[
https://issues.apache.org/jira/browse/CLOUDSTACK-3344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
sadhu suresh reopened CLOUDSTACK-3344:
--------------------------------------
its still storing the amp symbol in the database
did ldapconfig both from UI and API and seeing different value for query filter
http://10.147.59.126:8080/client/api?command=ldapConfig&binddn=CN%3Dtest%2CCN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&bindpass=aaaa_1111&hostname=10.147.38.163&searchbase=CN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&queryfilter=(%26amp%3B(mail%3D%25e))&port=389&ssl=false&response=json&sessionkey=4LZTbD5qussoVFfeWXKl9KFX1cE%3D&_=1374659477752
{ "ldapconfigresponse" : { "ldapconfig" :
{"hostname":"10.147.38.163","port":"389","ssl":"false","searchbase":"CN=Users,DC=hyd-qa,DC=com","queryfilter":"(&(mail=%e))","binddn":"CN=test,CN=Users,DC=hyd-qa,DC=com"}
} }
when you refresh ,then amp is not shown in UI but db has "amp" entry due to
this fail to login with ldap credentials
mysql> select * from configuration where name like "%ldap%";
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| category | instance | component | name | value
| description
|
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| Hidden | DEFAULT | management-server | ldap.dn |
Xnd5TE6D7NCEh++h1fxc2RAWttBINHxVXXjeAHuTaplBA+9cqV8LBfRapaVyuwDM | Specify the
distinguished name of a user with the search permission on the directory
|
| Hidden | DEFAULT | management-server | ldap.hostname |
DcgL+LoqA0k+sxbkl44EyFDhQSNQTBuf | Hostname or
ip address of the ldap server eg: my.ldap.com
|
| Hidden | DEFAULT | management-server | ldap.passwd |
aOS33EI72htwV4eGHDhqBs+hm9oa3ccO | Enter the
password
|
| Hidden | DEFAULT | management-server | ldap.port |
BMugS6+mkm16JjYLiMwONA== | Specify the
LDAP port if required, default is 389
|
| Hidden | DEFAULT | management-server | ldap.queryfilter |
WLGxV6IvIk40k3vseoBddBptKgfGVqsijX5eMZZCvbQ= | You specify
a query filter here, which narrows down the users, who can be part of this
domain |
| Hidden | DEFAULT | management-server | ldap.searchbase |
XIIcnKfUkit/7KupE9ygGiUXYM9aVJTjc+Ineh3TP3/GqPo0Y6o/tQ== | The search
base defines the starting point for the search in the directory tree Example:
dc=cloud,dc=com. |
| Hidden | DEFAULT | management-server | ldap.truststore | NULL
| Enter the path to trusted
keystore
|
| Hidden | DEFAULT | management-server | ldap.truststorepass | NULL
| Enter the password for
trusted keystore
|
| Hidden | DEFAULT | management-server | ldap.usessl |
ODc2oltFwKde3E981qlYfA== | Check Use
SSL if the external LDAP server is configured for LDAP over SSL.
|
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
9 rows in set (0.01 sec)
mysql> WLGxV6IvIk40k3vseoBddBptKgfGVqsijX5eMZZCvbQ=;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'WLGxV6IvIk40k3vseoBddBptKgfGVqsijX5eMZZCvbQ=' at line 1
mysql> select * from configuration where name like "%ldap%";
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| category | instance | component | name | value
| description
|
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| Hidden | DEFAULT | management-server | ldap.dn |
pIHsAEwwK3CM1eet4iXWFfQcKyTTazZapchHj1n9NhuX8PM041r4imJ70xs02VUH | Specify the
distinguished name of a user with the search permission on the directory
|
| Hidden | DEFAULT | management-server | ldap.hostname |
CxFBUxDhjDBNLVCVpqfB3hYH2VE/OqfA | Hostname or
ip address of the ldap server eg: my.ldap.com
|
| Hidden | DEFAULT | management-server | ldap.passwd |
pWsY95KvE9VgIiOGprzicAodfG7Id2eV | Enter the
password
|
| Hidden | DEFAULT | management-server | ldap.port |
7XNDI3wIygItDC1KVlozFQ== | Specify the
LDAP port if required, default is 389
|
| Hidden | DEFAULT | management-server | ldap.queryfilter |
4gOKtbj7OrrL9FCiUMz77HWZqCT571fO | You specify
a query filter here, which narrows down the users, who can be part of this
domain |
| Hidden | DEFAULT | management-server | ldap.searchbase |
BObuJmv6qeZQK8Z7XqXIyYqA+ic/9bsVieTdk/BdT1hNSZAhltgANA== | The search
base defines the starting point for the search in the directory tree Example:
dc=cloud,dc=com. |
| Hidden | DEFAULT | management-server | ldap.truststore | NULL
| Enter the path to trusted
keystore
|
| Hidden | DEFAULT | management-server | ldap.truststorepass | NULL
| Enter the password for
trusted keystore
|
| Hidden | DEFAULT | management-server | ldap.usessl |
1PocqtT15b9Q+tMpItl8MQ== | Check Use
SSL if the external LDAP server is configured for LDAP over SSL.
|
+----------+----------+-------------------+---------------------+---------------
> ldap:UI:sending wrong query filter(converting &symbol to "amp&")during
> ldapconfig through UI[due to this ldap users fail to login]
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-3344
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3344
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: UI
> Affects Versions: 4.2.0
> Reporter: sadhu suresh
> Assignee: Ian Duffy
> Priority: Critical
> Fix For: 4.2.0
>
> Attachments: screenshot_ldap_ui.png
>
>
> Steps:
> 1. Configured the LDAP through UI by providing query filter as email
> (eg:(&(mail=%e)))
> 2.check the configured values
> Actual result:
> its converting & symbol into amp& while configuring the ldap through UI due
> to this ldap users fail to login.
> through API ,its working fine.this is the only problem with UI side where
> they converting "&" symbolto "amp&"
> API fired while performing ldapconfig through UI:
> http://10.147.59.119:8080/client/api?command=ldapConfig&binddn=CN%3Dtest%2CCN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&bindpass=aaaa_1111&hostname=10.147.38.163&searchbase=CN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&queryfilter=(%26(mail%3D%25e))&port=389&ssl=false&response=json&sessionkey=zlWVnEF2HA3R4ekSa8kDXaZrY5k%3D&_=1372835435077
> { "ldapconfigresponse" : { "ldapconfig" :
> {"hostname":"10.147.38.163","port":"389","ssl":"false","searchbase":"CN=Users,DC=hyd-qa,DC=com","queryfilter":"(&(mail=%e))","binddn":"CN=test,CN=Users,DC=hyd-qa,DC=com"}
> } }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
