Hi Team,
I am facing an issue while configuring LDAP with my Rundeck server. I also have an old version of Rundeck 2.11 where LDAP configuration is working but with 3.4 it is not. I tried all possible configurations mentioned on Google but no luck so far. Below is my configuration:
In profile.bat i added below:
set RDECK_JVM_OPTS=-Dloginmodule.conf.name=jaas-activedirectory.conf -Dloginmodule.name=activedirectory -Dcom.dtolabs.rundeck.jetty.jaas.LEVEL=DEBUG -Drundeck.jaaslogin=true
I also tried with below configuration but that didn't help:
set RDECK_JVM_OPTS=-Drundeck.jaaslogin=true -Djava.security.auth.login.config=C:\rundeck\server\config\jaas-activedirectory.conf -Dloginmodule.name=activedirectory
Here is my Profile.bat file:
set RDECK_BASE=C:\rundeck
set JAVA_HOME=C:\Program Files\Java\jre1.8.0_202
:: Unsetting JRE_HOME to ensure there is no conflict with JAVA_HOME
(set JRE_HOME=)
set Path=%JAVA_HOME%\bin;%RDECK_BASE%\tools\bin;%Path%
set RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=%RDECK_BASE%\etc\truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
set RDECK_CLI_OPTS=-Xms256m -Xmx4096m
set RD_LIBDIR=%RDECK_BASE%\tools\lib
set KUBECONFIG=C:\Users\rsaxena\.kube\config
set AWS_CONFIG_FILE=C:\Users\rsaxena\.aws\config
set AWS_SHARED_CREDENTIALS_FILE=C:\Users\rsaxena\.aws\credentials
set RDECK_JVM_OPTS=-Drundeck.jaaslogin=true -Djava.security.auth.login.config=C:\rundeck\server\config\jaas-activedirectory.conf -Dloginmodule.name=activedirectory
Below is my jass-activedirectory.conf file under C:\rundeck\server\config:
activedirectory {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://ADURL1:389 ldap://ADURL2:389 ldap://ADURL3:389"
bindDn="CN=Connect Service,OU=Service,OU=SA,DC=dma,DC=net"
bindPassword="XXXXX"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="OU=Users,OU=adbe,DC=dma,DC=net"
userRdnAttribute="sAMAccountName"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="OU=Groups,OU=adbe,DC=dma,DC=net"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
reportStatistics="true"
supplementalRoles="user";
};
It seems like Rundeck is not even trying to authenticate via LDAP and keeps giving me "Bad Credentials" error. It is only working with default admin/ admin login.
ERROR Log:
[2022-05-17T13:44:43,795] INFO rundeckapp.BootStrap - Rundeck is ACTIVE: executions can be run.
[2022-05-17T13:44:43,803] WARN rundeckapp.BootStrap - The JVM default encoding is not UTF-8: windows-1252, you may not see output as expected for multibyte locales. Specify -Dfile.encoding=UTF-8 in the JVM options.
[2022-05-17T13:44:43,999] WARN rundeckapp.BootStrap - [Development Mode] Usage of H2 database is recommended only for development and testing
[2022-05-17T13:44:44,222] INFO rundeckapp.BootStrap - Rundeck startup finished in 740ms
[2022-05-17T13:44:44,350] INFO rundeckapp.Application - Started Application in 38.4736417 seconds (JVM running for 41.799)
Grails application running at
http://0.0.0.0:4440 in environment: production
[2022-05-17T13:44:57,973] DEBUG authentication.GrailsUsernamePasswordAuthenticationFilter - Request is to process authentication
[2022-05-17T13:44:58,024] DEBUG authentication.GrailsUsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
org.springframework.security.authentication.BadCredentialsException: Bad credentials
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:151) ~[spring-security-core-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175) ~[spring-security-core-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
Can someone please help?