You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2021/07/20 15:38:16 UTC
[GitHub] [druid] didip opened a new issue #11469: Druid should log LDAP errors
didip opened a new issue #11469:
URL: https://github.com/apache/druid/issues/11469
### Description
It is very difficult to debug LDAP errors because there's minimal logging. For example:
```
2021-07-20T15:31:16,522 ERROR [qtp879829980-142] org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator - Exception during user lookup
javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3202) ~[?:1.8.0_292]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2993) ~[?:1.8.0_292]
```
It is very hard to figure out which part of the DN that is bad.
It would be much better if Druid logs more LDAP errors.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] ericleme commented on issue #11469: Druid should log LDAP errors
Posted by GitBox <gi...@apache.org>.
ericleme commented on issue #11469:
URL: https://github.com/apache/druid/issues/11469#issuecomment-956027724
Did you manage to fix this issue, I'm facing the same LDAP: error code 34 - Invalid DN, however I couldn't find what is wrong in the configuration.
basedn, as well the users are reachable from ldapsearch.
druid.auth.authenticatorChain=["ldap"]
druid.auth.basic.ssl.trustStorePath=/usr/local/druid-path/certs/truststore.jks
druid.auth.basic.ssl.protocol=tls
druid.auth.basic.ssl.trustStorePassword=xxxxxx
druid.auth.authenticator.ldap.type=basic
druid.auth.authenticator.ldap.enableCacheNotifications=true
druid.auth.authenticator.ldap.credentialsValidator.type=ldap
druid.auth.authenticator.ldap.credentialsValidator.url=ldaps://ldapurl.domain:636
druid.auth.authenticator.ldap.credentialsValidator.bindUser=xxxxx
druid.auth.authenticator.ldap.credentialsValidator.bindPassword=xxxxxxxxxx
druid.auth.authenticator.ldap.credentialsValidator.baseDn=dc=xxxx,dc=xxxxxx,dc=xxxxx
druid.auth.authenticator.ldap.credentialsValidator.userSearch=(cn=%s)
druid.auth.authenticator.ldap.credentialsValidator.userAttribute=cn
druid.auth.authenticator.ldap.authorizerName=ldapauth
druid.escalator.type=basic
druid.escalator.internalClientUsername=xxxxx
druid.escalator.internalClientPassword=xxxxxxxx
druid.escalator.authorizerName=ldapauth
druid.auth.authorizers=["ldapauth"]
druid.auth.authorizer.ldapauth.type=basic
druid.auth.authorizer.ldapauth.initialAdminUser=xxxx
druid.auth.authorizer.ldapauth.initialAdminRole=admin
druid.auth.authorizer.ldapauth.roleProvider.type=ldap
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org