Comments (9)
To really help you I need some more informations:
- Stacktrace from the cloud-portal.log file
- LDAP configuration (without password) from the application.properties file
It would also be good to have an LDIF export of a sample user and group from your OpenLDAP server.
Thanks for your help to improve the Cloud portal application.
from cloud-portal.
Hello Chris,
Please find the details of the cloud-portal logs
2018-06-13T10:09:03.468+0000 [ERROR] [de.papke.cloud.portal.service.DirectoryService] [getLdapConnection]: invalid credentials
com.unboundid.ldap.sdk.LDAPBindException: invalid credentials
at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2171)
at com.unboundid.ldap.sdk.LDAPConnection.(LDAPConnection.java:670)
at de.papke.cloud.portal.service.DirectoryService.getLdapConnection(DirectoryService.java:162)
at de.papke.cloud.portal.service.DirectoryService.getFailoverLdapConnection(DirectoryService.java:144)
at de.papke.cloud.portal.service.DirectoryService.getAdminConnection(DirectoryService.java:139)
at de.papke.cloud.portal.service.DirectoryService.search(DirectoryService.java:213)
at de.papke.cloud.portal.service.DirectoryService.search(DirectoryService.java:200)
at de.papke.cloud.portal.service.DirectoryService.search(DirectoryService.java:192)
at de.papke.cloud.portal.service.DirectoryService.search(DirectoryService.java:184)
at de.papke.cloud.portal.service.DirectoryService.search(DirectoryService.java:176)
at de.papke.cloud.portal.service.DirectoryService.getLoginDn(DirectoryService.java:118)
at de.papke.cloud.portal.service.DirectoryService.authenticate(DirectoryService.java:86)
at de.papke.cloud.portal.service.UserService.authenticate(UserService.java:45)
at de.papke.cloud.portal.auth.DirectoryAuthenticationProvider.authenticate(DirectoryAuthenticationProvider.java:37)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.ja
va:94)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:167)
at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:80)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
--More--(60%)
Please find the Application.Properties setting with regards to LDAP
ldap.url.string=
ldap.base.dn=dc=selfserviceportal,dc=australiasoutheast,dc=cloudapp,dc=azure,dc=com
ldap.principal=cn=ebin_test thomas_test,ou=group_admin,dc=selfserviceportal,dc=australiasoutheast,dc=cloudapp,dc=azure,dc=com
ldap.password=
ldap.user.search.filter=(objectClass=inetOrgPerson)
ldap.login.attribute=[email protected]
ldap.givenname.attribute=ebin_test
ldap.surname.attribute=thomas_test
ldap.mail.attribute=mail
ldap.group.attribute=group_admin
ldap.timeout=3000
ldap.page.size=1000
from cloud-portal.
I think I have messed up the openldap config somewhere,could you help me understand how this authentication works between application and Openldap
from cloud-portal.
Hi @EbinEy , that's no problem.
For a better understanding I have created a real world example for you. I have found a public LDAP server which can be used for testing:
http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
For this LDAP server the config in the application.properties file would look like this:
application.admin.group=scientists
ldap.url.string=ldap://ldap.forumsys.com:389
ldap.base.dn=dc=example,dc=com
ldap.principal=cn=read-only-admin,dc=example,dc=com
ldap.password=password
ldap.user.search.filter=(objectClass=inetOrgPerson)
ldap.login.attribute=uid
ldap.givenname.attribute=givenName
ldap.surname.attribute=sn
ldap.displayname.attribute=cn
ldap.mail.attribute=mail
ldap.group.attribute=
ldap.member.attribute=uniqueMember
ldap.timeout=3000
ldap.page.size=1000
Now you should be able to login to the cloud portal with these credentials:
Username: einstein
Password: password
As the einstein user is member of the scientists group, you can now start to create credentials for your favorite cloud provider with the Credentials Admin.
I have also attached an LDIF export of this server, so that you can get a better understanding of the internal data structure:
I can also recommend to use the Apache Directory Studio for testing your connection:
http://directory.apache.org/studio/
I'm also thinking of adding this example to the project documentation.
Hope this helps a little bit.
from cloud-portal.
Ok thanks for the help to make making me understand ,ldap.mail.attribute what is this attribute could you put an insight
from cloud-portal.
One more thing..with my openldap when I connect with 389 I was getting a ssl handshake error..and I had to make ldap run in ldaps ie 639 port to make the connection to ldap happen
from cloud-portal.
The property ldap.mail.attribute shows the system, where to find the email address of a user. This email address is used to send mails with the result of a provisioning process.
Regarding the ldaps connection it is important, that you are either using an official SSL certificate for your LDAP server or you have to add the self signed cert to the keystore of your JVM:
from cloud-portal.
Can I close this issue?
from cloud-portal.
Closed due to inactivity.
from cloud-portal.
Related Issues (20)
- Optimize mobile view
- Add SAML2 integration for SSO
- Add custom error pages for JSP
- Add toPrettyString() method for POJOs
- Add full text search for provisioning log items
- Add customer specific variable groups
- Integrate Packer image build service
- Optimize password handling
- Modularize application parts to use them separately
- Create self service for managing SSL certificates
- Create self service for managing DNS entries
- Catch blocking bootstrap scripts HOT 2
- Detail Instruction about installation Cloud-Portal HOT 3
- Portal wont open HOT 10
- Check if switch to 3rd party terraform esxi provider is possible
- Add Vagrantfile to show the configuration of the VM
- Add Vagrantfile to show example configuration for VM
- Add Vagrantfile to demonstrate example configuration of VM
- Hide Windows Server passwords in Terraform log
- Check if switch to 3rd party Ansible provisioner is possible
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloud-portal.