You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Jon Brooks <jo...@yahoo.com.INVALID> on 2018/06/06 17:11:20 UTC

Openldap authentication issues

Cloudstack version: 4.11.0OpenLdap version: 2.4.44-5OS: Centos 7.4.1708
Cloudstack LDAP Configuration:
ldap.basedn : ou=People,dc=test,dc=net ldap.bind.password : XXXXXXXldap.bind.principal :  cn=LDAPAdmin,ou=People,dc=test,dc=netldap.email.attribute : mailldap.firstname.attribute : cnldap.lastname.attribute : snldap.username.attribute : uidldap.user.object : inetOrgPerson


Error:
com.cloud.exception.InvalidParameterValueException: Unable to bind to the given LDAP server



Logs:
 [root@node1 ~]# tail -f /var/log/cloudstack/management/management-server.log | grep -i -E 'exception|unable|fail|invalid|leak|warn|error|ldap'2018-06-06 10:59:02,588 DEBUG [c.c.a.ApiServlet] (qtp788117692-26:ctx-9e92257d) (logid:76b79610) ===START===  10.0.1.206 -- GET  command=ad LdapConfiguration&hostname=ldap.test.net&port=389&response=json&_=15282971507202018-06-06 10:59:02,605 DEBUG [o.a.c.l.LdapContextFactory] (qtp788117692-26:ctx-9e92257d ctx-d0d40bce) (logid:76b79610) initializing ldap with provider url: ldap://ldap.test.net:3892018-06-06 11:01:09,879 DEBUG [o.a.c.l.LdapManagerImpl] (qtp788117692-26:ctx-9e92257d ctx-d0d40bce) (logid:76b79610) NamingException while doing an LDAP bindjavax.naming.CommunicationException: ldap.test.net:389 [Root exception is java.net.ConnectException: Connection timed out (Connection timed out)]        at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)        at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)        at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)        at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:114)        at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:136)        at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:329)        at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1607)        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)        at org.apache.cloudstack.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:62)        at org.apache.cloudstack.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:51)        at org.apache.cloudstack.ldap.LdapManagerImpl.addConfigurationInternal(LdapManagerImpl.java:118)        at org.apache.cloudstack.ldap.LdapManagerImpl.addConfiguration(LdapManagerImpl.java:103)        at org.apache.cloudstack.api.command.LdapAddConfigurationCmd.execute(LdapAddConfigurationCmd.java:66)Caused by: java.net.ConnectException: Connection timed out (Connection timed out)2018-06-06 11:01:09,881 INFO  [c.c.a.ApiServer] (qtp788117692-26:ctx-9e92257d ctx-d0d40bce) (logid:76b79610) com.cloud.exception.InvalidParameterValueException: Unable to bind to the given LDAP server

*** I'm still trying to capture openldap logs at the moment.

Re: Openldap authentication issues

Posted by Suresh Sadhu <su...@accelerite.com>.

Hi jon,

I think  Please check the attribute  for the first name . default value for  ldap.firstname.attribute is “givenName"

ldap bind fails if there is any problem in our  given parameters values please check manually by running ldapsearch command.if it works manully then it should work in  CS  if not then its a bug in CS :-)



regards
sadhu








givenname


On Jun 6, 2018, at 10:41 PM, Jon Brooks <jo...@yahoo.com.invalid>> wrote:

ldap.basedn : ou=People,dc=test,dc=net ldap.bind.password : XXXXXXXldap.bind.principal :  cn=LDAPAdmin,ou=People,dc=test,dc=netldap.email.attribute : mailldap.firstname.attribute : cnldap.lastname.attribute : snldap.username.attribute : uidldap.user.object : inetOrgPerson

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.