I'm stuck in the process of Openvas ldap authentication configuration.
I use the following openvas components version from upstream:
openvas libraries - 8.0.3
openvas manager - 6.0.3
(both installed from self made ppa repo openvas8)
Distro - Ubuntu 14.04.2 LTS
I found example.auth.conf in libraries sources tarball. With the help of strace i found the directory where openvasmd expected to find it's auth config:
PREFIX/var/lib/openvas/openvasmd/auth.conf
Due to empty PREFIX variable for me the path is following:
/var/lib/openvas/openvasmd/auth.conf
Then i raised the logging level 127=>128 for openvasmd (also runnig in verbose mode -v, cause without that flag interesting info could not be found in logs)
Following the information a found in mailing list archives (example yeah it's rather outdated =\) i added to the config:
[method:ldap]
order=2
enable=false
ldaphost=my_ldap_server_hostname
authdn=uid=%s,my_dn
allow-plaintext=false
I also commented method:file section for test purposes.
But after the service restart and login attempt (using GSAD web interface) i found in openvasmd.log:
lib auth:WARNING:2015-06-23 12h04.38 utc:15352: Unsupported authentication method: method:ldap.
And also the obvious result of login:
md omp: DEBUG:2015-06-23 14h33.05 utc:17775: XML start: authenticate (0)
... - setting my creds, by the way password in log file was in plain text format
md omp: DEBUG:2015-06-23 14h33.05 utc:17775: XML end: authenticate
md main: /<authenticate_response status="400" status_text="Authentication failed"/
First of all, i thought it was misconfiguration issue while compiling the libraries (without ldap support flag). But both libraries and openvas manager are linked with ldap libs (i also added ldap dev libs to the debian/control file as build dependencies for packages):
ldd /usr/lib/libopenvas_misc.so.8.0.3 | grep ldap
libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007fc3529e9000)
ldd /usr/sbin/openvasmd | grep ldap
libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007f83fdead000)
And i found no references of method:ldap in libraries source files.
Only method:ldap_connect was found but it's so called "Per-User ldap authentication". If i correctly understand the conception it is an authentication mechanism for already created users with the right to authenticate via ldap, i've tested it and it works fine (this fact confirms openvas libraries/manager were compiled with ldap support). But it's not a full ldap integration feature i need.
