Hi Antonio, Can you review your ldap.bind.principle value, judging from your logs its just OMCORE. This should be in the form cn=username,dc=za,dc=omlac,dc=net or whatever the exact path to your bind user is.
On 4 April 2014 12:41, Antonio Packery <antonio.pack...@t-systems.co.za> wrote: > No nullpointer exceptions that i can see. > > management-server.log extract with all lines containing the word ldap > attached. > > On 04/04/2014 01:12 PM, Suresh Sadhu wrote: > > Can you post the logs ,we used to log ldap transactions in management log. > Are you hitting any nullpointer exception. > > > Make sure active directory user has defined email address in AD. > > Regards > Sadhu > > > > -----Original Message----- > From: Ian Duffy [mailto:i...@ianduffy.ie] > Sent: 04 April 2014 16:24 > To: users@cloudstack.apache.org > Cc: Rajani Karuturi > Subject: Re: AD LDAP authentication failing post CS 4.2.1 to CS 4.3 upgrade > > CCing Rajani on this to see if she has any ideas..... > > If you haven't done so already can you try remove/re-add the LDAP server via > the UI. > >> Are there any logs in cloudstack that records the ldap activity? > > On failed adding of a LDAP server you will get a message back saying so and > the server will not add. > > On authentication failure of an ldap user it will appear in the cloudstack > logs. > > On 4 April 2014 11:47, Antonio Packery <antonio.pack...@t-systems.co.za> > wrote: >> Hi Ian, >> >> Change ldap.user.object to user but still no change. >> >> Busy sniffing the ldap server connection for any errors. >> >> Are there any logs in cloudstack that records the ldap activity? >> >> Regards >> Antonio >> >> On 04/04/2014 12:14 PM, Ian Duffy wrote: >> >> Interesting, they look OK. >> >> Can you change ldap.user.object to have the value user then restart >> the management server and check if things are back working as >> expected. >> >> Thanks, >> Ian >> >> >> On 4 April 2014 11:11, Antonio Packery >> <antonio.pack...@t-systems.co.za><mailto:antonio.pack...@t-systems.co.za> >> wrote: >>> Hi Ian, >>> >>> Here they are, ldap server via port 389 is being used. >>> >>> ldap.basedn The search base defines the starting point for the search >>> in the directory tree Example: dc=cloud,dc=com. dc=....dc=....,dc=... >>> ldap.bind.principal Specify the distinguished name of a user with the >>> search permission on the directory >>> CN=...,OU=...,DC=....,DC=.....,DC=..... >>> ldap.email.attribute Sets the email attribute used within LDAP mail >>> ldap.firstname.attribute Sets the firstname attribute used within LDAP >>> givenname >>> ldap.group.object Sets the object type of groups within LDAP >>> groupOfUniqueNames >>> ldap.group.user.uniquemember Sets the attribute for uniquemembers >>> within a group uniquemember >>> ldap.lastname.attribute Sets the lastname attribute used within LDAP >>> sn >>> ldap.search.group.principle Sets the principle of the group that users >>> must be a member of >>> ldap.truststore Enter the path to trusted keystore >>> ldap.truststore.password Enter the password for trusted keystore >>> ldap.user.object = inetOrgPerson >>> ldap.username.attribute = sAMAccountName >>> >>> Regards >>> Antonio >>> >>> On 04/04/2014 11:47 AM, Ian Duffy wrote: >>> >>> Hi Antonio, >>> >>> Can you confirm the values for the settings in global settings >>> starting with "ldap." >>> >>> Since you mentioned AD I'm specifically interested in >>> ldap.username.attribute and ldap.user.object >>> >>> Thanks, >>> Ian >>> >>> On 4 April 2014 10:36, Antonio Packery >>> <antonio.pack...@t-systems.co.za><mailto:antonio.pack...@t-systems.co.za><mailto:antonio.pack...@t-systems.co.za> >>> wrote: >>>> Hi, >>>> >>>> Since upgrading to CS 4.3 my AD LDAP authentication no longer works. >>>> All my previous do seem to have been retained but i am not able to import >>>> any LDAP users. >>>> >>>> Are there any log/configuration files i can check for errors? >>>> >>>> Also, any guidance on the correct syntac, ldap attributes to be using >>>> for AD would help. >>>> >>>> Regards >>>> Antonio >>>> >>>> >>>> >>>> Disclaimer: This message and/or attachment(s) may contain privileged, >>>> confidential and/or personal information. If you are not the intended >>>> recipient you may not disclose or distribute any of the information >>>> contained within this message. In such case you must destroy this message >>>> and inform the sender of the error. T-Systems does not accept liability for >>>> any errors, omissions, information and viruses contained in the >>>> transmission >>>> of this message. Any opinions, conclusions and other information contained >>>> within this message not related to T-Systems' official business is deemed >>>> to >>>> be that of the individual only and is not endorsed by T-Systems. >>>> >>>> This message and/or attachment(s) may contain privileged or >>>> confidential information. If you are not the intended recipient you >>>> may not disclose or distribute any of the information contained >>>> within this message. In such case you must destroy this message and >>>> inform the sender of the error. >>>> T-Systems does not accept liability for any errors, omissions, >>>> information and viruses contained in the transmission of this >>>> message. Any opinions, conclusions and other information contained >>>> within this message not related to T-Systems' official business is >>>> deemed to be that of the individual only and is not endorsed by >>>> T-Systems. >>>> >>>> T-Systems - Business Flexibility >>> >>> >>> Disclaimer: This message and/or attachment(s) may contain privileged, >>> confidential and/or personal information. If you are not the intended >>> recipient you may not disclose or distribute any of the information >>> contained within this message. In such case you must destroy this message >>> and inform the sender of the error. T-Systems does not accept liability for >>> any errors, omissions, information and viruses contained in the transmission >>> of this message. Any opinions, conclusions and other information contained >>> within this message not related to T-Systems' official business is deemed to >>> be that of the individual only and is not endorsed by T-Systems. >>> >>> This message and/or attachment(s) may contain privileged or >>> confidential information. If you are not the intended recipient you >>> may not disclose or distribute any of the information contained >>> within this message. In such case you must destroy this message and >>> inform the sender of the error. >>> T-Systems does not accept liability for any errors, omissions, >>> information and viruses contained in the transmission of this >>> message. Any opinions, conclusions and other information contained >>> within this message not related to T-Systems' official business is >>> deemed to be that of the individual only and is not endorsed by >>> T-Systems. >>> >>> T-Systems - Business Flexibility >> >> >> Disclaimer: This message and/or attachment(s) may contain privileged, >> confidential and/or personal information. If you are not the intended >> recipient you may not disclose or distribute any of the information >> contained within this message. In such case you must destroy this message >> and inform the sender of the error. T-Systems does not accept liability for >> any errors, omissions, information and viruses contained in the transmission >> of this message. Any opinions, conclusions and other information contained >> within this message not related to T-Systems' official business is deemed to >> be that of the individual only and is not endorsed by T-Systems. >> >> This message and/or attachment(s) may contain privileged or >> confidential information. If you are not the intended recipient you >> may not disclose or distribute any of the information contained within >> this message. In such case you must destroy this message and inform the >> sender of the error. >> T-Systems does not accept liability for any errors, omissions, >> information and viruses contained in the transmission of this message. >> Any opinions, conclusions and other information contained within this >> message not related to T-Systems' official business is deemed to be >> that of the individual only and is not endorsed by T-Systems. >> >> T-Systems - Business Flexibility > > > > Disclaimer: This message and/or attachment(s) may contain privileged, > confidential and/or personal information. If you are not the intended > recipient you may not disclose or distribute any of the information > contained within this message. In such case you must destroy this message > and inform the sender of the error. T-Systems does not accept liability for > any errors, omissions, information and viruses contained in the transmission > of this message. Any opinions, conclusions and other information contained > within this message not related to T-Systems' official business is deemed to > be that of the individual only and is not endorsed by T-Systems.
