You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by "madhusudan (JIRA)" <ji...@apache.org> on 2013/02/08 11:17:12 UTC

[jira] [Created] (CLOUDSTACK-1213) Not able to integrate LDAP with SSL auth in cloudstack

madhusudan created CLOUDSTACK-1213:
--------------------------------------

             Summary: Not able to integrate LDAP with SSL auth in cloudstack
                 Key: CLOUDSTACK-1213
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1213
             Project: CloudStack
          Issue Type: Test
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: API
    Affects Versions: 4.0.1
         Environment: Ubuntu 12.04 x64
            Reporter: madhusudan
            Priority: Minor


I have cloudstack 4.0.1-incubating installed and  running successfully.
I tried to run api command using username login.


step1
user login
http://hostname:8080/client/api?command=login&username=admin&password=md5hash

output:
{ "loginresponse" : { "timeout" : "1800", "lastname" : "cloud", "registered" : "false", "username" : "admin", "firstname" : "admin", "domainid" : "blablabla", "type" : "1", "userid" : "blablabla", "sessionkey" : "blablalbla", "account" : "admin" } }


few doubts about login
  Does userid is same as JsessionID..?  if yes then
  Do we have to pass the Jsessionid  along with the URL or the above would do..?
  else
  where can I find the Jsessionid..? (as it is not displaying in the above command)
  


step2:

when i run this 
http://hostname:8096/client/api?apikey=blablabla&bindn=%20cn%3DDirectory%20Manager&bindpass=password&command=ldapConfig&hostname=ldapserver&queryfilter=%28%26%28uid%3D%25u%29%29&port=636&searchbase=ou%3Dpeople%2Cdc%3Ddomain%2Cdc%3Dcom&sessionkey=blablabla&ssl=true&truststore=%2Fetc%2Fssl%2FNdomaincert.jks&truststorepass=password&response=json

i get below error

{ "ldapconfigresponse" : {"uuidList":[],"errorcode":431,"cserrorcode":4490,"errortext":"Naming Exception, check you ldap data ! simple bind failed: LDAPserver:636Caused by:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"} }


I tried to use the certification file(.crt) without password and gave this error.


{ "ldapconfigresponse" : {"uuidList":[],"errorcode":431,"cserrorcode":4490,"errortext":"If you plan to use SSL then you need to configure the trust store."} }

is providing password necessary..?, or am i missing something..?
do you have any better solution for this..? or at-least can redirect me to the place where I can get help to integrate LDAP with SSL into cloudstack.






--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira