1

I'm stuck in the process of Openvas ldap authentication configuration.

I use the following openvas components version from upstream:

openvas libraries - 8.0.3  
openvas manager - 6.0.3  

(both installed from self made ppa repo openvas8)

Distro - Ubuntu 14.04.2 LTS

I found example.auth.conf in libraries sources tarball. With the help of strace i found the directory where openvasmd expected to find it's auth config:

PREFIX/var/lib/openvas/openvasmd/auth.conf  

Due to empty PREFIX variable for me the path is following:

/var/lib/openvas/openvasmd/auth.conf

Then i raised the logging level 127=>128 for openvasmd (also runnig in verbose mode -v, cause without that flag interesting info could not be found in logs)

Following the information a found in mailing list archives (example yeah it's rather outdated =\) i added to the config:

[method:ldap]  
order=2  
enable=false  
ldaphost=my_ldap_server_hostname  
authdn=uid=%s,my_dn  
allow-plaintext=false

I also commented method:file section for test purposes. But after the service restart and login attempt (using GSAD web interface) i found in openvasmd.log:
lib auth:WARNING:2015-06-23 12h04.38 utc:15352: Unsupported authentication method: method:ldap.

And also the obvious result of login:

md    omp:  DEBUG:2015-06-23 14h33.05 utc:17775:    XML  start: authenticate (0)  

... - setting my creds, by the way password in log file was in plain text format

md    omp:  DEBUG:2015-06-23 14h33.05 utc:17775:    XML    end: authenticate  

md   main: /<authenticate_response status="400" status_text="Authentication failed"/

First of all, i thought it was misconfiguration issue while compiling the libraries (without ldap support flag). But both libraries and openvas manager are linked with ldap libs (i also added ldap dev libs to the debian/control file as build dependencies for packages):

ldd /usr/lib/libopenvas_misc.so.8.0.3 | grep ldap
    libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007fc3529e9000)  
ldd /usr/sbin/openvasmd | grep ldap
    libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007f83fdead000)

And i found no references of method:ldap in libraries source files. Only method:ldap_connect was found but it's so called "Per-User ldap authentication". If i correctly understand the conception it is an authentication mechanism for already created users with the right to authenticate via ldap, i've tested it and it works fine (this fact confirms openvas libraries/manager were compiled with ldap support). But it's not a full ldap integration feature i need.

Vitenberg
  • 11
  • 1
  • 4

1 Answers1

0

I'm betting it's because your libraries weren't compiled with ldap support. From your build logs:

cd /«PKGBUILDDIR»/obj-x86_64-linux-gnu/misc && /usr/bin/x86_64-linux-gnu-gcc  -DENABLE_LDAP_AUTH=1

This is unfortunately the same as the unofficially recommended ppa.

Travis
  • 123
  • 7