Hi rohit, Do we really need to do that for openldap and microsoft ad? We dont have SSO server in place its direct ldap query to domain controller
Regards Shyam On Wed, Mar 21, 2018 at 2:38 PM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > All, > > > Thanks for discussing and reporting this. After you've added a host, have > you got your SAML user authorized against the IdP? The current SAML2 plugin > requires that authenticated users should be pre-authorized. > > > - Rohit > > <https://cloudstack.apache.org> > > > > ________________________________ > From: soundar rajan <bsoundara...@gmail.com> > Sent: Wednesday, March 21, 2018 10:07:43 AM > To: users@cloudstack.apache.org > Subject: Re: Not able to authenticate using microsoft AD > > Yep Even i tried with tcpdump and able to see the request and respone. In > that case its a bug in the 4.11 version i think. > > Regards > Shyam > > On Tue, Mar 20, 2018 at 9:06 PM, Javier RodrÃguez Caquilala < > javier.caquil...@adderglobal.com> wrote: > > > > > Hi Shyam, > > I have the same problem with AD authentication. My platform was working > > perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't > login > > with LDAP users but I can list ldap users in "Add LDAP account". In log I > > get the following error: > > Authentication failure: {"loginresponse":{"uuidList":[ > > ],"errorcode":531,"errortext":"Failed to authenticate user > > jav...@adderglobal.com in domain 1; please provide valid credentials"}} > > > > I check with tcpdump the communication between cloudstack-management and > > AD and I find cloudstack send correctly a bindRequest and AD response > was > > success so I think cloudstack is not interpreting the response in the > right > > way. > > > > > > > > > > LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU= > XXXX,DC=XXXX,DC=XXXX" > > password > > > > LDAPMEssage bindResponse(1) "success" > > > > > > > > > > I compare the bind request and bindResponse in Cloudstack 4.9.2 and it > > looks like the same request an response. > > > > Regards, > > Javier > > > > > > -----Mensaje original----- > > > De: "soundar rajan" <bsoundara...@gmail.com> > > > A: users@cloudstack.apache.org > > > Fecha: 20/03/18 12:59 > > > Asunto: Re: Not able to authenticate using microsoft AD > > > > > > sometime while restarting i am getting this information > > > > > > Did not find configuration ldap.username.attribute in Config.java. > > Perhaps > > > moved to ConfigDepot > > > > > > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bsoundara...@gmail.com > > > > > wrote: > > > > > > > yes its microsoftad and all the required parameters are configured > > > > correctly > > > > > > > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland < > > daan.hoogl...@gmail.com> > > > > wrote: > > > > > > > >> Shyam, your reply to Rajani doesn't seem to include any settings. > most > > > >> particularly what is the value of 'ldap.provider'? > > > >> > > > >> > > > >> > > > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan < > > bsoundara...@gmail.com> > > > >> wrote: > > > >> > > > >> > Hi Daan, > > > >> > > > > >> > Please find the log > > > >> > > > > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl] > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log > in > > > >> user: > > > >> > shyam.soundar in domain 1 > > > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory] > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap > > with > > > >> > provider url: ldap://172.xx.xx.11:389 > > > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory] > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap > > with > > > >> > provider url: ldap://172.xx.xx.11:389 > > > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl] > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to > > authenticate > > > >> user > > > >> > with username shyam.soundar in domain 1 > > > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl] > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: > shyam.soundar > > in > > > >> > domain 1 has failed to log in > > > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet] > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication > > failure: > > > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext": > "Failed > > to > > > >> > authenticate user shyam.soundar in domain 1; please provide valid > > > >> > credentials"}} > > > >> > > > > >> > Regards > > > >> > Shyam > > > >> > > > > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland < > > > >> daan.hoogl...@gmail.com> > > > >> > wrote: > > > >> > > > > >> > > not at first glance no, it can be a configuration or a code bug. > > Can > > > >> you > > > >> > > find anything in the logs around the moment of the login? > > > >> > > > > > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan < > > > >> bsoundara...@gmail.com> > > > >> > > wrote: > > > >> > > > > > >> > > > Hi Daan, > > > >> > > > > > > >> > > > I dont see any request hitting our domain controller while > > logging > > > >> > but i > > > >> > > > am able to import all users. Any idea. > > > >> > > > > > > >> > > > Regards > > > >> > > > Shyam > > > >> > > > > > > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland < > > > >> > daan.hoogl...@gmail.com > > > >> > > > > > > >> > > > wrote: > > > >> > > > > > > >> > > > > Shyam, do you have any related log message, preferably with > > stack > > > >> > trace > > > >> > > > > that is related? Do you see that request are coming in on > > your AD? > > > >> > > > > > > > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan < > > > >> > > bsoundara...@gmail.com> > > > >> > > > > wrote: > > > >> > > > > > > > >> > > > > > Please find the error message > > > >> > > > > > > > > >> > > > > > Authentication failure: > > > >> > > > > > {"loginresponse":{"uuidList":[ > > ],"errorcode":531,"errortext": > > > >> > "Failed > > > >> > > to > > > >> > > > > > authenticate user shyam.soundar in domain 1; please > provide > > > >> valid > > > >> > > > > > credentials"}} > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan < > > > >> > > bsoundara...@gmail.com > > > >> > > > > > > > >> > > > > > wrote: > > > >> > > > > > > > > >> > > > > > > Hi, > > > >> > > > > > > > > > >> > > > > > > Version i use is 4.11 > > > >> > > > > > > > > > >> > > > > > > Regards > > > >> > > > > > > Shyam > > > >> > > > > > > > > > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland < > > > >> > > > > daan.hoogl...@gmail.com> > > > >> > > > > > > wrote: > > > >> > > > > > > > > > >> > > > > > >> Shyam, sorry to hear. What versions are you using? > > > >> > > > > > >> > > > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan < > > > >> > > > > bsoundara...@gmail.com > > > >> > > > > > > > > > >> > > > > > >> wrote: > > > >> > > > > > >> > > > >> > > > > > >> > Hi ALL, > > > >> > > > > > >> > > > > >> > > > > > >> > I have successfully configured Active directory and > > able to > > > >> > > import > > > >> > > > > the > > > >> > > > > > >> > users to cloudstack. > > > >> > > > > > >> > > > > >> > > > > > >> > But users is not able to login with there domain > > > >> credentials > > > >> > do > > > >> > > i > > > >> > > > > miss > > > >> > > > > > >> > anything in the configuration? > > > >> > > > > > >> > > > > >> > > > > > >> > Regards > > > >> > > > > > >> > Shyam > > > >> > > > > > >> > > > > >> > > > > > >> > > > >> > > > > > >> > > > >> > > > > > >> > > > >> > > > > > >> -- > > > >> > > > > > >> Daan > > > >> > > > > > >> > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > -- > > > >> > > > > Daan > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > -- > > > >> > > Daan > > > >> > > > > > >> > > > > >> > > > >> > > > >> > > > >> -- > > > >> Daan > > > >> > > > > > > > > > > > > > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > >
