Hi Shyam,
I have the same problem with AD authentication. My platform was working
perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't login
with LDAP users but I can list ldap users in "Add LDAP account". In log I get
the following error:
Authentication failure:
{"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
authenticate user [email protected] in domain 1; please provide valid
credentials"}}
I check with tcpdump the communication between cloudstack-management and AD and
I find cloudstack send correctly a bindRequest and AD response was success so
I think cloudstack is not interpreting the response in the right way.
LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX"
password
LDAPMEssage bindResponse(1) "success"
I compare the bind request and bindResponse in Cloudstack 4.9.2 and it looks
like the same request an response.
Regards,
Javier
-----Mensaje original-----
> De: "soundar rajan" <[email protected]>
> A: [email protected]
> Fecha: 20/03/18 12:59
> Asunto: Re: Not able to authenticate using microsoft AD
>
> sometime while restarting i am getting this information
>
> Did not find configuration ldap.username.attribute in Config.java. Perhaps
> moved to ConfigDepot
>
> On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <[email protected]>
> wrote:
>
> > yes its microsoftad and all the required parameters are configured
> > correctly
> >
> > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <[email protected]>
> > wrote:
> >
> >> Shyam, your reply to Rajani doesn't seem to include any settings. most
> >> particularly what is the value of 'ldap.provider'?
> >>
> >>
> >>
> >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <[email protected]>
> >> wrote:
> >>
> >> > Hi Daan,
> >> >
> >> > Please find the log
> >> >
> >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log in
> >> user:
> >> > shyam.soundar in domain 1
> >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
> >> > provider url: ldap://172.xx.xx.11:389
> >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
> >> > provider url: ldap://172.xx.xx.11:389
> >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to authenticate
> >> user
> >> > with username shyam.soundar in domain 1
> >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: shyam.soundar in
> >> > domain 1 has failed to log in
> >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication failure:
> >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> >> > authenticate user shyam.soundar in domain 1; please provide valid
> >> > credentials"}}
> >> >
> >> > Regards
> >> > Shyam
> >> >
> >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
> >> [email protected]>
> >> > wrote:
> >> >
> >> > > not at first glance no, it can be a configuration or a code bug. Can
> >> you
> >> > > find anything in the logs around the moment of the login?
> >> > >
> >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
> >> [email protected]>
> >> > > wrote:
> >> > >
> >> > > > Hi Daan,
> >> > > >
> >> > > > I dont see any request hitting our domain controller while logging
> >> > but i
> >> > > > am able to import all users. Any idea.
> >> > > >
> >> > > > Regards
> >> > > > Shyam
> >> > > >
> >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> >> > [email protected]
> >> > > >
> >> > > > wrote:
> >> > > >
> >> > > > > Shyam, do you have any related log message, preferably with stack
> >> > trace
> >> > > > > that is related? Do you see that request are coming in on your AD?
> >> > > > >
> >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> >> > > [email protected]>
> >> > > > > wrote:
> >> > > > >
> >> > > > > > Please find the error message
> >> > > > > >
> >> > > > > > Authentication failure:
> >> > > > > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":
> >> > "Failed
> >> > > to
> >> > > > > > authenticate user shyam.soundar in domain 1; please provide
> >> valid
> >> > > > > > credentials"}}
> >> > > > > >
> >> > > > > >
> >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> >> > > [email protected]
> >> > > > >
> >> > > > > > wrote:
> >> > > > > >
> >> > > > > > > Hi,
> >> > > > > > >
> >> > > > > > > Version i use is 4.11
> >> > > > > > >
> >> > > > > > > Regards
> >> > > > > > > Shyam
> >> > > > > > >
> >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> >> > > > > [email protected]>
> >> > > > > > > wrote:
> >> > > > > > >
> >> > > > > > >> Shyam, sorry to hear. What versions are you using?
> >> > > > > > >>
> >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> >> > > > > [email protected]
> >> > > > > > >
> >> > > > > > >> wrote:
> >> > > > > > >>
> >> > > > > > >> > Hi ALL,
> >> > > > > > >> >
> >> > > > > > >> > I have successfully configured Active directory and able to
> >> > > import
> >> > > > > the
> >> > > > > > >> > users to cloudstack.
> >> > > > > > >> >
> >> > > > > > >> > But users is not able to login with there domain
> >> credentials
> >> > do
> >> > > i
> >> > > > > miss
> >> > > > > > >> > anything in the configuration?
> >> > > > > > >> >
> >> > > > > > >> > Regards
> >> > > > > > >> > Shyam
> >> > > > > > >> >
> >> > > > > > >>
> >> > > > > > >>
> >> > > > > > >>
> >> > > > > > >> --
> >> > > > > > >> Daan
> >> > > > > > >>
> >> > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > > --
> >> > > > > Daan
> >> > > > >
> >> > > >
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > Daan
> >> > >
> >> >
> >>
> >>
> >>
> >> --
> >> Daan
> >>
> >
> >
