operator icon indicating copy to clipboard operation
operator copied to clipboard
verified publisher icon minio

LDAP server error: LDAP Result Code 200 "Network Error": EOF | Login getting failed with 401(Unauthorized) status code

Open Sanketbhandare opened this issue 1 year ago • 11 comments

LDAP server error: LDAP Result Code 200 "Network Error": EOF | Login getting failed with 401(Unauthorized) status code

Expected Behavior

Login to Minio console should be working fine with LDAP Identity provider.

Current Behavior

Login to Minio console is getting failed with LDAP Result Code 200 "Network Error": EOF

Possible Solution

No solution. Workaround to access the Minio Console would be to use Built-In Identity provider.

Steps to Reproduce (for bugs)

Context

LDAP / AD Users are unable to login to Minio Console.

Regression

Your Environment

Dev

  • Version used (minio-operator): 5.0.12
  • Environment name and version (e.g. kubernetes v1.17.2): Kubernetes v1.26.4, Helm version v3.12.0
  • Server type and version: AlmaLinux release 8.5 (Arctic Sphynx)
  • Operating System and version (uname -a): Linux dev-yyk8smst1 4.18.0-348.7.1.el8_5.x86_64 Add Minio operator #1 SMP Tue Dec 21 13:57:48 EST 2021 x86_64 x86_64 x86_64 GNU/Linux
  • Link to your deployment file:

Sanketbhandare avatar Mar 27 '24 07:03 Sanketbhandare

@Sanketbhandare Post your setup steps. plz

jiuker avatar Mar 27 '24 08:03 jiuker

  1. Create a new Tenant using Minio Operator
  2. Under Identity Provider Section, Choose "LDAP / Active Directory" option and provide information related to your LDAP server.
  3. Once you provide all the necessary information like Lookup Bind DN, Lookup Bind Password, User DN Search Base DN, User DN Search filter etc.
  4. Once done, save your changes.
  5. Open Minio Console session for newly created tenant & try login to Minio console via your AD Account.
  6. Ideally you should be able to login, But It's failing with above Network Error in our case.

Sanketbhandare avatar Mar 27 '24 08:03 Sanketbhandare

@jiuker Any update on this?

Sanketbhandare avatar Apr 03 '24 09:04 Sanketbhandare

Yeah. @Sanketbhandare Found that.

jiuker avatar Apr 12 '24 03:04 jiuker

Maybe you need config MINIO_IDENTITY_LDAP_SERVER_INSECURE = on

jiuker avatar Apr 12 '24 07:04 jiuker

Please follow this https://min.io/docs/minio/linux/reference/minio-server/settings/iam/ldap.html, MINIO_IDENTITY_LDAP_SERVER_INSECURE

jiuker avatar Apr 12 '24 07:04 jiuker

@jiuker We've been following the same setting since start, but we're still getting the 401 Unauthorized response. We're using below config along with base DN & LDAP details(Confidential).

MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER: (&(objectclass=groupOfNames)(member=%d)) MINIO_IDENTITY_LDAP_SERVER_INSECURE: on MINIO_IDENTITY_LDAP_SERVER_STARTTLS: off MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY: on MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER: (uid=%s)

Minio Operator version: 5.0.12

Please check and assist us to fix this issue.

Sanketbhandare avatar Apr 15 '24 06:04 Sanketbhandare

@jiuker Please check and assist on this topic? Also, we can reopen this issue. /reopen

Sanketbhandare avatar Apr 18 '24 07:04 Sanketbhandare

LDAP_SERVER running with tls or not ? @Sanketbhandare

jiuker avatar Apr 18 '24 08:04 jiuker

@jiuker LDAP_SERVER is running without tls

Sanketbhandare avatar Apr 23 '24 05:04 Sanketbhandare

No idea for that. I can't reproduce that. @Sanketbhandare Check the server's log.

jiuker avatar Apr 23 '24 07:04 jiuker

we'll share the steps for how to configure it via yaml. cc @cniackz

cesnietor avatar Aug 05 '24 16:08 cesnietor

LDAP can be configured using YAML files, as described in the https://github.com/cniackz/public/wiki/LDAP-config uder .

If you encounter issues with configuration through the UI, please open an issue on GitHub.

cniackz avatar Aug 05 '24 19:08 cniackz