LDAP-authentication
瀏覽次數:108 次
跳到第一則未讀訊息
Alfonso Vera
2013年11月13日 上午8:02:032013/11/13
收件者:rundeck...@googlegroups.com
Hi all..
My environment is Rundeck server 1.6.2 instaled with rpm in RHEL6u4 against Openldap 2.4
I'm trying to authenticate rundeck against my ldap
This is my jaas-ldap.conf
ldap {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://XXX.YYY.ZZ:389"
bindDn="cn=binduser,dc=XXXX,dc=XXX"
bindPassword="bindpass"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="ou=usuariosXXX,dc=XXXX,dc=XX"
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="userPassword"
userObjectClass="posixAccount"
roleBaseDn="ou=grupos,dc=XXXX,dc=XX"
roleNameAttribute="cn"
roleUsernameMemberAttribute="uniqueMember"
roleMemberAttribute="uniqueMember"
roleObjectClass="groupOfUniqueNames"
cacheDurationMillis="300000"
reportStatistics="true";
};
This is my :admin.aclpolicy
description: Super Admin, all access.
context:
project: '.*' # all projects
for:
resource:
- allow: '*' # allow read/create all kinds
adhoc:
- allow: '*' # allow running/killing adhoc jobs
job:
- allow: '*' # allow read/write/delete/run/kill of all jobs
node:
- allow: '*' # allow read/run for all nodes
by:
group: [groupcn]
---
In the ldap log I see only bind.
I suppose that this is right, because it returns one entry
Rundeck must search the group ?
slapd[28720]: conn=75444 op=0 BIND dn="cn=binduser,dc=XXXX,dc=XX" method=128
slapd[28720]: conn=75444 op=0 BIND dn="cn=binduser,dc=XXXX,dc=XX" mech=SIMPLE ssf=0
slapd[28720]: conn=75444 op=0 RESULT tag=97 err=0 text=
slapd[28720]: conn=75444 op=1 SRCH base="ou=usuariosXXXX,dc=XXXX,dc=XX" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=USER))"
slapd[28720]: conn=75444 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[28720]: conn=75444 op=2 SRCH base="ou=usuariosXXXX,dc=XXXX,dc=XX" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=USER))"
conn=75444 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
In the rundeck log I see a stack trace
java.lang.NumberFormatException: K7
at org.mortbay.util.TypeUtil.parseInt(TypeUtil.java:345)
at org.mortbay.util.TypeUtil.parseBytes(TypeUtil.java:391)
at org.mortbay.jetty.security.Credential$MD5.<init>(Credential.java:117)
at org.mortbay.jetty.security.Credential.getCredential(Credential.java:63)
at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.getUserInfo(JettyCachingLdapLoginModule.java:252)
at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.login(JettyCachingLdapLoginModule.java:465)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.mortbay.jetty.plus.jaas.JAASUserRealm.authenticate(JAASUserRealm.java:231)
at org.mortbay.jetty.security.FormAuthenticator$FormCredential.authenticate(FormAuthenticator.java:284)
at org.mortbay.jetty.security.FormAuthenticator.authenticate(FormAuthenticator.java:137)
at org.mortbay.jetty.security.SecurityHandler.check(SecurityHandler.java:441)
at org.mortbay.jetty.security.SecurityHandler.checkSecurityConstraints(SecurityHandler.java:269)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:191)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:536)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:930)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:747)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
2013-11-13 13:27:53.987::WARN: javax.security.auth.login.LoginException: Error obtaining user info.
2013-11-13 13:27:53.987::WARN: AUTH FAILURE: user USER
Could any help me?
Thanks in advance
Alfonso
My environment is Rundeck server 1.6.2 instaled with rpm in RHEL6u4 against Openldap 2.4
I'm trying to authenticate rundeck against my ldap
This is my jaas-ldap.conf
ldap {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://XXX.YYY.ZZ:389"
bindDn="cn=binduser,dc=XXXX,dc=XXX"
bindPassword="bindpass"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="ou=usuariosXXX,dc=XXXX,dc=XX"
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="userPassword"
userObjectClass="posixAccount"
roleBaseDn="ou=grupos,dc=XXXX,dc=XX"
roleNameAttribute="cn"
roleUsernameMemberAttribute="uniqueMember"
roleMemberAttribute="uniqueMember"
roleObjectClass="groupOfUniqueNames"
cacheDurationMillis="300000"
reportStatistics="true";
};
This is my :admin.aclpolicy
description: Super Admin, all access.
context:
project: '.*' # all projects
for:
resource:
- allow: '*' # allow read/create all kinds
adhoc:
- allow: '*' # allow running/killing adhoc jobs
job:
- allow: '*' # allow read/write/delete/run/kill of all jobs
node:
- allow: '*' # allow read/run for all nodes
by:
group: [groupcn]
---
In the ldap log I see only bind.
I suppose that this is right, because it returns one entry
Rundeck must search the group ?
slapd[28720]: conn=75444 op=0 BIND dn="cn=binduser,dc=XXXX,dc=XX" method=128
slapd[28720]: conn=75444 op=0 BIND dn="cn=binduser,dc=XXXX,dc=XX" mech=SIMPLE ssf=0
slapd[28720]: conn=75444 op=0 RESULT tag=97 err=0 text=
slapd[28720]: conn=75444 op=1 SRCH base="ou=usuariosXXXX,dc=XXXX,dc=XX" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=USER))"
slapd[28720]: conn=75444 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[28720]: conn=75444 op=2 SRCH base="ou=usuariosXXXX,dc=XXXX,dc=XX" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=USER))"
conn=75444 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
In the rundeck log I see a stack trace
java.lang.NumberFormatException: K7
at org.mortbay.util.TypeUtil.parseInt(TypeUtil.java:345)
at org.mortbay.util.TypeUtil.parseBytes(TypeUtil.java:391)
at org.mortbay.jetty.security.Credential$MD5.<init>(Credential.java:117)
at org.mortbay.jetty.security.Credential.getCredential(Credential.java:63)
at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.getUserInfo(JettyCachingLdapLoginModule.java:252)
at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.login(JettyCachingLdapLoginModule.java:465)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.mortbay.jetty.plus.jaas.JAASUserRealm.authenticate(JAASUserRealm.java:231)
at org.mortbay.jetty.security.FormAuthenticator$FormCredential.authenticate(FormAuthenticator.java:284)
at org.mortbay.jetty.security.FormAuthenticator.authenticate(FormAuthenticator.java:137)
at org.mortbay.jetty.security.SecurityHandler.check(SecurityHandler.java:441)
at org.mortbay.jetty.security.SecurityHandler.checkSecurityConstraints(SecurityHandler.java:269)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:191)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:536)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:930)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:747)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
2013-11-13 13:27:53.987::WARN: javax.security.auth.login.LoginException: Error obtaining user info.
2013-11-13 13:27:53.987::WARN: AUTH FAILURE: user USER
Could any help me?
Thanks in advance
Alfonso
回覆所有人
回覆作者
轉寄
0 則新訊息