ldaps on docker container
29 views
Skip to first unread message
Paul M
Jun 27, 2024, 9:01:09 AM (6 days ago) Jun 27
to rundeck-discuss
Dear all,
I am trying to configure ldaps in docker
My docker compose file is:
services:
rundeck:
image: rundeck/rundeck:5.4.0
env_file: ./env/rundeck.env
ports:
- 4440:4440
volumes:
- ./ldaps.crt:/home/rundeck/etc/truststore/ldaps.cert
In env/rundeck.env, there is:
My docker compose file is:
services:
rundeck:
image: rundeck/rundeck:5.4.0
env_file: ./env/rundeck.env
ports:
- 4440:4440
volumes:
- ./ldaps.crt:/home/rundeck/etc/truststore/ldaps.cert
In env/rundeck.env, there is:
# ldap
RUNDECK_JAAS_MODULES_0=JettyCombinedLdapLoginModule
RUNDECK_JAAS_LDAP_FLAG=sufficient
RUNDECK_JAAS_LDAP_PROVIDERURL=ldaps://<ad>
RUNDECK_JAAS_LDAP_BINDDN=cn=ldap_read,cn=Users,dc=mpibr,dc=local
RUNDECK_JAAS_LDAP_BINDPASSWORD=<password>
RUNDECK_JAAS_LDAP_AUTHENTICATIONMETHOD=simple
RUNDECK_JAAS_LDAP_FORCEBINDINGLOGIN=true
RUNDECK_JAAS_LDAP_USERBASEDN=ou=MPIBR,dc=mpibr,dc=local
RUNDECK_JAAS_LDAP_USERRDNATTRIBUTE=sAMAccountName
RUNDECK_JAAS_LDAP_USERIDATTRIBUTE=sAMAccountName
RUNDECK_JAAS_LDAP_USERPASSWORDATTRIBUTE=unicodePwd
RUNDECK_JAAS_LDAP_USEROBJECTCLASS=user
RUNDECK_JAAS_LDAP_ROLEBASEDN=ou=MPIBR,dc=mpibr,dc=local
RUNDECK_JAAS_LDAP_ROLENAMEATTRIBUTE=cn
RUNDECK_JAAS_LDAP_ROLEMEMBERATTRIBUTE=member
RUNDECK_JAAS_LDAP_ROLEOBJECTCLASS=group
RUNDECK_JAAS_MODULES_1=PropertyFileLoginModule
RUNDECK_JAAS_FILE_FLAG=sufficient
RUNDECK_JAAS_MODULES_0=JettyCombinedLdapLoginModule
RUNDECK_JAAS_LDAP_FLAG=sufficient
RUNDECK_JAAS_LDAP_PROVIDERURL=ldaps://<ad>
RUNDECK_JAAS_LDAP_BINDDN=cn=ldap_read,cn=Users,dc=mpibr,dc=local
RUNDECK_JAAS_LDAP_BINDPASSWORD=<password>
RUNDECK_JAAS_LDAP_AUTHENTICATIONMETHOD=simple
RUNDECK_JAAS_LDAP_FORCEBINDINGLOGIN=true
RUNDECK_JAAS_LDAP_USERBASEDN=ou=MPIBR,dc=mpibr,dc=local
RUNDECK_JAAS_LDAP_USERRDNATTRIBUTE=sAMAccountName
RUNDECK_JAAS_LDAP_USERIDATTRIBUTE=sAMAccountName
RUNDECK_JAAS_LDAP_USERPASSWORDATTRIBUTE=unicodePwd
RUNDECK_JAAS_LDAP_USEROBJECTCLASS=user
RUNDECK_JAAS_LDAP_ROLEBASEDN=ou=MPIBR,dc=mpibr,dc=local
RUNDECK_JAAS_LDAP_ROLENAMEATTRIBUTE=cn
RUNDECK_JAAS_LDAP_ROLEMEMBERATTRIBUTE=member
RUNDECK_JAAS_LDAP_ROLEOBJECTCLASS=group
RUNDECK_JAAS_MODULES_1=PropertyFileLoginModule
RUNDECK_JAAS_FILE_FLAG=sufficient
For now the logs I have are:
rundeck-1 | [2024-06-27T12:13:32,177] ERROR jaas.JettyCachingLdapLoginModule - Naming error
rundeck-1 | javax.naming.CommunicationException: simple bind failed: <ad>:636
rundeck-1 | at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:266) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:284) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115) ~[?:?]
rundeck-1 | at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) ~[?:?]
rundeck-1 | at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) ~[?:?]
rundeck-1 | at javax.naming.InitialContext.init(InitialContext.java:236) ~[?:?]
rundeck-1 | at javax.naming.InitialContext.<init>(InitialContext.java:208) ~[?:?]
rundeck-1 | at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) ~[?:?]
rundeck-1 | at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.initialize(JettyCachingLdapLoginModule.java:1038) ~[classes!/:?]
rundeck-1 | at com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule.initialize(JettyCombinedLdapLoginModule.java:65) ~[classes!/:?]
rundeck-1 | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:737) ~[?:?]
rundeck-1 | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:672) ~[?:?]
rundeck-1 | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:670) ~[?:?]
rundeck-1 | at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
rundeck-1 | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:670) ~[?:?]
rundeck-1 | at javax.security.auth.login.LoginContext.login(LoginContext.java:581) ~[?:?]
rundeck-1 | at org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider.authenticate(AbstractJaasAuthenticationProvider.java:173) ~[spring-security-core-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.rundeck.security.RundeckJaasAuthenticationProvider.super$2$authenticate(RundeckJaasAuthenticationProvider.groovy) ~[classes!/:?]
rundeck-1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
rundeck-1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
rundeck-1 | at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
rundeck-1 | at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
rundeck-1 | at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:107) ~[groovy-3.0.19.jar!/:3.0.19]
rundeck-1 | at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323) ~[groovy-3.0.19.jar!/:3.0.19]
rundeck-1 | at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1254) ~[groovy-3.0.19.jar!/:3.0.19]
rundeck-1 | at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:144) ~[groovy-3.0.19.jar!/:3.0.19]
rundeck-1 | at org.rundeck.security.RundeckJaasAuthenticationProvider.authenticate(RundeckJaasAuthenticationProvider.groovy:39) ~[classes!/:?]
rundeck-1 | at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:85) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter.attemptAuthentication(GrailsUsernamePasswordAuthenticationFilter.groovy:53) ~[spring-security-core-6.1.1.jar!/:?]
rundeck-1 | at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:231) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.groovy:64) ~[spring-security-core-6.1.1.jar!/:?]
rundeck-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.groovy:58) ~[spring-security-core-6.1.1.jar!/:?]
rundeck-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:77) ~[grails-web-mvc-6.1.2.jar!/:6.1.2]
rundeck-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67) ~[grails-web-mvc-6.1.2.jar!/:6.1.2]
rundeck-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) ~[spring-boot-actuator-2.7.18.jar!/:2.7.18]
rundeck-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) ~[jetty-security-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732) [jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479) [jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) [jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [jetty-io-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) [jetty-util-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) [jetty-util-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at java.lang.Thread.run(Thread.java:829) [?:?]
rundeck-1 | Caused by: java.net.SocketException: Connection or outbound has closed
rundeck-1 | at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1302) ~[?:?]
rundeck-1 | at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) ~[?:?]
rundeck-1 | at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:413) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:386) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) ~[?:?]
rundeck-1 | ... 94 more
rundeck-1 | javax.naming.CommunicationException: simple bind failed: <ad>:636
rundeck-1 | at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:266) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:284) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115) ~[?:?]
rundeck-1 | at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) ~[?:?]
rundeck-1 | at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) ~[?:?]
rundeck-1 | at javax.naming.InitialContext.init(InitialContext.java:236) ~[?:?]
rundeck-1 | at javax.naming.InitialContext.<init>(InitialContext.java:208) ~[?:?]
rundeck-1 | at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) ~[?:?]
rundeck-1 | at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.initialize(JettyCachingLdapLoginModule.java:1038) ~[classes!/:?]
rundeck-1 | at com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule.initialize(JettyCombinedLdapLoginModule.java:65) ~[classes!/:?]
rundeck-1 | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:737) ~[?:?]
rundeck-1 | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:672) ~[?:?]
rundeck-1 | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:670) ~[?:?]
rundeck-1 | at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
rundeck-1 | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:670) ~[?:?]
rundeck-1 | at javax.security.auth.login.LoginContext.login(LoginContext.java:581) ~[?:?]
rundeck-1 | at org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider.authenticate(AbstractJaasAuthenticationProvider.java:173) ~[spring-security-core-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.rundeck.security.RundeckJaasAuthenticationProvider.super$2$authenticate(RundeckJaasAuthenticationProvider.groovy) ~[classes!/:?]
rundeck-1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
rundeck-1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
rundeck-1 | at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
rundeck-1 | at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
rundeck-1 | at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:107) ~[groovy-3.0.19.jar!/:3.0.19]
rundeck-1 | at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323) ~[groovy-3.0.19.jar!/:3.0.19]
rundeck-1 | at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1254) ~[groovy-3.0.19.jar!/:3.0.19]
rundeck-1 | at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:144) ~[groovy-3.0.19.jar!/:3.0.19]
rundeck-1 | at org.rundeck.security.RundeckJaasAuthenticationProvider.authenticate(RundeckJaasAuthenticationProvider.groovy:39) ~[classes!/:?]
rundeck-1 | at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:85) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter.attemptAuthentication(GrailsUsernamePasswordAuthenticationFilter.groovy:53) ~[spring-security-core-6.1.1.jar!/:?]
rundeck-1 | at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:231) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.groovy:64) ~[spring-security-core-6.1.1.jar!/:?]
rundeck-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.groovy:58) ~[spring-security-core-6.1.1.jar!/:?]
rundeck-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190) ~[spring-security-web-5.8.11.jar!/:5.8.11]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:77) ~[grails-web-mvc-6.1.2.jar!/:6.1.2]
rundeck-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67) ~[grails-web-mvc-6.1.2.jar!/:6.1.2]
rundeck-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) ~[spring-boot-actuator-2.7.18.jar!/:2.7.18]
rundeck-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.34.jar!/:5.3.34]
rundeck-1 | at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) ~[jetty-security-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505) ~[jetty-servlet-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487) ~[jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732) [jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479) [jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) [jetty-server-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [jetty-io-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) [jetty-util-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) [jetty-util-9.4.53.v20231009.jar!/:9.4.53.v20231009]
rundeck-1 | at java.lang.Thread.run(Thread.java:829) [?:?]
rundeck-1 | Caused by: java.net.SocketException: Connection or outbound has closed
rundeck-1 | at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1302) ~[?:?]
rundeck-1 | at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) ~[?:?]
rundeck-1 | at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:413) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:386) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) ~[?:?]
rundeck-1 | at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) ~[?:?]
rundeck-1 | ... 94 more
the certificate seems to be in the correct place according to
server/config/ssl.properties:truststore=/home/rundeck/etc/truststore
server/config/ssl.properties:truststore.password=adminadmin
etc/profile.bat:set RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=%RDECK_BASE%\etc\truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
etc/profile:export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=$RDECK_BASE/etc/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
I saw in this discussion that setting -Djavax.net.debug=ssl,handshake would allow me to have more debug logs
But I didnt find how to set it on the docker container.
I tried to set RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=%RDECK_BASE%\etc\truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -Djavax.net.debug=ssl,handshake" in the env/rundeck.env files but it doesnt seems to work and give me more logs
Best
Paul
rac...@rundeck.com
Jun 27, 2024, 10:39:48 AM (6 days ago) Jun 27
to rundeck-discuss
Hi,
Could you add the ldaps cert to the java cacert in the docker image like this? (/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts in the official rundeck container).
Regards.
Paul M
Jun 28, 2024, 3:44:06 AM (5 days ago) Jun 28
to rundeck-discuss
Thanks it worked.
For people with the same problem, my Dockerfile looks like that:
FROM rundeck/rundeck:5.4.0
USER root
COPY ldaps.crt /usr/lib/jvm/java-11-openjdk-amd64/lib/security/
RUN \
cd /usr/lib/jvm/java-11-openjdk-amd64/lib/security/ \
&& keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ldaps.crt
USER rundeck
For people with the same problem, my Dockerfile looks like that:
FROM rundeck/rundeck:5.4.0
USER root
COPY ldaps.crt /usr/lib/jvm/java-11-openjdk-amd64/lib/security/
RUN \
cd /usr/lib/jvm/java-11-openjdk-amd64/lib/security/ \
&& keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ldaps.crt
USER rundeck
Maybe it should be in the documentation somewhere though
Best regards
Paul
Reply all
Reply to author
Forward
0 new messages