Re: LDAP & Roles

Jean-Baptiste Onofré Sun, 05 Mar 2017 22:21:12 -0800

Hi,

do you use role mapping ?


Can you share your JAAS LDAP config ?

Regards
JB

On 03/06/2017 03:22 AM, mtod09 wrote:

I'm trying to setup LDAP using Roles I setup a copy of Servicemix on my local
system and it works fine.
When I place it up on a server everything works except for roles.

For some reason the process that get's the roles fails on the server
version.

Local system is Windows 10 and server is Windows 2012 R2.

Thanks for any help you can provide.

Server Version

2017-03-05 20:44:31,380 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | doAuthenticate[realm=karaf,
role=webconsole,
rolePrincipalClasses=org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.modules
.RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal,
configuration=null, username=inttest02, password=******]
2017-03-05 20:44:31,380 | DEBUG | qtp700085358-120 | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
2017-03-05 20:44:31,380 | DEBUG | qtp700085358-120 | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
2017-03-05 20:44:31,381 | DEBUG | qtp700085358-120 | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal
for CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local
2017-03-05 20:44:31,381 | DEBUG | qtp700085358-120 | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
2017-03-05 20:44:31,389 | DEBUG | qtp700085358-120 | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | User inttest02 successfully
bound.
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
org.apache.karaf.jaas.boot.principal.RolePrincipal
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
UserPrincipal[inttest02]
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | principal class
org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
org.apache.karaf.jaas.boot.principal.RolePrincipal, continuing
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
org.apache.karaf.jaas.modules.RolePrincipal
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
UserPrincipal[inttest02]
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | principal class
org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
org.apache.karaf.jaas.modules.RolePrincipal, continuing
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
org.apache.karaf.jaas.boot.principal.GroupPrincipal
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
UserPrincipal[inttest02]
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | principal class
org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
org.apache.karaf.jaas.boot.principal.GroupPrincipal, continuing
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
| 233 - io.hawt.hawtio-web - 1.4.68 | User inttest02 does not have the
required role webconsole

Local Version

2017-03-05 18:05:51,962 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | doAuthenticate[realm=karaf,
role=webconsole,
rolePrincipalClasses=org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.modules.RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal,
configuration=null, username=inttest02, password=******]
2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal
for CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local
2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
2017-03-05 18:05:52,180 | DEBUG | icalNaming=false | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | User inttest02 successfully
bound.
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
org.apache.karaf.jaas.boot.principal.RolePrincipal
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
RolePrincipal[viewer]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | role viewer doesn't match webconsole,
continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
RolePrincipal[Mirth Admins DEV]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | role Mirth Admins DEV doesn't match
webconsole, continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
RolePrincipal[manager]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | role manager doesn't match webconsole,
continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
RolePrincipal[jmxUser]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | role jmxUser doesn't match webconsole,
continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
RolePrincipal[admin]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | role admin doesn't match webconsole,
continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
RolePrincipal[sshConsole]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | role sshConsole doesn't match
webconsole, continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
UserPrincipal[inttest02]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | principal class
org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
org.apache.karaf.jaas.boot.principal.RolePrincipal, continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
RolePrincipal[webconsole]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Matched role and role principal class





--
View this message in context: 
http://karaf.922171.n3.nabble.com/LDAP-Roles-tp4049745.html
Sent from the Karaf - User mailing list archive at Nabble.com.


--
Jean-Baptiste Onofré
jbono...@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Re: LDAP & Roles

Reply via email to