JettyCombinedLdapLoginModule issue

[Stas Rudenko]

Greetings,

I have following settings

jaas-auth.conf

authentication {
    com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule requisite
      debug="true"
      contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
      providerUrl="ldap://localhost:389"
      authenticationMethod="simple"
      forceBindingLogin="false"
      bindDn="cn=ProxyUser,dc=tubemogul,dc=com"
      bindPassword="mypass"
      userBaseDn="ou=Users,dc=tubemogul,dc=com"
      userRdnAttribute="uid"
      userIdAttribute="uid"
      userObjectClass="inetOrgPerson"
      roleBaseDn="ou=Groups,dc=tubemogul,dc=com"
      roleNameAttribute="cn"
      roleMemberAttribute="memberUid"
      roleUsernameMemberAttribute="memberUid"
      roleObjectClass="posixGroup"
      cacheDurationMillis="300000"
      reportStatistics="true"
      ignoreRoles="true"
      storePass="true"
      clearPass="true"
      useFirstPass="false"
      tryFirstPass="false"
      nestedGroups="false";


    org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
      debug="true"
      useFirstPass="true"
      file="/etc/rundeck/realm.properties";
};

profile

...
export RDECK_JVM="-Djava.security.auth.login.config=/etc/rundeck/jaas-auth.conf \
        -Dloginmodule.name=authentication \
...

realm.properties

admin:admin,user,admin,architect,deploy,build
stan:-,user,admin,architect,deploy,build

When I'm trying to login with user stan I'm getting following:

javax.security.auth.login.LoginException: Login Failure: all modules ignored
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:913)
...

Seems like LDAP connection/authentication works well. Configuration seems ok. Will appreciate any help 

[Stas Rudenko]

I'm using rundeck 2.5.1

[Greg Schueler]

can you try changing clearPass to “false”?

-- 
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/54d5b28f-dfcc-4a48-91ec-6c00d538cf72%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Stas Rudenko]

Didn't help, still have the same issue: Login Failure: all modules ignored

To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discuss+unsub...@googlegroups.com.

[Stas Rudenko]

When I switch to

forceBindingLogin="true"

it works. Just to double check that LDAP connection is works. But still I would like to use different check mode.

In my LDAP all passwords are encrypted (ssha hashed password), wondering if it's related

On Tuesday, May 26, 2015 at 1:18:39 PM UTC-7, Stas Rudenko wrote:

[Stas Rudenko]

ok, now it's really weird... I just notice that all LDAP groups of any user attached to rundeck account as user roles.

Seems like option ignoreRoles="true" is broken :(

On Tuesday, May 26, 2015 at 1:18:39 PM UTC-7, Stas Rudenko wrote:

[Craig White]

might be your acl policy