Openvas 9 LDAP Authentication

Question

I am trying to configure Openvas 9 to use LDAP, for the login to the Greenbone software. It appears as based off of other threads, this issue with LDAP in unresolved unless I am seriously mistaken.

My problems is that I am trying to allow multiple users based on active directory, access to Greenbone.

However, no configuration of mine seems to be working.

This is the output when I attempt to login with a user created and specified for LDAP use in Greenbone:

 lib  serv: DEBUG:2016-11-15   19h47.35 utc:9786:     Shook hands with peer.
 md   main: DEBUG:2016-11-15   19h47.35 utc:9786:     sql_open: db open, max retry sleep time is 0
 lib  ldap: WARNING:2016-11-15 19h47.35 utc:9786: StartTLS failed, trying to establish ldaps connection.
 lib  ldap: WARNING:2016-11-15 19h47.35 utc:9786: LDAP Authentication failure: Can't contact LDAP server
 lib  ldap: DEBUG:2016-11-15   19h47.35 utc:9786: Could not bind to ldap host my.host.example:389
 md    omp: WARNING:2016-11-15 19h47.35 utc:9786: Authentication failure for 'myuser' from 127.0.0.1

As shown, the LDAP cannot bind to my host, I am not sure why and am curious as to how I am supposed to configure LDAP correctly, allowing created users to login using AD credentials.

Answer 1

the error shows that both your ldap startls and your ldaps connections to your AD server are not working.

To get this to work you typically need to use certificates on your domain controllers, and you need to have the certificate authority file that signed those certificates on your openvas server.

Once you fix that, then you should be able to authenticate to your AD.