Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simple example of how to use the LDAP authenticator #19

Closed
theodotos opened this issue Jan 23, 2018 · 16 comments
Closed

Simple example of how to use the LDAP authenticator #19

theodotos opened this issue Jan 23, 2018 · 16 comments
Labels
question

Comments

@theodotos
Copy link

Hi,

I have been looking for an example on how to set the LDAP authenticator. I have setup the LDAPauth.ini and run the LDAPauth.py script. It starts a daemon at port 36655:

root@mumble:~# ss -lnptu | grep python
tcp    LISTEN     0      128            127.0.0.1:36655                 *:*      users:(("python",pid=20977,fd=7))

How can I tell the mumble server to authenticate against this?

Am I missing something very obvious? I couldn't find any documentation on how to do that.
@Kissaki
Copy link
Member

Kissaki commented Mar 10, 2019

Hey, sorry for the late reply.

The authenticator connects to the Mumble server via Ice. Make sure ice is running in your Mumble server configuration file. In the LDAP authenticator configuration file see the [ice] section - this configures the Ice endpoint of the Mumble server to connect to.

@Kissaki Kissaki closed this as completed Aug 17, 2019
@theodotos
Copy link
Author

theodotos commented Sep 1, 2019
edited
Loading

@Kissaki thanks for the info. I've figured it out eventually :)

I've prepared a simple guide on how to set LDAP auth for the mumble server. HTH.

Enable LDAP authentication for the Mumble Server

In this guide we explain how to setup LDAP authentication for murmurd (aka mumble-server).

Prerequisites

  • A mumble server
  • Enable ICE with password protection in /etc/mumble-server.ini:
ice="tcp -h 127.0.0.1 -p 6502"
icesecretread=MySecretIcePass
icesecretwrite=MySecretIcePass
  • An LDAP service account:
$ ldapsearch -ZZ -x -H ldap://ldap.example.com -D "cn=mumble,ou=dsa,dc=example,dc=com" -b ou=people,dc=example,dc=com -W -s sub '(uid=myusername)' -LLL
Enter LDAP Password: 
dn: uid=myusername,ou=people,dc=example,dc=com
cn: User Name
sn: Name
givenName: User
uid: myusername
displayName: User Name
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
mail: myusername@example.com
roomNumber: 111
userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=

Setting up a unique roomNumber is important since this is the field we are using for uniqueness in Mumble.

Get the LDAP Authenticator

  • Download the LDAP authenticator and sample configuration:
# curl -s -OL https://raw.github.com/mumble-voip/mumble-scripts/master/Authenticators/LDAP/LDAPauth.py
# curl -s -OL https://raw.github.com/mumble-voip/mumble-scripts/master/Authenticators/LDAP/LDAPauth.ini

Install the Authenticator

  • Install the authenticator script:
# cp LDAPauth.py /usr/local/sbin/
# chmod +x /usr/local/sbin/LDAPauth.py
  • Install the config file:
# mkdir /etc/mumble-scripts
# cp LDAPauth.ini /etc/mumble-scripts
  • Edit the configuration appropriately:
[user]
id_offset       = 1000000000
reject_on_error = True
reject_on_miss  = True

[ice]
host            = 127.0.0.1
port            = 6502
slice           = /usr/share/slice/Murmur.ice
secret          = MySecretIcePass
watchdog        = 30

[ldap]
bind_dn = cn=mumble,ou=dsa,dc=example,dc=com
bind_pass = MySecretLDAPPass
ldap_uri = ldaps://ldap.example.com
users_dn = ou=people,dc=example,dc=com
discover_dn = false
username_attr = uid
number_attr = roomNumber
display_attr = cn
group_cn = cn=all,ou=groups,dc=example,dc=com
group_attr = member
provide_info = True
mail_attr = mail
provide_users = True

[murmur]
servers      = 

[log]
level   =
file    = /var/log/mumble-server/LDAPauth.log

[iceraw]
Ice.ThreadPool.Server.Size = 5

Start LDAPAuth.py as a systemd service

  • Create a systemd service file under /etc/systemd/system/mumble-ldapauth.service:
[Unit]
Description=LDAP Authentication Service for Mumble Server
Documentation=https://github.com/mumble-voip/mumble-scripts/issues/19
After=network.target mumble-server.service

[Service]
Type=simple
User=mumble-server
Group=mumble-server
WorkingDirectory=/etc/mumble-scripts
ExecStart=/usr/local/sbin/LDAPauth.py
StandardOutput=syslog
StandardError=syslog

[Install]
WantedBy=multi-user.target
  • Start and enable the service:
# systemctl daemon-reload
# systemctl enable mumble-ldapauth.service
# systemctl start mumble-ldapauth.service
  • Verify:
# systemctl status mumble-ldapauth.service 
* mumble-ldapauth.service - LDAP Authentication Service for Mumble Server
   Loaded: loaded (/etc/systemd/system/mumble-ldapauth.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-09-01 00:29:50 PDT; 3s ago
     Docs: https://github.com/mumble-voip/mumble-scripts/issues/19
 Main PID: 2544 (python)
    Tasks: 12 (limit: 4915)
   Memory: 44.4M
   CGroup: /system.slice/mumble-ldapauth.service
           `-2544 python /usr/local/sbin/LDAPauth.py

Sep 01 00:29:50 chat systemd[1]: Started LDAP Authentication Service for Mumble Server.
  • Restart both services:
# systemctl restart mumble-server.service mumble-ldapauth.service

Connect to mumble

Use these client settings:

  • Address: mumble.example.com
  • Port: 64738
  • Username: myusername
  • Label: My Mumble Server

References:

@Kissaki
Copy link
Member

Kissaki commented Sep 1, 2019

@theodotos Would you be willing to add this guide to our documentation wiki?

Or would you mind me copying it there (with attribution)?

@theodotos
Copy link
Author

@Kissaki grandly :).

The wiki here seems empty. Do you have another wiki?

@Kissaki
Copy link
Member

Kissaki commented Sep 1, 2019

I don’t think the one on this repository should be enabled. :) I disabled it.

Our documentation wiki is at https://wiki.mumble.info/wiki/Main_Page

You will have to create an account though I have to approve manually.

I would create https://wiki.mumble.info/index.php?search=How+to+set+up+an+LDAP+authenticator&title=Special%3ASearch&go=Go

and we can link it from https://wiki.mumble.info/wiki/3rd_Party_Applications#Authenticators

@theodotos
Copy link
Author

@Kissaki Ready:

https://wiki.mumble.info/wiki/How_to_set_up_an_LDAP_authenticator

@Kissaki
Copy link
Member

Kissaki commented Sep 2, 2019

Thank you 👍

@AlGillet
Copy link

AlGillet commented Apr 6, 2020

Hello @theodotos and @Kissaki

Thank you for the clear documentaion on the Wiki.
I have follwed this documentation, but when i tried to start "mumble-ldapauth.service" i have faced this error :

  • avril 06 16:18:29 HOST systemd[1]: Started LDAP Authentication Service for Mumble Server.
  • avril 06 16:18:29 HOST systemd[1]: Starting LDAP Authentication Service for Mumble Server...
  • avril 06 16:18:29 HOST LDAPauth.py[3299]: [58B blob data]
  • avril 06 16:18:29 HOST systemd[1]: mumble-ldapauth.service: main process exited, code=exited, status=127/n/a
  • avril 06 16:18:29 HOST systemd[1]: Unit mumble-ldapauth.service entered failed state.
  • avril 06 16:18:29 HOST systemd[1]: mumble-ldapauth.service failed.

I just changed the user and group to "root" in the file "mumble-ldapauth.serrvice".
Because i d'ont have the "mumble-server" user.
I aleready tried with my murmur service user, but same result.

Have you any idea of what happened ? and maybe an idea to solve this issue ?

Thank You

Alexis

@theodotos
Copy link
Author

@AlGillet can you paste the output of journalctl -xe -u mumble-ldapauth.service somewhere?

@AlGillet
Copy link

AlGillet commented Apr 6, 2020
edited
Loading

@theodotos

Here is the output :
log.txt

Edit : we are using Centos 7.2.1511 (core)

Thank you for your reactivity

Alexis

@theodotos
Copy link
Author

@AlGillet it doesn't say much. Can you try running /usr/local/sbin/LDAPauth.py on you terminal and show us the output?

@AlGillet
Copy link

AlGillet commented Apr 7, 2020

@theodotos

here is the result of the command, but i have to add "python" to laucnh the script :

[root@HOST ~]# python /usr/local/sbin/LDAPauth.py
Traceback (most recent call last):
File "/usr/local/sbin/LDAPauth.py", line 106, in
import ldap
ImportError: No module named ldap

@theodotos
Copy link
Author

@AlGillet so you have two problems. First you need to make that script executable:

chmod +x /usr/local/sbin/LDAPauth.py

And then you need to install the python ldap module and whatever other modules necessary for the the script to run without errors. Then try to restart the mumble-ldapauth service.

@w1n5l0w w1n5l0w mentioned this issue Feb 24, 2021
Merged
@fresnohernandez99
Copy link

@theodotos i have the same issues. How to install the necessary python modules

@Krzmbrzl
Copy link
Member

Krzmbrzl commented Mar 7, 2021
edited by Kissaki
Loading

Without actually knowing, I would expect something like pip3 install ldap to work

@fresnohernandez99
Copy link

Thanks you that works @Krzmbrzl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Kissaki @theodotos @Krzmbrzl @fresnohernandez99 @AlGillet