You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Daan Hoogland <da...@gmail.com> on 2021/05/31 07:07:45 UTC
Re: when removing an account linked to ldap and re-adding it, login fails
Tnx for reporting Yordan,
Just one question, This issue you link to is supposed to have been solved
in 4.14, did you create and delete the account before in an older version?
tnx
On Fri, May 28, 2021 at 3:59 PM Yordan Kostov <Yo...@nsogroup.com> wrote:
> Figured it out.
> For anyone having this issue:
>
> Go to "ldap_trust_map" and correlate the entries with the accounts in
> "Account" table.
> Delete the irrelevant ones in "ldap_trust_map" and login is successful.
>
> Regards,
> Jordan
>
>
> -----Original Message-----
> From: Yordan Kostov <Yo...@NSOGROUP.COM>
> Sent: Friday, May 28, 2021 4:43 PM
> To: users@cloudstack.apache.org
> Subject: when removing an account linked to ldap and re-adding it, login
> fails
>
>
> [X] This message came from outside your organization
>
>
> Hey everyone,
>
> ACD version 4.15.
>
> I am playing with LDAP and after some tests I cannot login
> with ldap account anymore.
> This is what I get as error messages:
>
> 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' is
> mapped to more then one account in domain and will be disabled.
> 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth for
> user: acstest01
> 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find user
> with acstest01 in domain 18, or user source is not SAML2
> 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to authenticate
> user with username acstest01 in domain 18
> 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an user
> with username acstest01 in domain 18
> 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in
> domain 18 has failed to log in
> 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure:
> {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> authenticate user acstest01 in domain 18; please provide valid
> credentials"}}
>
> I have only 1 account mapped in that domain so from what
> I see it looks like this issue here ->
> https://urldefense.com/v3/__https://github.com/apache/cloudstack/issues/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTTa7A6dNOdYWqn$
>
> Any idea what should be cleaned in the DB to allow login ?
>
> Regards,
> Jordan
>
> <font size="2"><font color="#D8D8D8">11!</font>
>
>
--
Daan
RE: when removing an account linked to ldap and re-adding it, login
fails
Posted by Yordan Kostov <Yo...@NSOGROUP.COM>.
I will play with more this week and definitely will open one if reproducible.
Thank you for the heads up 😊.
Regards,
Jordan
-----Original Message-----
From: Daan Hoogland <da...@gmail.com>
Sent: Monday, May 31, 2021 10:31 AM
To: users <us...@cloudstack.apache.org>
Subject: Re: when removing an account linked to ldap and re-adding it, login fails
[X] This message came from outside your organization
ok Jordan,
tnx, if you can reproduce, please enter an issue on github.
On Mon, May 31, 2021 at 9:19 AM Yordan Kostov <Yo...@nsogroup.com> wrote:
> Hello Dan,
>
> No it is 4.15 installation connection to XCP-NG cluster.
> All I did is a lot of testing - creating domains + accounts
> connected to LDAP and then deleting them.
> At some point that issue occurred.
>
> Best regards,
> Jordan
>
> -----Original Message-----
> From: Daan Hoogland <da...@gmail.com>
> Sent: Monday, May 31, 2021 10:08 AM
> To: users <us...@cloudstack.apache.org>
> Subject: Re: when removing an account linked to ldap and re-adding it,
> login fails
>
>
> [X] This message came from outside your organization
>
>
> Tnx for reporting Yordan,
> Just one question, This issue you link to is supposed to have been
> solved in 4.14, did you create and delete the account before in an older version?
> tnx
>
> On Fri, May 28, 2021 at 3:59 PM Yordan Kostov <Yo...@nsogroup.com>
> wrote:
>
> > Figured it out.
> > For anyone having this issue:
> >
> > Go to "ldap_trust_map" and correlate the entries with the accounts
> > in "Account" table.
> > Delete the irrelevant ones in "ldap_trust_map" and login is successful.
> >
> > Regards,
> > Jordan
> >
> >
> > -----Original Message-----
> > From: Yordan Kostov <Yo...@NSOGROUP.COM>
> > Sent: Friday, May 28, 2021 4:43 PM
> > To: users@cloudstack.apache.org
> > Subject: when removing an account linked to ldap and re-adding it,
> > login fails
> >
> >
> > [X] This message came from outside your organization
> >
> >
> > Hey everyone,
> >
> > ACD version 4.15.
> >
> > I am playing with LDAP and after some tests I cannot
> > login with ldap account anymore.
> > This is what I get as error messages:
> >
> > 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01'
> > is mapped to more then one account in domain and will be disabled.
> > 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2
> > auth for
> > user: acstest01
> > 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find
> > user with acstest01 in domain 18, or user source is not SAML2
> > 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to
> > authenticate user with username acstest01 in domain 18
> > 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find
> > an user with username acstest01 in domain 18
> > 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01
> > in domain 18 has failed to log in
> > 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication
> failure:
> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed
> > to authenticate user acstest01 in domain 18; please provide valid
> > credentials"}}
> >
> > I have only 1 account mapped in that domain so from
> > what I see it looks like this issue here ->
> > https://urldefense.com/v3/__https://github.com/apache/cloudstack/iss
> > ue
> > s/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkz
> > TT
> > a7A6dNOdYWqn$
> >
> > Any idea what should be cleaned in the DB to allow
> > login
> ?
> >
> > Regards,
> > Jordan
> >
> > <font size="2"><font color="#D8D8D8">11!</font>
> >
> >
>
> --
> Daan
>
--
Daan
Re: when removing an account linked to ldap and re-adding it, login fails
Posted by Daan Hoogland <da...@gmail.com>.
ok Jordan,
tnx, if you can reproduce, please enter an issue on github.
On Mon, May 31, 2021 at 9:19 AM Yordan Kostov <Yo...@nsogroup.com> wrote:
> Hello Dan,
>
> No it is 4.15 installation connection to XCP-NG cluster.
> All I did is a lot of testing - creating domains + accounts
> connected to LDAP and then deleting them.
> At some point that issue occurred.
>
> Best regards,
> Jordan
>
> -----Original Message-----
> From: Daan Hoogland <da...@gmail.com>
> Sent: Monday, May 31, 2021 10:08 AM
> To: users <us...@cloudstack.apache.org>
> Subject: Re: when removing an account linked to ldap and re-adding it,
> login fails
>
>
> [X] This message came from outside your organization
>
>
> Tnx for reporting Yordan,
> Just one question, This issue you link to is supposed to have been solved
> in 4.14, did you create and delete the account before in an older version?
> tnx
>
> On Fri, May 28, 2021 at 3:59 PM Yordan Kostov <Yo...@nsogroup.com>
> wrote:
>
> > Figured it out.
> > For anyone having this issue:
> >
> > Go to "ldap_trust_map" and correlate the entries with the accounts in
> > "Account" table.
> > Delete the irrelevant ones in "ldap_trust_map" and login is successful.
> >
> > Regards,
> > Jordan
> >
> >
> > -----Original Message-----
> > From: Yordan Kostov <Yo...@NSOGROUP.COM>
> > Sent: Friday, May 28, 2021 4:43 PM
> > To: users@cloudstack.apache.org
> > Subject: when removing an account linked to ldap and re-adding it,
> > login fails
> >
> >
> > [X] This message came from outside your organization
> >
> >
> > Hey everyone,
> >
> > ACD version 4.15.
> >
> > I am playing with LDAP and after some tests I cannot
> > login with ldap account anymore.
> > This is what I get as error messages:
> >
> > 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01'
> > is mapped to more then one account in domain and will be disabled.
> > 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth
> > for
> > user: acstest01
> > 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find
> > user with acstest01 in domain 18, or user source is not SAML2
> > 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to
> > authenticate user with username acstest01 in domain 18
> > 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an
> > user with username acstest01 in domain 18
> > 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in
> > domain 18 has failed to log in
> > 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication
> failure:
> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> > authenticate user acstest01 in domain 18; please provide valid
> > credentials"}}
> >
> > I have only 1 account mapped in that domain so from
> > what I see it looks like this issue here ->
> > https://urldefense.com/v3/__https://github.com/apache/cloudstack/issue
> > s/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTT
> > a7A6dNOdYWqn$
> >
> > Any idea what should be cleaned in the DB to allow login
> ?
> >
> > Regards,
> > Jordan
> >
> > <font size="2"><font color="#D8D8D8">11!</font>
> >
> >
>
> --
> Daan
>
--
Daan
RE: when removing an account linked to ldap and re-adding it, login
fails
Posted by Yordan Kostov <Yo...@NSOGROUP.COM>.
Hello Dan,
No it is 4.15 installation connection to XCP-NG cluster.
All I did is a lot of testing - creating domains + accounts connected to LDAP and then deleting them.
At some point that issue occurred.
Best regards,
Jordan
-----Original Message-----
From: Daan Hoogland <da...@gmail.com>
Sent: Monday, May 31, 2021 10:08 AM
To: users <us...@cloudstack.apache.org>
Subject: Re: when removing an account linked to ldap and re-adding it, login fails
[X] This message came from outside your organization
Tnx for reporting Yordan,
Just one question, This issue you link to is supposed to have been solved in 4.14, did you create and delete the account before in an older version?
tnx
On Fri, May 28, 2021 at 3:59 PM Yordan Kostov <Yo...@nsogroup.com> wrote:
> Figured it out.
> For anyone having this issue:
>
> Go to "ldap_trust_map" and correlate the entries with the accounts in
> "Account" table.
> Delete the irrelevant ones in "ldap_trust_map" and login is successful.
>
> Regards,
> Jordan
>
>
> -----Original Message-----
> From: Yordan Kostov <Yo...@NSOGROUP.COM>
> Sent: Friday, May 28, 2021 4:43 PM
> To: users@cloudstack.apache.org
> Subject: when removing an account linked to ldap and re-adding it,
> login fails
>
>
> [X] This message came from outside your organization
>
>
> Hey everyone,
>
> ACD version 4.15.
>
> I am playing with LDAP and after some tests I cannot
> login with ldap account anymore.
> This is what I get as error messages:
>
> 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01'
> is mapped to more then one account in domain and will be disabled.
> 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth
> for
> user: acstest01
> 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find
> user with acstest01 in domain 18, or user source is not SAML2
> 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to
> authenticate user with username acstest01 in domain 18
> 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an
> user with username acstest01 in domain 18
> 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in
> domain 18 has failed to log in
> 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure:
> {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> authenticate user acstest01 in domain 18; please provide valid
> credentials"}}
>
> I have only 1 account mapped in that domain so from
> what I see it looks like this issue here ->
> https://urldefense.com/v3/__https://github.com/apache/cloudstack/issue
> s/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTT
> a7A6dNOdYWqn$
>
> Any idea what should be cleaned in the DB to allow login ?
>
> Regards,
> Jordan
>
> <font size="2"><font color="#D8D8D8">11!</font>
>
>
--
Daan