In that case its a bug right? Do you want me to raise a bug? On Thu, Mar 22, 2018 at 11:48 AM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote:
> Hi Shyam, > > > My bad, I thought this was SAML related. This is most like > openldap/ldap-plugin related changes. > > > - Rohit > > <https://cloudstack.apache.org> > > > > ________________________________ > From: soundar rajan <bsoundara...@gmail.com> > Sent: Wednesday, March 21, 2018 5:39:43 PM > To: users@cloudstack.apache.org > Subject: Re: Not able to authenticate using microsoft AD > > Hi rohit, > > Do we really need to do that for openldap and microsoft ad? We dont have > SSO server in place its direct ldap query to domain controller > > Regards > Shyam > > On Wed, Mar 21, 2018 at 2:38 PM, Rohit Yadav <rohit.ya...@shapeblue.com> > wrote: > > > All, > > > > > > Thanks for discussing and reporting this. After you've added a host, have > > you got your SAML user authorized against the IdP? The current SAML2 > plugin > > requires that authenticated users should be pre-authorized. > > > > > > - Rohit > > > > <https://cloudstack.apache.org> > > > > > > > > ________________________________ > > From: soundar rajan <bsoundara...@gmail.com> > > Sent: Wednesday, March 21, 2018 10:07:43 AM > > To: users@cloudstack.apache.org > > Subject: Re: Not able to authenticate using microsoft AD > > > > Yep Even i tried with tcpdump and able to see the request and respone. In > > that case its a bug in the 4.11 version i think. > > > > Regards > > Shyam > > > > On Tue, Mar 20, 2018 at 9:06 PM, Javier RodrÃguez Caquilala < > > javier.caquil...@adderglobal.com> wrote: > > > > > > > > Hi Shyam, > > > I have the same problem with AD authentication. My platform was working > > > perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't > > login > > > with LDAP users but I can list ldap users in "Add LDAP account". In > log I > > > get the following error: > > > Authentication failure: {"loginresponse":{"uuidList":[ > > > ],"errorcode":531,"errortext":"Failed to authenticate user > > > jav...@adderglobal.com in domain 1; please provide valid > credentials"}} > > > > > > I check with tcpdump the communication between cloudstack-management > and > > > AD and I find cloudstack send correctly a bindRequest and AD response > > was > > > success so I think cloudstack is not interpreting the response in the > > right > > > way. > > > > > > > > > > > > > > > LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU= > > XXXX,DC=XXXX,DC=XXXX" > > > password > > > > > > LDAPMEssage bindResponse(1) "success" > > > > > > > > > > > > > > > I compare the bind request and bindResponse in Cloudstack 4.9.2 and it > > > looks like the same request an response. > > > > > > Regards, > > > Javier > > > > > > > > > -----Mensaje original----- > > > > De: "soundar rajan" <bsoundara...@gmail.com> > > > > A: users@cloudstack.apache.org > > > > Fecha: 20/03/18 12:59 > > > > Asunto: Re: Not able to authenticate using microsoft AD > > > > > > > > sometime while restarting i am getting this information > > > > > > > > Did not find configuration ldap.username.attribute in Config.java. > > > Perhaps > > > > moved to ConfigDepot > > > > > > > > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan < > bsoundara...@gmail.com > > > > > > > wrote: > > > > > > > > > yes its microsoftad and all the required parameters are configured > > > > > correctly > > > > > > > > > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland < > > > daan.hoogl...@gmail.com> > > > > > wrote: > > > > > > > > > >> Shyam, your reply to Rajani doesn't seem to include any settings. > > most > > > > >> particularly what is the value of 'ldap.provider'? > > > > >> > > > > >> > > > > >> > > > > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan < > > > bsoundara...@gmail.com> > > > > >> wrote: > > > > >> > > > > >> > Hi Daan, > > > > >> > > > > > >> > Please find the log > > > > >> > > > > > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl] > > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to > log > > in > > > > >> user: > > > > >> > shyam.soundar in domain 1 > > > > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory] > > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing > ldap > > > with > > > > >> > provider url: ldap://172.xx.xx.11:389 > > > > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory] > > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing > ldap > > > with > > > > >> > provider url: ldap://172.xx.xx.11:389 > > > > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl] > > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to > > > authenticate > > > > >> user > > > > >> > with username shyam.soundar in domain 1 > > > > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl] > > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: > > shyam.soundar > > > in > > > > >> > domain 1 has failed to log in > > > > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet] > > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication > > > failure: > > > > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext": > > "Failed > > > to > > > > >> > authenticate user shyam.soundar in domain 1; please provide > valid > > > > >> > credentials"}} > > > > >> > > > > > >> > Regards > > > > >> > Shyam > > > > >> > > > > > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland < > > > > >> daan.hoogl...@gmail.com> > > > > >> > wrote: > > > > >> > > > > > >> > > not at first glance no, it can be a configuration or a code > bug. > > > Can > > > > >> you > > > > >> > > find anything in the logs around the moment of the login? > > > > >> > > > > > > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan < > > > > >> bsoundara...@gmail.com> > > > > >> > > wrote: > > > > >> > > > > > > >> > > > Hi Daan, > > > > >> > > > > > > > >> > > > I dont see any request hitting our domain controller while > > > logging > > > > >> > but i > > > > >> > > > am able to import all users. Any idea. > > > > >> > > > > > > > >> > > > Regards > > > > >> > > > Shyam > > > > >> > > > > > > > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland < > > > > >> > daan.hoogl...@gmail.com > > > > >> > > > > > > > >> > > > wrote: > > > > >> > > > > > > > >> > > > > Shyam, do you have any related log message, preferably > with > > > stack > > > > >> > trace > > > > >> > > > > that is related? Do you see that request are coming in on > > > your AD? > > > > >> > > > > > > > > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan < > > > > >> > > bsoundara...@gmail.com> > > > > >> > > > > wrote: > > > > >> > > > > > > > > >> > > > > > Please find the error message > > > > >> > > > > > > > > > >> > > > > > Authentication failure: > > > > >> > > > > > {"loginresponse":{"uuidList":[ > > > ],"errorcode":531,"errortext": > > > > >> > "Failed > > > > >> > > to > > > > >> > > > > > authenticate user shyam.soundar in domain 1; please > > provide > > > > >> valid > > > > >> > > > > > credentials"}} > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan < > > > > >> > > bsoundara...@gmail.com > > > > >> > > > > > > > > >> > > > > > wrote: > > > > >> > > > > > > > > > >> > > > > > > Hi, > > > > >> > > > > > > > > > > >> > > > > > > Version i use is 4.11 > > > > >> > > > > > > > > > > >> > > > > > > Regards > > > > >> > > > > > > Shyam > > > > >> > > > > > > > > > > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland < > > > > >> > > > > daan.hoogl...@gmail.com> > > > > >> > > > > > > wrote: > > > > >> > > > > > > > > > > >> > > > > > >> Shyam, sorry to hear. What versions are you using? > > > > >> > > > > > >> > > > > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan < > > > > >> > > > > bsoundara...@gmail.com > > > > >> > > > > > > > > > > >> > > > > > >> wrote: > > > > >> > > > > > >> > > > > >> > > > > > >> > Hi ALL, > > > > >> > > > > > >> > > > > > >> > > > > > >> > I have successfully configured Active directory and > > > able to > > > > >> > > import > > > > >> > > > > the > > > > >> > > > > > >> > users to cloudstack. > > > > >> > > > > > >> > > > > > >> > > > > > >> > But users is not able to login with there domain > > > > >> credentials > > > > >> > do > > > > >> > > i > > > > >> > > > > miss > > > > >> > > > > > >> > anything in the configuration? > > > > >> > > > > > >> > > > > > >> > > > > > >> > Regards > > > > >> > > > > > >> > Shyam > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > >> > > > > > >> > > > > >> > > > > > >> > > > > >> > > > > > >> -- > > > > >> > > > > > >> Daan > > > > >> > > > > > >> > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > -- > > > > >> > > > > Daan > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > -- > > > > >> > > Daan > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> -- > > > > >> Daan > > > > >> > > > > > > > > > > > > > > > > > > > > rohit.ya...@shapeblue.com > > www.shapeblue.com<http://www.shapeblue.com> > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > @shapeblue > > > > > > > > > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > >
