LDAP authentication for Macintosh
-
I want to set up the computers in my organization to authenticate with the cloudron LDAP Server but am struggling to get it set up. I am using Tunnelblick on the Computer and whitelisted the VPN IP address as well as the public IP address of the Cloudron Server within the LDAP configuration. Does anyone have any experience with this?
-
To be honest being able to turn off the static IP restriction would be nice.
-
@andreasdueren you can add entire networks using CIDR notation.
You can also add public IP address like in https://serverfault.com/questions/304781/ipv4-cidr-ranges-for-everything-except-rfc1918
-
I was wondering why 0.0.0.0/0 is not accepted. This looks like a bug maybe - https://bugzilla.redhat.com/show_bug.cgi?id=1297092 . Probably not going to be fixed soon.
-
@girish said in LDAP authentification for Macintosh:
@andreasdueren you can add entire networks using CIDR notation.
You can also add public IP address like in https://serverfault.com/questions/304781/ipv4-cidr-ranges-for-everything-except-rfc1918
I've added these but its still throwing a connection error
0.0.0.0/5 8.0.0.0/7 11.0.0.0/8 12.0.0.0/6 16.0.0.0/4 32.0.0.0/3 64.0.0.0/2 128.0.0.0/3 160.0.0.0/5 168.0.0.0/6 172.0.0.0/12 172.32.0.0/11 172.64.0.0/10 172.128.0.0/9 173.0.0.0/8 174.0.0.0/7 176.0.0.0/4 192.0.0.0/9 192.128.0.0/11 192.160.0.0/13 192.169.0.0/16 192.170.0.0/15 192.172.0.0/14 192.176.0.0/12 192.192.0.0/10 193.0.0.0/8 194.0.0.0/7 196.0.0.0/6 200.0.0.0/5 208.0.0.0/4
Any other ideas?
-
@andreasdueren for a start, just add the IP of the Mac explicitly and see if that works. That will help us understand if this is a network issue or whitelist configuration issue.
-
@girish said in LDAP authentification for Macintosh:
@andreasdueren for a start, just add the IP of the Mac explicitly and see if that works. That will help us understand if this is a network issue or whitelist configuration issue.
I've tried that with no other addresses in the whitelist but unfortunately without any luck. I also tried to rule out local network problems by using a phone hotspot.
-
@andreasdueren Have you tried connecting using
telnet my.domain.com 636
? Does it connect ? Are you using Cloudflare by any chance? Is there a firewall in front of the server? There's many variables here, I think more information the better. -
@girish said in LDAP authentification for Macintosh:
@andreasdueren for a start, just add the IP of the Mac explicitly and see if that works. That will help us understand if this is a network issue or whitelist configuration issue.
telnet my.domain.com 636
is not connecting. I'm using Cloudflare but without proxying. My current IP is whitelisted.Interestingly, when the address is whitelisted, this message shows up:
telnet my.domain.com 636 Trying [Server IP]... Connected to my.domain.com. Escape character is '^]'. Connection closed by foreign host.
But when the IP is not whitelisted, it just keeps going and is not getting closed.
telnet my.domain.com 636 Trying [Server IP]... Connected to my.domain.com. Escape character is '^]'.
I don't have any Firewall active.
-
@andreasdueren said in LDAP authentification for Macintosh:
But when the IP is not whitelisted, it just keeps going and is not getting closed.
So strange. The behavior should be the exact opposite!
Not sure what to suggest anymore, maybe you can write to support@cloudron.io and we can try to debug.