You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Rohit Yadav (JIRA)" <ji...@apache.org> on 2015/05/11 17:16:01 UTC

[jira] [Closed] (CLOUDSTACK-1213) Not able to integrate LDAP with SSL auth in cloudstack

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-1213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rohit Yadav closed CLOUDSTACK-1213.
-----------------------------------
    Resolution: Invalid

This a SSL issue, make sure you're using correct SSL configs.

> Not able to integrate LDAP with SSL auth in cloudstack
> ------------------------------------------------------
>
>                 Key: CLOUDSTACK-1213
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1213
>             Project: CloudStack
>          Issue Type: Task
>          Components: API
>    Affects Versions: 4.0.1
>         Environment: Ubuntu 12.04 x64
>            Reporter: madhusudan
>            Priority: Minor
>              Labels: LDAP, integration
>
> I have cloudstack 4.0.1-incubating installed and  running successfully.
> I tried to run api command using username login.
> step1
> user login
> http://hostname:8080/client/api?command=login&username=admin&password=md5hash
> output:
> { "loginresponse" : { "timeout" : "1800", "lastname" : "cloud", "registered" : "false", "username" : "admin", "firstname" : "admin", "domainid" : "blablabla", "type" : "1", "userid" : "blablabla", "sessionkey" : "blablalbla", "account" : "admin" } }
> few doubts about login
>   Does userid is same as JsessionID..?  if yes then
>   Do we have to pass the Jsessionid  along with the URL or the above would do..?
>   else
>   where can I find the Jsessionid..? (as it is not displaying in the above command)
>   
> step2:
> when i run this 
> http://hostname:8096/client/api?apikey=blablabla&bindn=%20cn%3DDirectory%20Manager&bindpass=password&command=ldapConfig&hostname=ldapserver&queryfilter=%28%26%28uid%3D%25u%29%29&port=636&searchbase=ou%3Dpeople%2Cdc%3Ddomain%2Cdc%3Dcom&sessionkey=blablabla&ssl=true&truststore=%2Fetc%2Fssl%2FNdomaincert.jks&truststorepass=password&response=json
> i get below error
> { "ldapconfigresponse" : {"uuidList":[],"errorcode":431,"cserrorcode":4490,"errortext":"Naming Exception, check you ldap data ! simple bind failed: LDAPserver:636Caused by:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"} }
> I tried to use the certification file(.crt) without password and gave this error.
> { "ldapconfigresponse" : {"uuidList":[],"errorcode":431,"cserrorcode":4490,"errortext":"If you plan to use SSL then you need to configure the trust store."} }
> is providing password necessary..?, or am i missing something..?
> do you have any better solution for this..? or at-least can redirect me to the place where I can get help to integrate LDAP with SSL into cloudstack.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)