Hi fredreichbier,
i changed the pasthrough bind DN, but i’m still getting the same error. see the logs below:
Nov 02 21:24:09 privacyidea.local systemd[1]: Starting privacyIDEA LDAP proxy…
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [pi_ldapproxy.proxy#info] privacyIDEA HTTPS certificate will be checked against system certificate store
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [pi_ldapproxy.proxy#info] Passthrough DNs: [‘cn=directory manager’]
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [pi_ldapproxy.proxy#info] Using user mapping strategy: <class ‘pi_ldapproxy.usermapping.LookupMappingStrategy’>
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [pi_ldapproxy.proxy#info] Using realm mapping strategy: <class ‘pi_ldapproxy.realmmapping.StaticMappingStrategy’>
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x3b73f80>
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 16.6.0 (/root/venv/bin/python 2.7.5) starting up.
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [-] ProxyServerFactory starting on 389
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [pi_ldapproxy.proxy.ProxyServerFactory#info] Starting factory <pi_ldapproxy.proxy.ProxyServerFactory instance at 0x3b73d88>
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [pi_ldapproxy.proxy#info] Successfully tested the connection to the LDAP backend using the service account
Nov 02 21:24:10 privacyidea.local twistd[22215]: 2017-11-02T21:24:10+0100 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x3b73f80>
Nov 02 21:24:20 privacyidea.local twistd[22215]: 2017-11-02T21:24:20+0100 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x3b74830>
Nov 02 21:24:20 privacyidea.local twistd[22215]: 2017-11-02T21:24:20+0100 [pi_ldapproxy.proxy#info] BindRequest for ‘cn=directory manager’, passing through …
Nov 02 21:24:20 privacyidea.local twistd[22215]: 2017-11-02T21:24:20+0100 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x3b74830>
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x3b74bd8>
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x3b74fc8>
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [pi_ldapproxy.proxy#info] BindRequest for ‘uid=mohammed.abdirahman,ou=People,dc=com1,dc=nl’ received …
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x3cd6560>
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [pi_ldapproxy.proxy#info] BindRequest for ‘cn=directory manager’, passing through …
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [pi_ldapproxy.proxy#info] Resolved ‘uid=mohammed.abdirahman,ou=People,dc=com1,dc=nl’ to ‘mohammed.abdirahman’@’’ (’’)
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [twisted.web.client._HTTP11ClientFactory#info] Starting factory <twisted.web.client._HTTP11ClientFactory instance at 0x3cd9950>
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x3cd6560>
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [pi_ldapproxy.proxy#critical] Could not bind
Nov 02 21:24:21 privacyidea.local twistd[22215]: Traceback (most recent call last):
Nov 02 21:24:21 privacyidea.local twistd[22215]: Failure: twisted.web._newclient.RequestTransmissionFailed: [<twisted.python.failure.Failure OpenSSL.SSL.Error: [(‘SSL routines’, ‘ssl3_get_server_certificate’, ‘certificate verify failed’)]>]
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [pi_ldapproxy.proxy#info] Sending BindResponse “invalid credentials”: LDAP Proxy failed.
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [HTTP11ClientProtocol (TLSMemoryBIOProtocol),client] Unexpected exception from twisted.web.client.FileBodyProducer.stopProducing
Nov 02 21:24:21 privacyidea.local twistd[22215]: Traceback (most recent call last):
Nov 02 21:24:21 privacyidea.local twistd[22215]: File “/root/venv/lib/python2.7/site-packages/twisted/internet/endpoints.py”, line 130, in connectionLost
Nov 02 21:24:21 privacyidea.local twistd[22215]: return self._wrappedProtocol.connectionLost(reason)
Nov 02 21:24:21 privacyidea.local twistd[22215]: File “/root/venv/lib/python2.7/site-packages/twisted/web/_newclient.py”, line 929, in dispatcher
Nov 02 21:24:21 privacyidea.local twistd[22215]: return func(*args, **kwargs)
Nov 02 21:24:21 privacyidea.local twistd[22215]: File “/root/venv/lib/python2.7/site-packages/twisted/web/_newclient.py”, line 1599, in _connectionLost_TRANSMITTING
Nov 02 21:24:21 privacyidea.local twistd[22215]: self._currentRequest.stopWriting()
Nov 02 21:24:21 privacyidea.local twistd[22215]: File “/root/venv/lib/python2.7/site-packages/twisted/web/_newclient.py”, line 830, in stopWriting
Nov 02 21:24:21 privacyidea.local twistd[22215]: _callAppFunction(self.bodyProducer.stopProducing)
Nov 02 21:24:21 privacyidea.local twistd[22215]: — —
Nov 02 21:24:21 privacyidea.local twistd[22215]: File “/root/venv/lib/python2.7/site-packages/twisted/web/_newclient.py”, line 194, in _callAppFunction
Nov 02 21:24:21 privacyidea.local twistd[22215]: function()
Nov 02 21:24:21 privacyidea.local twistd[22215]: File “/root/venv/lib/python2.7/site-packages/twisted/web/client.py”, line 1041, in stopProducing
Nov 02 21:24:21 privacyidea.local twistd[22215]: self._task.stop()
Nov 02 21:24:21 privacyidea.local twistd[22215]: File “/root/venv/lib/python2.7/site-packages/twisted/internet/task.py”, line 497, in stop
Nov 02 21:24:21 privacyidea.local twistd[22215]: self._checkFinish()
Nov 02 21:24:21 privacyidea.local twistd[22215]: File “/root/venv/lib/python2.7/site-packages/twisted/internet/task.py”, line 507, in _checkFinish
Nov 02 21:24:21 privacyidea.local twistd[22215]: raise self._completionState
Nov 02 21:24:21 privacyidea.local twistd[22215]: twisted.internet.task.TaskStopped:
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [twisted.web.client._HTTP11ClientFactory#info] Stopping factory <twisted.web.client._HTTP11ClientFactory instance at 0x3cd9950>
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x3b74fc8>
Nov 02 21:24:21 privacyidea.local twistd[22215]: 2017-11-02T21:24:21+0100 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x3b74bd8>
Nov 02 21:26:01 privacyidea.local systemd[1]: Stopping privacyIDEA LDAP proxy…
Nov 02 21:26:01 privacyidea.local twistd[22215]: 2017-11-02T21:26:01+0100 [-] Received SIGTERM, shutting down.
Nov 02 21:26:01 privacyidea.local twistd[22215]: 2017-11-02T21:26:01+0100 [-] (TCP Port 389 Closed)
Nov 02 21:26:01 privacyidea.local twistd[22215]: 2017-11-02T21:26:01+0100 [pi_ldapproxy.proxy.ProxyServerFactory#info] Stopping factory <pi_ldapproxy.proxy.ProxyServerFactory instance at 0x3b73d88>
Nov 02 21:26:01 privacyidea.local twistd[22215]: 2017-11-02T21:26:01+0100 [-] Main loop terminated.
Nov 02 21:26:01 privacyidea.local twistd[22215]: 2017-11-02T21:26:01+0100 [twisted.scripts._twistd_unix.UnixAppLogger#info] Server Shut Down.
Nov 02 21:26:01 privacyidea.local systemd[1]: Started privacyIDEA LDAP proxy.
Nov 02 21:26:01 privacyidea.local systemd[1]: Starting privacyIDEA LDAP proxy…
Nov 02 21:26:02 privacyidea.local twistd[22331]: 2017-11-02T21:26:02+0100 [pi_ldapproxy.proxy#info] privacyIDEA HTTPS certificate will be checked against system certificate store
Nov 02 21:26:02 privacyidea.local twistd[22331]: 2017-11-02T21:26:02+0100 [pi_ldapproxy.proxy#info] Passthrough DNs: [‘cn=directory manager’]
Nov 02 21:26:02 privacyidea.local twistd[22331]: 2017-11-02T21:26:02+0100 [pi_ldapproxy.proxy#info] Using user mapping strategy: <class ‘pi_ldapproxy.usermapping.LookupMappingStrategy’>
Nov 02 21:26:02 privacyidea.local twistd[22331]: 2017-11-02T21:26:02+0100 [pi_ldapproxy.proxy#info] Using realm mapping strategy: <class ‘pi_ldapproxy.realmmapping.StaticMappingStrategy’>
Nov 02 21:26:02 privacyidea.local twistd[22331]: 2017-11-02T21:26:02+0100 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 16.6.0 (/root/venv/bin/python 2.7.5) starting up.
Nov 02 21:26:02 privacyidea.local twistd[22331]: 2017-11-02T21:26:02+0100 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.
Nov 02 21:26:02 privacyidea.local twistd[22331]: 2017-11-02T21:26:02+0100 [-] ProxyServerFactory starting on 389
Nov 02 21:26:02 privacyidea.local twistd[22331]: 2017-11-02T21:26:02+0100 [pi_ldapproxy.proxy.ProxyServerFactory#info] Starting factory <pi_ldapproxy.proxy.ProxyServerFactory instance at 0x36d6d88>
Nov 02 21:26:23 privacyidea.local twistd[22331]: 2017-11-02T21:26:23+0100 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x36d7518>
Nov 02 21:26:23 privacyidea.local twistd[22331]: 2017-11-02T21:26:23+0100 [pi_ldapproxy.proxy#info] BindRequest for ‘cn=directory manager’, passing through …
Nov 02 21:26:23 privacyidea.local twistd[22331]: 2017-11-02T21:26:23+0100 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x36d7518>
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x36d7a28>
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x36d7e18>
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [pi_ldapproxy.proxy#info] BindRequest for ‘uid=mohammed.abdirahman,ou=People,dc=com1,dc=nl’ received …
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x387b3b0>
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [pi_ldapproxy.proxy#info] BindRequest for ‘cn=directory manager’, passing through …
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [pi_ldapproxy.proxy#info] Resolved ‘uid=mohammed.abdirahman,ou=People,dc=com1,dc=nl’ to ‘mohammed.abdirahman’@’’ (’’)
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [twisted.web.client._HTTP11ClientFactory#info] Starting factory <twisted.web.client._HTTP11ClientFactory instance at 0x387f758>
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x387b3b0>
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [pi_ldapproxy.proxy#critical] Could not bind
Nov 02 21:26:24 privacyidea.local twistd[22331]: Traceback (most recent call last):
Nov 02 21:26:24 privacyidea.local twistd[22331]: Failure: twisted.web._newclient.RequestTransmissionFailed: [<twisted.python.failure.Failure OpenSSL.SSL.Error: [(‘SSL routines’, ‘ssl3_get_server_certificate’, ‘certificate verify failed’)]>]
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [pi_ldapproxy.proxy#info] Sending BindResponse “invalid credentials”: LDAP Proxy failed.
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [HTTP11ClientProtocol (TLSMemoryBIOProtocol),client] Unexpected exception from twisted.web.client.FileBodyProducer.stopProducing
Nov 02 21:26:24 privacyidea.local twistd[22331]: Traceback (most recent call last):
Nov 02 21:26:24 privacyidea.local twistd[22331]: File “/root/venv/lib/python2.7/site-packages/twisted/internet/endpoints.py”, line 130, in connectionLost
Nov 02 21:26:24 privacyidea.local twistd[22331]: return self._wrappedProtocol.connectionLost(reason)
Nov 02 21:26:24 privacyidea.local twistd[22331]: File “/root/venv/lib/python2.7/site-packages/twisted/web/_newclient.py”, line 929, in dispatcher
Nov 02 21:26:24 privacyidea.local twistd[22331]: return func(*args, **kwargs)
Nov 02 21:26:24 privacyidea.local twistd[22331]: File “/root/venv/lib/python2.7/site-packages/twisted/web/_newclient.py”, line 1599, in _connectionLost_TRANSMITTING
Nov 02 21:26:24 privacyidea.local twistd[22331]: self._currentRequest.stopWriting()
Nov 02 21:26:24 privacyidea.local twistd[22331]: File “/root/venv/lib/python2.7/site-packages/twisted/web/_newclient.py”, line 830, in stopWriting
Nov 02 21:26:24 privacyidea.local twistd[22331]: _callAppFunction(self.bodyProducer.stopProducing)
Nov 02 21:26:24 privacyidea.local twistd[22331]: — —
Nov 02 21:26:24 privacyidea.local twistd[22331]: File “/root/venv/lib/python2.7/site-packages/twisted/web/_newclient.py”, line 194, in _callAppFunction
Nov 02 21:26:24 privacyidea.local twistd[22331]: function()
Nov 02 21:26:24 privacyidea.local twistd[22331]: File “/root/venv/lib/python2.7/site-packages/twisted/web/client.py”, line 1041, in stopProducing
Nov 02 21:26:24 privacyidea.local twistd[22331]: self._task.stop()
Nov 02 21:26:24 privacyidea.local twistd[22331]: File “/root/venv/lib/python2.7/site-packages/twisted/internet/task.py”, line 497, in stop
Nov 02 21:26:24 privacyidea.local twistd[22331]: self._checkFinish()
Nov 02 21:26:24 privacyidea.local twistd[22331]: File “/root/venv/lib/python2.7/site-packages/twisted/internet/task.py”, line 507, in _checkFinish
Nov 02 21:26:24 privacyidea.local twistd[22331]: raise self._completionState
Nov 02 21:26:24 privacyidea.local twistd[22331]: twisted.internet.task.TaskStopped:
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [twisted.web.client._HTTP11ClientFactory#info] Stopping factory <twisted.web.client._HTTP11ClientFactory instance at 0x387f758>
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x36d7e18>
Nov 02 21:26:24 privacyidea.local twistd[22331]: 2017-11-02T21:26:24+0100 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x36d7a28>