Shyam, Javier, I found and fixed a bug, There is a PR out [1]. Are you able to test this? meaning creating your own package from that branch and trying? In the end it wasn't an AD specific bug but had to do with non-synced accounts. Unfortunately there was no test case for it. If it works it will go into 4.11.1.
[1] https://github.com/apache/cloudstack/pull/2517 On Fri, Mar 23, 2018 at 10:10 AM, Daan Hoogland <daan.hoogl...@gmail.com> wrote: > Shyam, please do raise a bug. I will not start on this immediately but > this does need fixing. Can you leave all relevant data in the ticket, like > logs and traces? > > On Wed, Mar 21, 2018 at 10:30 AM, Daan Hoogland <daan.hoogl...@gmail.com> > wrote: > >> ok, Javier and Shyam. This definitely sound like a bug. I have no idea >> what might be the case and have to look. Can you enter and issue with >> relevant data? >> >> On Tue, Mar 20, 2018 at 4:36 PM, Javier Rodríguez Caquilala < >> javier.caquil...@adderglobal.com> wrote: >> >>> >>> Hi Shyam, >>> I have the same problem with AD authentication. My platform was working >>> perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't login >>> with LDAP users but I can list ldap users in "Add LDAP account". In log I >>> get the following error: >>> Authentication failure: {"loginresponse":{"uuidList":[ >>> ],"errorcode":531,"errortext":"Failed to authenticate user >>> jav...@adderglobal.com in domain 1; please provide valid credentials"}} >>> >>> I check with tcpdump the communication between cloudstack-management and >>> AD and I find cloudstack send correctly a bindRequest and AD response was >>> success so I think cloudstack is not interpreting the response in the right >>> way. >>> >>> >>> >>> >>> LDAPMessage bindRequest(1) >>> "CN=javier,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX" >>> password >>> >>> LDAPMEssage bindResponse(1) "success" >>> >>> >>> >>> >>> I compare the bind request and bindResponse in Cloudstack 4.9.2 and it >>> looks like the same request an response. >>> >>> Regards, >>> Javier >>> >>> >>> -----Mensaje original----- >>> > De: "soundar rajan" <bsoundara...@gmail.com> >>> > A: users@cloudstack.apache.org >>> > Fecha: 20/03/18 12:59 >>> > Asunto: Re: Not able to authenticate using microsoft AD >>> > >>> > sometime while restarting i am getting this information >>> > >>> > Did not find configuration ldap.username.attribute in Config.java. >>> Perhaps >>> > moved to ConfigDepot >>> > >>> > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bsoundara...@gmail.com >>> > >>> > wrote: >>> > >>> > > yes its microsoftad and all the required parameters are configured >>> > > correctly >>> > > >>> > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland < >>> daan.hoogl...@gmail.com> >>> > > wrote: >>> > > >>> > >> Shyam, your reply to Rajani doesn't seem to include any settings. >>> most >>> > >> particularly what is the value of 'ldap.provider'? >>> > >> >>> > >> >>> > >> >>> > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan < >>> bsoundara...@gmail.com> >>> > >> wrote: >>> > >> >>> > >> > Hi Daan, >>> > >> > >>> > >> > Please find the log >>> > >> > >>> > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl] >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log >>> in >>> > >> user: >>> > >> > shyam.soundar in domain 1 >>> > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory] >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap >>> with >>> > >> > provider url: ldap://172.xx.xx.11:389 >>> > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory] >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap >>> with >>> > >> > provider url: ldap://172.xx.xx.11:389 >>> > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl] >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to >>> authenticate >>> > >> user >>> > >> > with username shyam.soundar in domain 1 >>> > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl] >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: >>> shyam.soundar in >>> > >> > domain 1 has failed to log in >>> > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet] >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication >>> failure: >>> > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed >>> to >>> > >> > authenticate user shyam.soundar in domain 1; please provide valid >>> > >> > credentials"}} >>> > >> > >>> > >> > Regards >>> > >> > Shyam >>> > >> > >>> > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland < >>> > >> daan.hoogl...@gmail.com> >>> > >> > wrote: >>> > >> > >>> > >> > > not at first glance no, it can be a configuration or a code >>> bug. Can >>> > >> you >>> > >> > > find anything in the logs around the moment of the login? >>> > >> > > >>> > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan < >>> > >> bsoundara...@gmail.com> >>> > >> > > wrote: >>> > >> > > >>> > >> > > > Hi Daan, >>> > >> > > > >>> > >> > > > I dont see any request hitting our domain controller while >>> logging >>> > >> > but i >>> > >> > > > am able to import all users. Any idea. >>> > >> > > > >>> > >> > > > Regards >>> > >> > > > Shyam >>> > >> > > > >>> > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland < >>> > >> > daan.hoogl...@gmail.com >>> > >> > > > >>> > >> > > > wrote: >>> > >> > > > >>> > >> > > > > Shyam, do you have any related log message, preferably with >>> stack >>> > >> > trace >>> > >> > > > > that is related? Do you see that request are coming in on >>> your AD? >>> > >> > > > > >>> > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan < >>> > >> > > bsoundara...@gmail.com> >>> > >> > > > > wrote: >>> > >> > > > > >>> > >> > > > > > Please find the error message >>> > >> > > > > > >>> > >> > > > > > Authentication failure: >>> > >> > > > > > {"loginresponse":{"uuidList":[ >>> ],"errorcode":531,"errortext": >>> > >> > "Failed >>> > >> > > to >>> > >> > > > > > authenticate user shyam.soundar in domain 1; please >>> provide >>> > >> valid >>> > >> > > > > > credentials"}} >>> > >> > > > > > >>> > >> > > > > > >>> > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan < >>> > >> > > bsoundara...@gmail.com >>> > >> > > > > >>> > >> > > > > > wrote: >>> > >> > > > > > >>> > >> > > > > > > Hi, >>> > >> > > > > > > >>> > >> > > > > > > Version i use is 4.11 >>> > >> > > > > > > >>> > >> > > > > > > Regards >>> > >> > > > > > > Shyam >>> > >> > > > > > > >>> > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland < >>> > >> > > > > daan.hoogl...@gmail.com> >>> > >> > > > > > > wrote: >>> > >> > > > > > > >>> > >> > > > > > >> Shyam, sorry to hear. What versions are you using? >>> > >> > > > > > >> >>> > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan < >>> > >> > > > > bsoundara...@gmail.com >>> > >> > > > > > > >>> > >> > > > > > >> wrote: >>> > >> > > > > > >> >>> > >> > > > > > >> > Hi ALL, >>> > >> > > > > > >> > >>> > >> > > > > > >> > I have successfully configured Active directory and >>> able to >>> > >> > > import >>> > >> > > > > the >>> > >> > > > > > >> > users to cloudstack. >>> > >> > > > > > >> > >>> > >> > > > > > >> > But users is not able to login with there domain >>> > >> credentials >>> > >> > do >>> > >> > > i >>> > >> > > > > miss >>> > >> > > > > > >> > anything in the configuration? >>> > >> > > > > > >> > >>> > >> > > > > > >> > Regards >>> > >> > > > > > >> > Shyam >>> > >> > > > > > >> > >>> > >> > > > > > >> >>> > >> > > > > > >> >>> > >> > > > > > >> >>> > >> > > > > > >> -- >>> > >> > > > > > >> Daan >>> > >> > > > > > >> >>> > >> > > > > > > >>> > >> > > > > > > >>> > >> > > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > -- >>> > >> > > > > Daan >>> > >> > > > > >>> > >> > > > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > > -- >>> > >> > > Daan >>> > >> > > >>> > >> > >>> > >> >>> > >> >>> > >> >>> > >> -- >>> > >> Daan >>> > >> >>> > > >>> > > >>> >>> >> >> >> -- >> Daan >> > > > > -- > Daan > -- Daan