You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2021/07/20 15:38:16 UTC

[GitHub] [druid] didip opened a new issue #11469: Druid should log LDAP errors

didip opened a new issue #11469:
URL: https://github.com/apache/druid/issues/11469


   ### Description
   
   It is very difficult to debug LDAP errors because there's minimal logging. For example:
   
   ```
   2021-07-20T15:31:16,522 ERROR [qtp879829980-142] org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator - Exception during user lookup
   javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN]
   	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3202) ~[?:1.8.0_292]
   	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2993) ~[?:1.8.0_292]
   ```
   
   It is very hard to figure out which part of the DN that is bad.
   
   It would be much better if Druid logs more LDAP errors.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] ericleme commented on issue #11469: Druid should log LDAP errors

Posted by GitBox <gi...@apache.org>.

ericleme commented on issue #11469:
URL: https://github.com/apache/druid/issues/11469#issuecomment-956027724


   Did you manage to fix this issue, I'm facing the same LDAP: error code 34 - Invalid DN, however I couldn't find what is wrong in the configuration.
   basedn, as well the users are reachable from ldapsearch.
   
   druid.auth.authenticatorChain=["ldap"]
   
   druid.auth.basic.ssl.trustStorePath=/usr/local/druid-path/certs/truststore.jks
   druid.auth.basic.ssl.protocol=tls
   druid.auth.basic.ssl.trustStorePassword=xxxxxx
   
   druid.auth.authenticator.ldap.type=basic
   druid.auth.authenticator.ldap.enableCacheNotifications=true
   druid.auth.authenticator.ldap.credentialsValidator.type=ldap
   druid.auth.authenticator.ldap.credentialsValidator.url=ldaps://ldapurl.domain:636
   druid.auth.authenticator.ldap.credentialsValidator.bindUser=xxxxx
   druid.auth.authenticator.ldap.credentialsValidator.bindPassword=xxxxxxxxxx
   druid.auth.authenticator.ldap.credentialsValidator.baseDn=dc=xxxx,dc=xxxxxx,dc=xxxxx
   druid.auth.authenticator.ldap.credentialsValidator.userSearch=(cn=%s)
   druid.auth.authenticator.ldap.credentialsValidator.userAttribute=cn
   druid.auth.authenticator.ldap.authorizerName=ldapauth
   
   druid.escalator.type=basic
   druid.escalator.internalClientUsername=xxxxx
   druid.escalator.internalClientPassword=xxxxxxxx
   druid.escalator.authorizerName=ldapauth
   
   druid.auth.authorizers=["ldapauth"]
   druid.auth.authorizer.ldapauth.type=basic
   druid.auth.authorizer.ldapauth.initialAdminUser=xxxx
   druid.auth.authorizer.ldapauth.initialAdminRole=admin
   druid.auth.authorizer.ldapauth.roleProvider.type=ldap


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org