How to login to Genesys Administrator by user created on LDAP?

Logs & Options of Config Server Proxy as below:

[code][authentication]
enforce-external-auth=true
library=gauth_ldap

[csproxy]
allow-external-empty-password=false
encoding=UTF-8

[gauth_ldap]
app-user=vuvanthan@ansv.vn
ldap-url=ldap://172.24.104.6
password=D4DA79BB3D9D967E5D4EDD0FC07C9986
retry-attempts=10
retry-interval=10

[history-log]
client-expiration=1
expiration=30
max-records=1000

[log]
all=D:\gcti\logs\confservproxy\confservproxy
buffering=true
expire=20
segment=10000
verbose=all

[/code]

External authentication library [gauth_ldap] loaded successfully
Property [app-user] is set to [vuvanthan@ansv.vn] for authentication domain [AUTH_default]
Property [password] is set to [***] for authentication domain [AUTH_default]
Property [ldap-url] is set to [ldap://172.24.104.6] for authentication domain [AUTH_default]
Property [retry-attempts] is set to [10] for authentication domain [AUTH_default]
Property [retry-interval] is set to [10] for authentication domain [AUTH_default]
Authentication domain [AUTH_default] is (re)initialized
09:32:40.164 Std 22915 Server mode is set to [PROXY PRIMARY]
09:32:40.164 [HISTORYDB]: Initialize database with loaded history record...
09:32:40.164 [HISTORYDB]: History database data counter is confirmed. Value is 0
09:32:40.164 [HISTORYDB]: History database client counter is read. Value is 0
09:32:40.164 Std 22108 Transaction manager is activated
09:32:40.164 Std 22128 Authentication type is [external]
09:32:40.164 Std 22112 Authentication library [LDAP], version [8.5.100.11] is activated
09:32:40.164 Std 22109 Configuration Server is initialized
09:32:40.179 Std 22135 History Log synchronization process started. Initial record id is 0.
09:32:40.179 Auth: 'auth thread' thread (tid=4056) registered for monitoring successfully
09:32:40.179 AUT_DBG: Authentication thread started (async)
09:32:40.663 [HISTORYDB]: Data record 587801 stored
09:32:40.663 Trc 24205 Notification : Object [CfgRouteDN], name [asl_Outbound e-mail sending st], DBID: [334] is created at server

[Peter Parker]

Hi experts,

Now, I can't login to GA by user default.

11:24:15.895 Trc 04541 Message MSGCFG_GETSERVERPROTOCOL received from 644 ( '')

  MSGCFG_GETSERVERPROTOCOL
  attr: IATRCFG_REQUESTID          value:  1
  attr: SATRCFG_PROTOCOLEX          value:  "CfgProtocol 5.1.3.80" 
  attr: SATRCFG_APPNAME            value:  "default" 
  attr: IATRCFG_SECURELIBRARY      value:  1

11:24:15.895 Trc 04542 Message MSGCFG_SERVERPROTOCOL sent to 644 ( '')

  MSGCFG_SERVERPROTOCOL
  attr: IATRCFG_SERVERENCODING      value:  1033
  attr: SATRCFG_PROTOCOL            value:  "CfgProtocol 5.1.3.80" 
  attr: IATRCFG_REQUESTID          value:  1

11:24:15.895 Trc 04541 Message MSGCFG_CLIENTREGISTER received from 644 ( '')

  MSGCFG_CLIENTREGISTER
  attr: IATRCFG_REQUESTID          value:  2
  attr: IATRCFG_CLIENTENCODING      value:  1033
  attr: SATRCFG_PROTOCOLEX          value:  "CfgProtocol 5.1.3.80" 
  attr: SATRCFG_USERPASS            value:  "******"
  attr: SATRCFG_USERNAME            value:  "default" 
  attr: SATRCFG_APPNAME            value:  "default" 
  attr: IATRCFG_APPTYPE            value:  19 [SCE]

11:24:15.895 AUT_MAIN: Put request to queue. Request ID = 0
11:24:15.895 AUT_MAIN: Request in queue. Request ID = 0
11:24:15.957 AUT_DBG: Authentication request received. Request ID = 0
11:24:15.957 AUT_DBG: Native authentication function returned 0, system code = 0
11:24:16.082 Std 24101 None of the external authentication servers are available.  Authentication failed.
11:24:16.082 Std 22122 Client 644 failed to get authorization. Name [default], type [SCE], user [default], address [172.16.1.19:49223]. Reason : Operations error
11:24:16.082 Std 23500 Configuration Server Error : Error  [CFGExternalAuthenticationError], object [], property [Unknown] Description Operations error
11:24:16.082 Trc 04542 Message MSGCFG_ERROR sent to 644 ( '')

  MSGCFG_ERROR
  attr: IATRCFG_ERRORCODE          value:  33
  attr: IATRCFG_EXTERNALAUTH        value:  1
  attr: SATRCFG_DESCRIPTION        value:  "Operations error" 
  attr: IATRCFG_REQUESTID          value:  2

11:24:16.082 Trc 04524 Client '644' disconnected
11:24:16.082 Total number of clients: 0

[Kubig]

Your external authentication does not work properly as you can pretty read from the log

[Peter Parker]

Hi Kubig,

Can you please check log as below?

17:28:00.576 Trc 04541 Message MSGCFG_CLIENTREGISTER received from 632 ( '')

  MSGCFG_CLIENTREGISTER
  attr: IATRCFG_REQUESTID          value:  2
  attr: IATRCFG_CLIENTENCODING      value:  1033
  attr: SATRCFG_PROTOCOLEX          value:  "CfgProtocol 5.1.3.80" 
  attr: SATRCFG_USERPASS            value:  "******"
  attr: SATRCFG_USERNAME            value:  "thanvv" 
  attr: SATRCFG_APPNAME            value:  "default" 
  attr: IATRCFG_APPTYPE            value:  19 [SCE]

17:28:00.576 AUT_MAIN: Put request to queue. Request ID = 0
17:28:00.576 AUT_MAIN: Request in queue. Request ID = 0
17:28:00.625 AUT_DBG: Authentication request received. Request ID = 0
17:28:00.625 AUT_DBG: Native authentication function returned 0, system code = 0
17:28:00.640 Std 22122 Client 632 failed to get authorization. Name [default], type [SCE], user [thanvv], address [172.16.1.19:49262]. Reason : Operations error
17:28:00.640 Std 23500 Configuration Server Error : Error  [CFGExternalAuthenticationError], object [], property [Unknown] Description Operations error
17:28:00.640 Trc 04542 Message MSGCFG_ERROR sent to 632 ( '')

  MSGCFG_ERROR
  attr: IATRCFG_ERRORCODE          value:  33
  attr: IATRCFG_EXTERNALAUTH        value:  1
  attr: SATRCFG_DESCRIPTION        value:  "Operations error" 
  attr: IATRCFG_REQUESTID          value:  2

17:28:00.640 Trc 04524 Client '632' disconnected
17:28:00.640 Total number of clients: 0

[cavagnaro]

Ping your ldap server?
Telnet to the 389 port?
If those two above work, then do a Wireshark and see what is going on.

Enviado de meu E6633 usando Tapatalk

[Kubig]

Also enable debug on LDAP client part to see entire communication

[Peter Parker]

Hi Cavagnaro, Kubig,

I already have checked connection between LDAP sever & Config Server Proxy, please waiting for me while I'm doing a Wireshark on both Config Server Proxy & LDAP Server

[cavagnaro]

ConfigServer Proxy??? Uh???

[gabybanu11]

hi,

I suppose your default user doesn't have externalID and by using enforce-external-auth=true, you will force all the authentication requests to go to ldap.