You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "sadhu suresh (JIRA)" <ji...@apache.org> on 2013/07/24 12:03:48 UTC
[jira] [Reopened] (CLOUDSTACK-3344) ldap:UI:sending wrong query
filter(converting &symbol to "amp&")during ldapconfig through UI[due to
this ldap users fail to login]
[ https://issues.apache.org/jira/browse/CLOUDSTACK-3344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
sadhu suresh reopened CLOUDSTACK-3344:
--------------------------------------
its still storing the amp symbol in the database
did ldapconfig both from UI and API and seeing different value for query filter
http://10.147.59.126:8080/client/api?command=ldapConfig&binddn=CN%3Dtest%2CCN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&bindpass=aaaa_1111&hostname=10.147.38.163&searchbase=CN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&queryfilter=(%26amp%3B(mail%3D%25e))&port=389&ssl=false&response=json&sessionkey=4LZTbD5qussoVFfeWXKl9KFX1cE%3D&_=1374659477752
{ "ldapconfigresponse" : { "ldapconfig" : {"hostname":"10.147.38.163","port":"389","ssl":"false","searchbase":"CN=Users,DC=hyd-qa,DC=com","queryfilter":"(&(mail=%e))","binddn":"CN=test,CN=Users,DC=hyd-qa,DC=com"} } }
when you refresh ,then amp is not shown in UI but db has "amp" entry due to this fail to login with ldap credentials
mysql> select * from configuration where name like "%ldap%";
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| category | instance | component | name | value | description |
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| Hidden | DEFAULT | management-server | ldap.dn | Xnd5TE6D7NCEh++h1fxc2RAWttBINHxVXXjeAHuTaplBA+9cqV8LBfRapaVyuwDM | Specify the distinguished name of a user with the search permission on the directory |
| Hidden | DEFAULT | management-server | ldap.hostname | DcgL+LoqA0k+sxbkl44EyFDhQSNQTBuf | Hostname or ip address of the ldap server eg: my.ldap.com |
| Hidden | DEFAULT | management-server | ldap.passwd | aOS33EI72htwV4eGHDhqBs+hm9oa3ccO | Enter the password |
| Hidden | DEFAULT | management-server | ldap.port | BMugS6+mkm16JjYLiMwONA== | Specify the LDAP port if required, default is 389 |
| Hidden | DEFAULT | management-server | ldap.queryfilter | WLGxV6IvIk40k3vseoBddBptKgfGVqsijX5eMZZCvbQ= | You specify a query filter here, which narrows down the users, who can be part of this domain |
| Hidden | DEFAULT | management-server | ldap.searchbase | XIIcnKfUkit/7KupE9ygGiUXYM9aVJTjc+Ineh3TP3/GqPo0Y6o/tQ== | The search base defines the starting point for the search in the directory tree Example: dc=cloud,dc=com. |
| Hidden | DEFAULT | management-server | ldap.truststore | NULL | Enter the path to trusted keystore |
| Hidden | DEFAULT | management-server | ldap.truststorepass | NULL | Enter the password for trusted keystore |
| Hidden | DEFAULT | management-server | ldap.usessl | ODc2oltFwKde3E981qlYfA== | Check Use SSL if the external LDAP server is configured for LDAP over SSL. |
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
9 rows in set (0.01 sec)
mysql> WLGxV6IvIk40k3vseoBddBptKgfGVqsijX5eMZZCvbQ=;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WLGxV6IvIk40k3vseoBddBptKgfGVqsijX5eMZZCvbQ=' at line 1
mysql> select * from configuration where name like "%ldap%";
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| category | instance | component | name | value | description |
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| Hidden | DEFAULT | management-server | ldap.dn | pIHsAEwwK3CM1eet4iXWFfQcKyTTazZapchHj1n9NhuX8PM041r4imJ70xs02VUH | Specify the distinguished name of a user with the search permission on the directory |
| Hidden | DEFAULT | management-server | ldap.hostname | CxFBUxDhjDBNLVCVpqfB3hYH2VE/OqfA | Hostname or ip address of the ldap server eg: my.ldap.com |
| Hidden | DEFAULT | management-server | ldap.passwd | pWsY95KvE9VgIiOGprzicAodfG7Id2eV | Enter the password |
| Hidden | DEFAULT | management-server | ldap.port | 7XNDI3wIygItDC1KVlozFQ== | Specify the LDAP port if required, default is 389 |
| Hidden | DEFAULT | management-server | ldap.queryfilter | 4gOKtbj7OrrL9FCiUMz77HWZqCT571fO | You specify a query filter here, which narrows down the users, who can be part of this domain |
| Hidden | DEFAULT | management-server | ldap.searchbase | BObuJmv6qeZQK8Z7XqXIyYqA+ic/9bsVieTdk/BdT1hNSZAhltgANA== | The search base defines the starting point for the search in the directory tree Example: dc=cloud,dc=com. |
| Hidden | DEFAULT | management-server | ldap.truststore | NULL | Enter the path to trusted keystore |
| Hidden | DEFAULT | management-server | ldap.truststorepass | NULL | Enter the password for trusted keystore |
| Hidden | DEFAULT | management-server | ldap.usessl | 1PocqtT15b9Q+tMpItl8MQ== | Check Use SSL if the external LDAP server is configured for LDAP over SSL. |
+----------+----------+-------------------+---------------------+---------------
> ldap:UI:sending wrong query filter(converting &symbol to "amp&")during ldapconfig through UI[due to this ldap users fail to login]
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-3344
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3344
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: UI
> Affects Versions: 4.2.0
> Reporter: sadhu suresh
> Assignee: Ian Duffy
> Priority: Critical
> Fix For: 4.2.0
>
> Attachments: screenshot_ldap_ui.png
>
>
> Steps:
> 1. Configured the LDAP through UI by providing query filter as email (eg:(&(mail=%e)))
> 2.check the configured values
> Actual result:
> its converting & symbol into amp& while configuring the ldap through UI due to this ldap users fail to login.
> through API ,its working fine.this is the only problem with UI side where they converting "&" symbolto "amp&"
> API fired while performing ldapconfig through UI:
> http://10.147.59.119:8080/client/api?command=ldapConfig&binddn=CN%3Dtest%2CCN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&bindpass=aaaa_1111&hostname=10.147.38.163&searchbase=CN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&queryfilter=(%26(mail%3D%25e))&port=389&ssl=false&response=json&sessionkey=zlWVnEF2HA3R4ekSa8kDXaZrY5k%3D&_=1372835435077
> { "ldapconfigresponse" : { "ldapconfig" : {"hostname":"10.147.38.163","port":"389","ssl":"false","searchbase":"CN=Users,DC=hyd-qa,DC=com","queryfilter":"(&(mail=%e))","binddn":"CN=test,CN=Users,DC=hyd-qa,DC=com"} } }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira