Help with LDAP Authentication using rundeck community image 5.7.0

[Connor Smith]

Good day everyone,

I am trying to get LDAP authentication to work using the rundeck docker community image version 5.7.0.

The following is my docker compose file, it is a custom built image with ansible already baked inside the container via docker file.

version: '3'

services:
  rundeck:
    image: isei-rundeck:nocert
    container_name: isei-rundeck
    restart: unless-stopped
    environment:
       RUNDECK_GRAILS_URL: http://192.168.200.100
       RUNDECK_SERVER_URL: 0.0.0.0
       RUNDECK_JAAS_MODULES_0: JettyCombinedLdapLoginModule
       RUNDECK_JAAS_LDAP_PROVIDERURL: ldap://192.168.200.20:389
       RUNDECK_JAAS_LDAP_BINDDN: cn=user,dc=isei,dc=net
       RUNDECK_JAAS_LDAP_BINDPASSWORD: <password>
       RUNDECK_JAAS_LDAP_USERBASEDN: ou=Admin,ou=ISEI-Usersb,dc=isei,dc=net

       RUNDECK_JAAS_LDAP_ROLEBASEDN: ou=rundeck-users,ou=ISEI-Groups,dc=isei,dc=net
    ports:
- '4440:4440'
    volumes:
- ./ansible/:/etc/ansible/

When i run the container with docker compose, I notice the following error: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09050E, comment: AcceptSecurityContext
│ error, data 52e, v4f7c]

I believe I am on the right track, i also believe I need to setup an acl as well but cannot find documentation on hows to do this with docker.

Thank you,

[rac...@rundeck.com]

Hi Connor,

An error 49 means an authentication error. Make sure that the RUNDECK_JAAS_LDAP_BINDDN is well configured with the LDAP admin user to access your users and groups.

Also, take a look at this example. The RUNDECK_JAAS_LDAP_USERBASEDN must point to users and RUNDECK_JAAS_LDAP_ROLEBASEDN against roles (groups).

To debug that, you can use Apache Directory Studio or check your config against a Rundeck WAR directly just for testing (take a look at this).

Regards.

​