You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2020/02/02 21:22:10 UTC
[GitHub] [druid] averma111 opened a new issue #9303: ERROR
[qtp1604271704-130]
org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator
- Exception during user lookup
averma111 opened a new issue #9303: ERROR [qtp1604271704-130] org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator - Exception during user lookup
URL: https://github.com/apache/druid/issues/9303
Version 0.17.0
Authentication: Ldap
We have enabled the ldap in the single instance micro druid cluster.
I am getting the above error while bringing up the services in coordinator-overlord.log file
2020-02-02T21:15:36,691 ERROR [qtp1604271704-130] org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator - Exception during user lookup
druid.escalator.type=basic
druid.escalator.internalClientUsername=druid_system
druid.escalator.internalClientPassword=password2
druid.escalator.authorizerName=ldapauth
druid.auth.authorizers=["ldapauth"]
druid.auth.authorizer.ldapauth.type=basic
#druid.auth.authorizer.ldapauth.initialAdminUser=admin
#druid.auth.authorizer.ldapauth.initialAdminRole=admin
druid.auth.authorizer.ldapauth.roleProvider.type=ldap
Authenticating settings are specific to project cant share here.
Thanks,
Ashish
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] averma111 commented on issue #9303: ERROR
[qtp1604271704-130]
org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator
- Exception during user lookup
Posted by GitBox <gi...@apache.org>.
averma111 commented on issue #9303: ERROR [qtp1604271704-130] org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator - Exception during user lookup
URL: https://github.com/apache/druid/issues/9303#issuecomment-582591052
Thank you @mohammadjkhan please find the below details for TSL and LDAP both
#TLS
druid.enablePlaintextPort=false
druid.enableTlsPort=true
druid.server.https.keyStorePath=**.jks
druid.server.https.keyStoreType=JKS
druid.server.https.certAlias=<domain name>
druid.server.https.keyStorePassword=<password>
druid.server.https.requireClientCertificate=false
druid.server.https.requestClientCertificate=false
druid.client.https.trustStorePath=*.jks
druid.client.https.trustStoreType=JKS
druid.client.https.trustStorePassword=<password>
druid.auth.authenticatorChain=["ldap"]
druid.auth.authenticator.ldap.type=basic
druid.auth.authenticator.ldap.enableCacheNotifications=true
druid.auth.authenticator.ldap.credentialsValidator.type=ldap
druid.auth.authenticator.ldap.credentialsValidator.url=<ldap server>:<port>
druid.auth.authenticator.ldap.credentialsValidator.bindUser=<userid>
druid.auth.authenticator.ldap.credentialsValidator.bindPassword=<password>
druid.auth.authenticator.ldap.credentialsValidator.baseDn=<dn name>
druid.auth.authenticator.ldap.credentialsValidator.userSearch=<search criteria>
druid.auth.authenticator.ldap.credentialsValidator.userAttribute=sAMAccountName
druid.auth.authenticator.ldap.authorizerName=ldapauth
druid.escalator.type=basic
druid.escalator.internalClientUsername=druid_system
druid.escalator.internalClientPassword=password2
druid.escalator.authorizerName=ldapauth
druid.auth.authorizers=["ldapauth"]
druid.auth.authorizer.ldapauth.type=basic
druid.auth.authorizer.ldapauth.initialAdminUser=admin
druid.auth.authorizer.ldapauth.initialAdminRole=admin
druid.auth.authorizer.ldapauth.roleProvider.type=ldap
Let me know if these setting looks good
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] mohammadjkhan commented on issue #9303: ERROR
[qtp1604271704-130]
org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator
- Exception during user lookup
Posted by GitBox <gi...@apache.org>.
mohammadjkhan commented on issue #9303: ERROR [qtp1604271704-130] org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator - Exception during user lookup
URL: https://github.com/apache/druid/issues/9303#issuecomment-582547192
@averma111 The exception you pasted is an authentication exception. Without the complete list of authentication settings, it would be hard for me to tell. It seems like you maybe incorrectly mixing up the two basic credential validator types.
You can share your Authentication properties and settings here and just remove/leave out the some of values that you deem sensitive
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] mohammadjkhan edited a comment on issue #9303: ERROR
[qtp1604271704-130]
org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator
- Exception during user lookup
Posted by GitBox <gi...@apache.org>.
mohammadjkhan edited a comment on issue #9303: ERROR [qtp1604271704-130] org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator - Exception during user lookup
URL: https://github.com/apache/druid/issues/9303#issuecomment-582547192
@averma111 The exception you pasted is an authentication exception. Without the complete list of authentication settings, it would be hard for me to tell. It seems like you maybe incorrectly mixing up the two basic credential validator types.
You can share your Authentication properties and settings here, and just remove/leave out the some of values that you deem sensitive
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] mohammadjkhan edited a comment on issue #9303: ERROR
[qtp1604271704-130]
org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator
- Exception during user lookup
Posted by GitBox <gi...@apache.org>.
mohammadjkhan edited a comment on issue #9303: ERROR [qtp1604271704-130] org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator - Exception during user lookup
URL: https://github.com/apache/druid/issues/9303#issuecomment-582547192
@averma111 The exception you pasted is an authentication exception. Without the complete list of authentication settings, it would be hard for me to tell. It seems like you maybe incorrectly mixing up the two basic credential validator types (metadata/ldap).
You can share your Authentication properties and settings here, and just remove/leave out the some of values that you deem sensitive
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] mohammadjkhan commented on issue #9303: ERROR
[qtp1604271704-130]
org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator
- Exception during user lookup
Posted by GitBox <gi...@apache.org>.
mohammadjkhan commented on issue #9303: ERROR [qtp1604271704-130] org.apache.druid.security.basic.authentication.validator.LDAPCredentialsValidator - Exception during user lookup
URL: https://github.com/apache/druid/issues/9303#issuecomment-582607552
looks like you need to update your escalator credentials with an account that actually exists in your ldap.
druid_system is metadata user
Try this...
druid.auth.authenticatorChain=["ldap"]
-Ddruid.auth.basic.ssl.trustStorePath=
-Ddruid.auth.basic.ssl.protocol=JKS
-Ddruid.auth.basic.ssl.trustStorePassword=
-Ddruid.auth.basic.ssl.trustStoreType=
(you might be fine not having to include any of the below key store config properties)
-Ddruid.auth.basic.ssl.keyStorePath=
-Ddruid.auth.basic.ssl.keyStoreType=JKS
-Ddruid.auth.basic.ssl.certAlias=
-Ddruid.auth.basic.ssl.keyStorePassword=
-Ddruid.auth.basic.ssl.keyManagerPassword=
druid.auth.authenticator.ldap.type=basic
(for ldap, enableCacheNotifications is not needed since ldap doesn't have any notification scheme. This property is primarily used for metadata credential validator configuration)
druid.auth.authenticator.ldap.enableCacheNotifications=true
druid.auth.authenticator.ldap.credentialsValidator.type=ldap
druid.auth.authenticator.ldap.credentialsValidator.url=:
druid.auth.authenticator.ldap.credentialsValidator.bindUser=
druid.auth.authenticator.ldap.credentialsValidator.bindPassword=
druid.auth.authenticator.ldap.credentialsValidator.baseDn=
druid.auth.authenticator.ldap.credentialsValidator.userSearch=
druid.auth.authenticator.ldap.credentialsValidator.userAttribute=sAMAccountName
druid.auth.authenticator.ldap.authorizerName=ldapauth
druid.escalator.type=basic
druid.escalator.internalClientUsername=ldap user id
druid.escalator.internalClientPassword=ldap user password
druid.escalator.authorizerName=ldapauth
druid.auth.authorizers=["ldapauth"]
druid.auth.authorizer.ldapauth.type=basic
druid.auth.authorizer.ldapauth.initialAdminUser=ldap user id you specified in internalClientUsername
druid.auth.authorizer.ldapauth.initialAdminRole=admin
druid.auth.authorizer.ldapauth.roleProvider.type=ldap
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org