perfSONAR User Q&A and Other Discussion

["Arabgol, Majid" <>]

Hi Casey,

I appreciate your reply and letting me know the solution, actually I  installed  perfsonar  3.4.1 and now  ldap users can   ssh to the perfsonar boxes ( the have have access ) and was happy about it . but I  did not have time to work around web GUI, will try as soon as as possible.  

thanks again for detailed procedure and configuration file.

Regards,
-Majid

On Feb 6, 2015, at 6:24 PM, Casey Russell <> wrote:

Majid,

     We recently re-installed our PS hosts (upgrading to 3.4.1) and I just today verified that our ldap configs still worked and we still are able to use ldap users to both log into the box via SSH and also manage the PS web gui.  Our systems guru set it up years ago and it transferred over to 3.4 just fine.  Now, having said that, LDAP is complicated.  And there are dozens of different LDAP servers, secured, not secured, Windows, Linux, etc. 

     So what works for us, may not work for everyone.  Our set up first and foremost was intended to allow everyone in our systems and network groups to log into the boxes at the command line.  So we first established system-wide LDAP authentication for SSH login.  Then it was pretty simple to modify a single file (/etc/httpd/conf.d/apache-toolkit_web_gui.conf) and we were done with enabling LDAP for the web gui.

     But if you didn't catch it, I glossed over how un-simple that first step was (establishing LDAP for the system).  I'm attaching the modified apache-toolkit_web_gui.conf.  It has been cleansed of our ldap server names and they have been replaced with comments you'll want to change to match your local settings (these and other comments in the file are enclosed in double square brackets  [[ like this ]].  For this solution to work, it assumes:

1.  That LDAP is working system wide for the CentOS system and the LDAP users (or some of them at least) can log in via SSH
2.  That your LDAP server is using security with certificates (notice the ldaps:  urls and the use of port 636), this could be easily modified if you're not

3.  That your LDAP server and your local Linux system happily agree on that psadmin group and place users into it correctly when they login.

     It's not a drop in and work solution, but it might give you the hints you need to get headed in the right direction.  Unfortunately, I'm not a LDAP guru myself, so I won't have all the answers, but if you need more info than this, hit me up off-list and I'll try to help if I can.

Casey Russell

Network Engineer

Kansas Research and Education Network

2029 Becker Drive, Suite 282

Lawrence, KS  66047

(785)856-9820  ext 9809

On Wed, Dec 10, 2014 at 11:00 AM, Arabgol, Majid <> wrote:

Hi Andy,

I appreciate your reply and comments, sorry for a long silence,  I got sidetracked  by other tasks. I stopped LDAP and created a local admin user for now. If I get any progress I will reply again.

 

Regards,
-Majid

On Dec 1, 2014, at 8:46 AM, Andrew Lake <> wrote:

Hi,

That is not supported directly by the perfSONAR development team so I can't give much guidance other than we don't do anything special other than configure mod_auth for Apache. You are welcome to try to change that config to use LDAP with the caveat that if you break anything in doing so we might not be able to answer questions. Googling apache and ldap should get you on the right track. Not sure if others have tried but given its been a few days with no response you may be embarking on new territory. If you do get it working it would be great if you could give write-up of the steps in case others might be interested.

Thanks.

Andy

On Nov 25, 2014, at 11:56 AM, "Arabgol, Majid" <> wrote:

Hi,

We have installed perfsonar 3.4.1 but we have problem setting “administration information”.  this is ldap client and we would like to use ldap users instead of local users , how this is possible?

Thanks for your help.

Regards,
-Majid

<apache-toolkit_web_gui.conf commented.txt>