Comments (12)
Hello,
The project provides an ldap server, you just need to follow the install instructions to make it running.
Denis
On 14 Oct 2014, at 10:46 pm, jgudavalli [email protected] wrote:
Hello,
I am trying to set up an EC2 instance as a central machine that manages and controls access to all my other EC2 instances.
Do I need to first install LDAP server on this and then use your plugin?Regards,
Jyothi—
Reply to this email directly or view it on GitHub.
from aws-iam-ldap-bridge.
Hello Denismo,
Thank you for the reply. This is what I tried and not successfull:
- I have an amazon EC2 instance - ldap-test.test.com
- I change the hostname in /etc/hosname to ldap-test.test.com
- I downloaded the zip of your project using the below line into a directory /home/ubuntu/apacheds and unzipped it
wget https://s3-ap-southeast-2.amazonaws.com/aws-iam-apacheds/apacheds-0.1.zip
4.I created an IAM account that has all permissions in my AWS account. downloaded the credentials file
and created a file ~/.aws/config . My config file has below contents
[default]
region = ap-southeast-1
aws_access_key_id = .......
aws_secret_access_key = ..........
- After that I set path saying export AWS_CREDENTIAL_FILE=/home/ubuntu/.aws/config
- I created a file /etc/iam_ldap.conf and the contents of the file are as shown below:
pollPeriod=600
rootDN="dc=ldap-test1,dc=test,dc=com" - I ran the apacheds as per your installation doc-
ubuntu@ldap-test1:/apacheds/apacheds/bin$ Usage: apacheds.sh []/apacheds/apacheds/bin$
If is ommited, 'default' will be used.
is one of start, stop.
sleep 10
[1]+ Exit 1 bash apacheds.sh
ubuntu@ldap-test1: - Now I ran the ldapsearch and I got the error below:
ubuntu@ldap-test1:/apacheds/apacheds/bin$ ldapsearch -H ldap://localhost:10389 -D "uid=admin,ou=system" -x -w secret -b "dc=ldap-test1,dc=test,dc=com" "(objectclass=posixaccount)"/apacheds/apacheds/bin$ sudo apt-get install ldap-utils
The program 'ldapsearch' is currently not installed. You can install it by typing:
sudo apt-get install ldap-utils
ubuntu@ldap-test1:
and after installing the ldap-utils , I ran the command again and got the below error:
buntu@ldap-test1:~/apacheds/apacheds/bin$ ldapsearch -H ldap://localhost:10389 -D "uid=admin,ou=system" -x -w secret -b "dc=ldap-test1,dc=test,dc=com" "(objectclass=posixaccount)"
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
What am I doing wrong. Can you help?
Regards,
Jyothi
from aws-iam-ldap-bridge.
Hello,
do you have port 10389 open in your security group?
However, I've also tried apacheds-0.1.zip and I found another problem - due to some reason the partition is not there, so the authenticator won't work. Sorry for that, must be a bug in deployment. Unfortunately, I'm travelling right now so I cannot fix it (don't have the right package with me). I'll be back next week and plan to fix this ASAP. I'll let you know once that is done if you are still interested.
BTW, I'm also planning to create a public AMI to simplify the deployment, or a set of Puppet/Chef/Docker scripts. Just out of curiosity - if I had one of these, which one would you use (or would you still prefer to do the installation by yourself)?
Cheers,
Denis
From: jgudavalli [email protected]
To: denismo/aws-iam-ldap-bridge [email protected]
Cc: Denis Mikhalkin [email protected]
Sent: Thursday, 16 October 2014, 14:26
Subject: Re: [aws-iam-ldap-bridge] Clarification on the project (#13)
Hello Denismo,
Thank you for the reply. This is what I tried and not successfull:
- I have an amazon EC2 instance - ldap-test.test.com
- I change the hostname in /etc/hosname to ldap-test.test.com
- I downloaded the zip of your project using the below line into a directory /home/ubuntu/apacheds and unzipped it
wget https://s3-ap-southeast-2.amazonaws.com/aws-iam-apacheds/apacheds-0.1.zip
4.I created an IAM account that has all permissions in my AWS account. downloaded the credentials file
and created a file ~/.aws/config . My config file has below contents
[default]
region = ap-southeast-1
aws_access_key_id = .......
aws_secret_access_key = ..........- After that I set path saying export AWS_CREDENTIAL_FILE=/home/ubuntu/.aws/config
- I created a file /etc/iam_ldap.conf and the contents of the file are as shown below: pollPeriod=600 rootDN="dc=ldap-test1,dc=test,dc=com"
- I ran the apacheds as per your installation doc-
ubuntu@ldap-test1:/apacheds/apacheds/bin$ Usage: apacheds.sh []/apacheds/apacheds/bin$
If is ommited, 'default' will be used.
is one of start, stop.
sleep 10
[1]+ Exit 1 bash apacheds.sh
ubuntu@ldap-test1: - Now I ran the ldapsearch and I got the error below:
ubuntu@ldap-test1:/apacheds/apacheds/bin$ ldapsearch -H ldap://localhost:10389 -D "uid=admin,ou=system" -x -w secret -b "dc=ldap-test1,dc=test,dc=com" "(objectclass=posixaccount)"/apacheds/apacheds/bin$ sudo apt-get install ldap-utils
The program 'ldapsearch' is currently not installed. You can install it by typing:
sudo apt-get install ldap-utils
ubuntu@ldap-test1:
and after installing the ldap-utils , I ran the command again and got the below error:
buntu@ldap-test1:~/apacheds/apacheds/bin$ ldapsearch -H ldap://localhost:10389 -D "uid=admin,ou=system" -x -w secret -b "dc=ldap-test1,dc=test,dc=com" "(objectclass=posixaccount)"
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
What am I doing wrong. Can you help?
Regards,
Jyothi
—
Reply to this email directly or view it on GitHub.
from aws-iam-ldap-bridge.
Hello Denis,
thank you for confirming my steps for the installation of your project. I am new to cloud computing and new to lot of technical terms. You can provide me a script for installing the project or I can do the installation with some help from you. You can also reach me at my email - [email protected].
I am actually desperate to build a EC2 instance which uses IAM credentials to control the access to all the other EC2 instances. Hopefully your project will help me.
Regards,
Jyothi
from aws-iam-ldap-bridge.
Hello,
just verified:
- Created an t2.small instance from Amazon AMI. The instance was assigned an EC2 Role, which has permissions to Get/List IAM
- curl -O https://s3-ap-southeast-2.amazonaws.com/aws-iam-apacheds/apacheds-0.1.zip
- unzip apacheds-0.1.zip
- cd apacheds
- cd bin
- bash apacheds.sh start
- Connected to the instance remotely with Apache Directory Studio, on port 10389 (opened this port in security group)
I can see the users and groups from IAM so everything seems to be working fine.
Tomorrow I'll make an AMI. Which region are you using?
Regards,
Denis
From: jgudavalli [email protected]
To: denismo/aws-iam-ldap-bridge [email protected]
Cc: Denis Mikhalkin [email protected]
Sent: Sunday, 19 October 2014, 0:14
Subject: Re: [aws-iam-ldap-bridge] Clarification on the project (#13)
Hello Denis,
thank you for confirming my steps for the installation of your project. I am new to cloud computing and new to lot of technical terms. You can provide me a script for installing the project or I can do the installation with some help from you. You can also reach me at my email - [email protected].
I am actually desperate to build a EC2 instance which uses IAM credentials to control the access to all the other EC2 instances. Hopefully your project will help me.
Regards,
Jyothi
—
Reply to this email directly or view it on GitHub.
from aws-iam-ldap-bridge.
Hello Denismo,
I am using singapore.
Regards,
Jyothi
On 20-Oct-2014, at 6:47 pm, Denis Mikhalkin [email protected] wrote:
Hello,
just verified:
- Created an t2.small instance from Amazon AMI. The instance was assigned an EC2 Role, which has permissions to Get/List IAM
- curl -O https://s3-ap-southeast-2.amazonaws.com/aws-iam-apacheds/apacheds-0.1.zip
- unzip apacheds-0.1.zip
- cd apacheds
- cd bin
- bash apacheds.sh start
- Connected to the instance remotely with Apache Directory Studio, on port 10389 (opened this port in security group)
I can see the users and groups from IAM so everything seems to be working fine.
Tomorrow I'll make an AMI. Which region are you using?
Regards,
Denis
From: jgudavalli [email protected]
To: denismo/aws-iam-ldap-bridge [email protected]
Cc: Denis Mikhalkin [email protected]
Sent: Sunday, 19 October 2014, 0:14
Subject: Re: [aws-iam-ldap-bridge] Clarification on the project (#13)Hello Denis,
thank you for confirming my steps for the installation of your project. I am new to cloud computing and new to lot of technical terms. You can provide me a script for installing the project or I can do the installation with some help from you. You can also reach me at my email - [email protected].
I am actually desperate to build a EC2 instance which uses IAM credentials to control the access to all the other EC2 instances. Hopefully your project will help me.
Regards,
Jyothi
—
Reply to this email directly or view it on GitHub.
—
Reply to this email directly or view it on GitHub.
from aws-iam-ldap-bridge.
@denismo I encountered the same issue
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
I do not want to use the pre-built AMI and want to configure in my ubuntu ec2 instance. I am using your latest binary package. Please advise. Thanks!!
from aws-iam-ldap-bridge.
This looks more like an infrastructure configuration issue. Is server running? Is it listening on the LDAP port? Is the port open in firewall? Is the port open in security group?
from aws-iam-ldap-bridge.
I followed the exact steps listed above by Jyothi. Its an ubuntu ec2 instance, server is running, no firewall, port 10389 open in security group. any other ports needs to be opened? The issue you had mentioned with the partition, is that fixed?
from aws-iam-ldap-bridge.
Is this how I start the server? How do I verify if its running? And what is an instance name?
/apacheds/bin$ bash apacheds.sh/apacheds/bin$ bash apacheds.sh start
Usage: apacheds.sh []
If is ommited, 'default' will be used.
is one of start, stop.
:
Starting ApacheDS instance 'default'...
from aws-iam-ldap-bridge.
@denismo I think I found the problem. Its because apacheds expects java to be under /bin/java while mine was user /usr/bin/java. Once I symlinked, I see the server is running.
However I see the below error with a custom rootDN in /etc/iam_ldap.conf. Please let me know if I should start a new thread. Thanks for your help.
org.apache.direc tory.api.ldap.model.message.SearchRequestImpl@8623823: ERR_268 Cannot find a partition for dc=test,dc=ldap,dc=com
With the default rootDN, it works and I see the IAM users.
from aws-iam-ldap-bridge.
it's hard to tell. The root DN is created on start, whether it is default or custom. Do you see any exceptions in the log?
from aws-iam-ldap-bridge.
Related Issues (20)
- Create embedded runner HOT 1
- Can not use Apache Directory Studio with bundled ApacheDS HOT 9
- is it possible to auth against IAM password? HOT 16
- AMI says ldapsearch not found / user home directories not populated HOT 1
- Authentication fails for users configured with MFA HOT 3
- Users with no access key, no password are imported
- Groups not updating properly in LDAP HOT 17
- Can not bind via users after building from src HOT 5
- Could not find public AMIs HOT 12
- Publish build artifacts to Github Releases HOT 3
- a silly question HOT 2
- MemberOf overlay or import on group basis HOT 11
- If the User doesn't have an accessKey, that User would be deleted and created repeatly.
- Support for new AWS CLI profile
- Propagate the access/secret keys into logged in session HOT 1
- Add ACLs - only admin user should be able to enumerate other users, groups and roles HOT 1
- Performance of reading IAM accounts
- Is this project goint to be developed? HOT 7
- Create AMI with pre-installed LDAP as a service HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-iam-ldap-bridge.