Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using LDAPv3 to authenticate against MacOS #10123

Open
krim404 opened this issue Jun 16, 2024 · 3 comments
Open

Using LDAPv3 to authenticate against MacOS #10123

krim404 opened this issue Jun 16, 2024 · 3 comments
Labels
question Further information is requested

Comments

@krim404
Copy link

krim404 commented Jun 16, 2024

I am attempting to connect MacOS directly to Authentik using the LDAP interface, but I have been unable to get it working so far. I have already successfully set up an SSSD connection, confirming that the Authentik LDAP service itself is functional. However, I have not been able to find any documentation or resources on using the Authentik LDAP interface specifically with MacOS.

This leads me to my main question - is it even possible to authenticate MacOS systems against the Authentik LDAP outpost? In my research, I came across a few reports suggesting that the Authentik LDAP interface may not be feature complete compared to a full LDAP server.

Before investing more time troubleshooting, I wanted to confirm whether direct MacOS authentication is an intended/supported use case. Any insights or experiences from the community would be greatly appreciated.

Has anyone successfully connected MacOS to Authentik via the LDAP interface? Or alternatively, can anyone definitively confirm that this is not currently possible due to limitations of the Authentik LDAP implementation?

Thank you in advance for your help!
@krim404 krim404 added the question Further information is requested label Jun 16, 2024
@gregistech
Copy link

Can't say anything about the MacOS part, but on Linux SSSD works perfectly for me.

This is my config:

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[sssd]
debug_level = 999
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
domains = xxxx
#services = nss, pam, ssh

[pam]
reconnection_retries = 3

[domain/xxxx]
#cache_credentials = true
use_fully_qualified_names = false
ldap_id_mapping = false
override_homedir = /mnt/data/homes/%u
default_shell = /bin/bash

id_provider = ldap
chpass_provider = ldap
auth_provider = ldap
access_provider = permit
ldap_uri = ldap://ldap.xxxx

ldap_id_use_start_tls = true

ldap_schema = rfc2307bis
ldap_search_base = DC=ldap,DC=goauthentik,DC=io
ldap_user_search_base = ou=users,DC=ldap,DC=goauthentik,DC=io
ldap_group_search_base = ou=groups,DC=ldap,DC=goauthentik,DC=io

ldap_user_object_class = user
ldap_user_name = cn
ldap_group_object_class = group
ldap_group_name = cn

#ldap_access_order = filter
#ldap_access_filter = memberOf=cn=smb,ou=groups,DC=ldap,DC=goauthentik,DC=io

ldap_default_bind_dn = cn=ldapservice,ou=users,DC=ldap,DC=goauthentik,DC=io
ldap_default_authtok = your_password_to_ldapservice

@krim404
Copy link
Author

krim404 commented Jun 21, 2024
edited
Loading

yes, SSSD works for me as well as i said, but i cant get macos to use the LDAP.

@gregistech
Copy link

yes, SSSD works for me as well as i said, but i cant get macos to use the LDAP.

Ah I thought MacOS could use SSSD. Sadly I can't help with MacOS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@krim404 @gregistech