Automatic configuration of LDAP credentials

I have successfully gotten LDAP authentication to work in GSA 8.0.1. First I configured the LDAP server, then I added a couple of users who were configured with “LDAP Authentication Only”.

Now I would like to automate this, but I’m unclear how. The recommended way of scripting GVM in general seems to be python-gvm. There are plenty of examples floating around on how to add users, but there’s no CredentialType for LDAP authentication.

As for initially configuring LDAP, I have no clue. There’s definitely nothing in python-gvm. I’d gladly use gvm-cli as a fallback, but I can’t find any hints on how to properly compose an XML command to configure LDAP.

My escape hatch is simply replaying the POST requests the GSA UI makes as curl commands, but that seems like a cop-out.

Pointers are greatly appreciated!

Thanks,

László

Figured it out by reverse-engineering GSAD.

Configuring the LDAP connection using gvm-cli:

AUTH="<authenticate><credentials><username>$GVM_USER</username><password>$GVM_PASSWORD</password></credentials></authenticate>"

gvm-cli tls --hostname 127.0.0.1 --xml "<commands> \
$AUTH \
<modify_auth><group name=\"method:ldap_connect\"> \
    <auth_conf_setting><key>enable</key><value>true</value></auth_conf_setting> \
    <auth_conf_setting><key>ldaphost</key><value>ldap.my.org</value></auth_conf_setting> \
    <auth_conf_setting><key>authdn</key><value>uid=%s,o=org,dc=div</value></auth_conf_setting> \
    <auth_conf_setting><key>cacert</key><value>$(</path/to/ldap/cert)</value></auth_conf_setting> \
</group></modify_auth> \
</commands>"

Hope this helps anyone.

1 Like

modify_auth is also supported by python-gvm https://python-gvm.readthedocs.io/en/latest/api/gmpv7.html#gvm.protocols.gmpv7.Gmp.modify_auth

2 Likes