[
https://issues.apache.org/jira/browse/KNOX-735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay resolved KNOX-735.
------------------------------
Resolution: Cannot Reproduce
> Knox doesn't work with ldaps protocol
> -------------------------------------
>
> Key: KNOX-735
> URL: https://issues.apache.org/jira/browse/KNOX-735
> Project: Apache Knox
> Issue Type: Bug
> Components: ClientDSL, Site
> Affects Versions: 0.6.0
> Environment: RHEL : Oracle Linux Server release 6.7
> Curl Version : 7.19.7
> openjdk version "1.8.0_71"
> OpenJDK Runtime Environment (build 1.8.0_71-b15)
> Reporter: Arpan Rajani
> Labels: security
>
> When in the topology we place ssl authcBasic or authcBasic along with the
> context factory using ldaps protocol we are unable to get Knox working.
> When we try using Knox with curl Knox generates HTTP Error 503.
> {code}
> curl -i -k -u ad_user:P@ssword
> 'https://<Knox_SERVER_Hostname>:<KNOX_PORT>/gateway/default/templeton/v1/status'
> {code}
> Corresponding logs from Knox gateway are :
> {code}
> 2016-08-15 17:12:41,971 DEBUG ldap.JndiLdapRealm
> (JndiLdapRealm.java:queryForAuthenticationInfo(369)) - Authenticating user
> 'ad_user' through LDAP
> 2016-08-15 17:12:41,972 DEBUG ldap.JndiLdapContextFactory
> (JndiLdapContextFactory.java:getLdapContext(488)) - Initializing LDAP context
> using URL [ldaps://ldapURL:636] and principal [CN=CN_NAME,OU=Admin
> ,OU=MyUnit,DC=MyCompany,DC=local] with pooling enabled
> 2016-08-15 17:12:41,980 DEBUG servlet.SimpleCookie
> (SimpleCookie.java:addCookieHeader(226)) - Added HttpServletResponse Cookie
> [rememberMe=deleteMe; Path=/gateway/default; Max-Age=0; Expires=Sun,
> 14-Aug-2016 17:12:41 GMT]
> 2016-08-15 17:12:41,980 DEBUG authc.BasicHttpAuthenticationFilter
> (BasicHttpAuthenticationFilter.java:sendChallenge(274)) - Authentication
> required: sending 401 Authentication challenge response.
> 2016-08-15 17:12:41,980 DEBUG server.Server (Server.java:handle(367)) -
> RESPONSE /gateway/default/templeton/v1/status 401 handled=true
> {code}
> The configuration we are using for Knox topology related to authencation are
> following
> {code}
> <param>
> <name>urls./**</name>
> <value>ssl authcBasic</value>
> <!-- Also tried with authcBasic -->
> <!-- change this to authBasic with ldap and port to 389 it works-->
> </param>
> <param>
> <name>main.ldapRealm.contextFactory.url</name>
> <value>ldaps://ldapURL:636</value>
> <!-- Switch this URL to use ldap and change port to 389 it works
> -->
> </param>
> {code}
> - I see this as a threat to IT systems which need to adhere certain
> compliance.
> - Along with this it would be great if the log could explicitly mention what
> is the issue, currently it doesn't provide any useful info which pin points
> to ldaps changing to ldap.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
