Sure Daan, Thanks for the quicker fix. ill test and keep you posted by tuesday
Regards Shyam On Fri, Mar 30, 2018 at 2:42 PM, Daan Hoogland <daan.hoogl...@gmail.com> wrote: > Shyam, Javier, > > I found and fixed a bug, There is a PR out [1]. Are you able to test this? > meaning creating your own package from that branch and trying? > In the end it wasn't an AD specific bug but had to do with non-synced > accounts. Unfortunately there was no test case for it. If it works it will > go into 4.11.1. > > [1] https://github.com/apache/cloudstack/pull/2517 > > > On Fri, Mar 23, 2018 at 10:10 AM, Daan Hoogland <daan.hoogl...@gmail.com> > wrote: > > > Shyam, please do raise a bug. I will not start on this immediately but > > this does need fixing. Can you leave all relevant data in the ticket, > like > > logs and traces? > > > > On Wed, Mar 21, 2018 at 10:30 AM, Daan Hoogland <daan.hoogl...@gmail.com > > > > wrote: > > > >> ok, Javier and Shyam. This definitely sound like a bug. I have no idea > >> what might be the case and have to look. Can you enter and issue with > >> relevant data? > >> > >> On Tue, Mar 20, 2018 at 4:36 PM, Javier Rodríguez Caquilala < > >> javier.caquil...@adderglobal.com> wrote: > >> > >>> > >>> Hi Shyam, > >>> I have the same problem with AD authentication. My platform was working > >>> perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't > login > >>> with LDAP users but I can list ldap users in "Add LDAP account". In > log I > >>> get the following error: > >>> Authentication failure: {"loginresponse":{"uuidList":[ > >>> ],"errorcode":531,"errortext":"Failed to authenticate user > >>> jav...@adderglobal.com in domain 1; please provide valid > credentials"}} > >>> > >>> I check with tcpdump the communication between cloudstack-management > and > >>> AD and I find cloudstack send correctly a bindRequest and AD response > was > >>> success so I think cloudstack is not interpreting the response in the > right > >>> way. > >>> > >>> > >>> > >>> > >>> LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU= > XXXX,DC=XXXX,DC=XXXX" > >>> password > >>> > >>> LDAPMEssage bindResponse(1) "success" > >>> > >>> > >>> > >>> > >>> I compare the bind request and bindResponse in Cloudstack 4.9.2 and it > >>> looks like the same request an response. > >>> > >>> Regards, > >>> Javier > >>> > >>> > >>> -----Mensaje original----- > >>> > De: "soundar rajan" <bsoundara...@gmail.com> > >>> > A: users@cloudstack.apache.org > >>> > Fecha: 20/03/18 12:59 > >>> > Asunto: Re: Not able to authenticate using microsoft AD > >>> > > >>> > sometime while restarting i am getting this information > >>> > > >>> > Did not find configuration ldap.username.attribute in Config.java. > >>> Perhaps > >>> > moved to ConfigDepot > >>> > > >>> > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan < > bsoundara...@gmail.com > >>> > > >>> > wrote: > >>> > > >>> > > yes its microsoftad and all the required parameters are configured > >>> > > correctly > >>> > > > >>> > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland < > >>> daan.hoogl...@gmail.com> > >>> > > wrote: > >>> > > > >>> > >> Shyam, your reply to Rajani doesn't seem to include any settings. > >>> most > >>> > >> particularly what is the value of 'ldap.provider'? > >>> > >> > >>> > >> > >>> > >> > >>> > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan < > >>> bsoundara...@gmail.com> > >>> > >> wrote: > >>> > >> > >>> > >> > Hi Daan, > >>> > >> > > >>> > >> > Please find the log > >>> > >> > > >>> > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl] > >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to > log > >>> in > >>> > >> user: > >>> > >> > shyam.soundar in domain 1 > >>> > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory] > >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing > ldap > >>> with > >>> > >> > provider url: ldap://172.xx.xx.11:389 > >>> > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory] > >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing > ldap > >>> with > >>> > >> > provider url: ldap://172.xx.xx.11:389 > >>> > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl] > >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to > >>> authenticate > >>> > >> user > >>> > >> > with username shyam.soundar in domain 1 > >>> > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl] > >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: > >>> shyam.soundar in > >>> > >> > domain 1 has failed to log in > >>> > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet] > >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication > >>> failure: > >>> > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext": > "Failed > >>> to > >>> > >> > authenticate user shyam.soundar in domain 1; please provide > valid > >>> > >> > credentials"}} > >>> > >> > > >>> > >> > Regards > >>> > >> > Shyam > >>> > >> > > >>> > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland < > >>> > >> daan.hoogl...@gmail.com> > >>> > >> > wrote: > >>> > >> > > >>> > >> > > not at first glance no, it can be a configuration or a code > >>> bug. Can > >>> > >> you > >>> > >> > > find anything in the logs around the moment of the login? > >>> > >> > > > >>> > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan < > >>> > >> bsoundara...@gmail.com> > >>> > >> > > wrote: > >>> > >> > > > >>> > >> > > > Hi Daan, > >>> > >> > > > > >>> > >> > > > I dont see any request hitting our domain controller while > >>> logging > >>> > >> > but i > >>> > >> > > > am able to import all users. Any idea. > >>> > >> > > > > >>> > >> > > > Regards > >>> > >> > > > Shyam > >>> > >> > > > > >>> > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland < > >>> > >> > daan.hoogl...@gmail.com > >>> > >> > > > > >>> > >> > > > wrote: > >>> > >> > > > > >>> > >> > > > > Shyam, do you have any related log message, preferably > with > >>> stack > >>> > >> > trace > >>> > >> > > > > that is related? Do you see that request are coming in on > >>> your AD? > >>> > >> > > > > > >>> > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan < > >>> > >> > > bsoundara...@gmail.com> > >>> > >> > > > > wrote: > >>> > >> > > > > > >>> > >> > > > > > Please find the error message > >>> > >> > > > > > > >>> > >> > > > > > Authentication failure: > >>> > >> > > > > > {"loginresponse":{"uuidList":[ > >>> ],"errorcode":531,"errortext": > >>> > >> > "Failed > >>> > >> > > to > >>> > >> > > > > > authenticate user shyam.soundar in domain 1; please > >>> provide > >>> > >> valid > >>> > >> > > > > > credentials"}} > >>> > >> > > > > > > >>> > >> > > > > > > >>> > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan < > >>> > >> > > bsoundara...@gmail.com > >>> > >> > > > > > >>> > >> > > > > > wrote: > >>> > >> > > > > > > >>> > >> > > > > > > Hi, > >>> > >> > > > > > > > >>> > >> > > > > > > Version i use is 4.11 > >>> > >> > > > > > > > >>> > >> > > > > > > Regards > >>> > >> > > > > > > Shyam > >>> > >> > > > > > > > >>> > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland < > >>> > >> > > > > daan.hoogl...@gmail.com> > >>> > >> > > > > > > wrote: > >>> > >> > > > > > > > >>> > >> > > > > > >> Shyam, sorry to hear. What versions are you using? > >>> > >> > > > > > >> > >>> > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan < > >>> > >> > > > > bsoundara...@gmail.com > >>> > >> > > > > > > > >>> > >> > > > > > >> wrote: > >>> > >> > > > > > >> > >>> > >> > > > > > >> > Hi ALL, > >>> > >> > > > > > >> > > >>> > >> > > > > > >> > I have successfully configured Active directory and > >>> able to > >>> > >> > > import > >>> > >> > > > > the > >>> > >> > > > > > >> > users to cloudstack. > >>> > >> > > > > > >> > > >>> > >> > > > > > >> > But users is not able to login with there domain > >>> > >> credentials > >>> > >> > do > >>> > >> > > i > >>> > >> > > > > miss > >>> > >> > > > > > >> > anything in the configuration? > >>> > >> > > > > > >> > > >>> > >> > > > > > >> > Regards > >>> > >> > > > > > >> > Shyam > >>> > >> > > > > > >> > > >>> > >> > > > > > >> > >>> > >> > > > > > >> > >>> > >> > > > > > >> > >>> > >> > > > > > >> -- > >>> > >> > > > > > >> Daan > >>> > >> > > > > > >> > >>> > >> > > > > > > > >>> > >> > > > > > > > >>> > >> > > > > > > >>> > >> > > > > > >>> > >> > > > > > >>> > >> > > > > > >>> > >> > > > > -- > >>> > >> > > > > Daan > >>> > >> > > > > > >>> > >> > > > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > > -- > >>> > >> > > Daan > >>> > >> > > > >>> > >> > > >>> > >> > >>> > >> > >>> > >> > >>> > >> -- > >>> > >> Daan > >>> > >> > >>> > > > >>> > > > >>> > >>> > >> > >> > >> -- > >> Daan > >> > > > > > > > > -- > > Daan > > > > > > -- > Daan >
