RE: when removing an account linked to ldap and re-adding it, login fails

Fri, 28 May 2021 06:59:09 -0700 

Figured it out.
For anyone having this issue:
        
Go to "ldap_trust_map" and correlate the entries with the accounts in "Account" 
table.
Delete the irrelevant ones in "ldap_trust_map" and login is successful.

Regards,
Jordan 


-----Original Message-----
From: Yordan Kostov <yord...@nsogroup.com> 
Sent: Friday, May 28, 2021 4:43 PM
To: users@cloudstack.apache.org
Subject: when removing an account linked to ldap and re-adding it, login fails 


[X] This message came from outside your organization


Hey everyone,

                ACD version  4.15.

                I am playing with LDAP and after some tests I cannot login with 
ldap account anymore.
                This is what I get as error messages:

2021-05-28 15:31:40,645 INFO  [o.a.c.l.LdapAuthenticator] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' is mapped 
to more then one account in domain and will be disabled.
2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth for user: 
acstest01
2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find user with 
acstest01 in domain 18, or user source is not SAML2
2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to authenticate user 
with username acstest01 in domain 18
2021-05-28 15:31:40,647 WARN  [c.c.u.AccountManagerImpl] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an user with 
username acstest01 in domain 18
2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in domain 
18 has failed to log in
2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet] 
(qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure: 
{"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to 
authenticate user acstest01 in domain 18; please provide valid credentials"}}

                I have only 1 account mapped in that domain so from  what I see 
it looks like this issue here -> 
https://urldefense.com/v3/__https://github.com/apache/cloudstack/issues/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTTa7A6dNOdYWqn$

                Any idea what should be cleaned in the DB to allow login ?

Regards,
Jordan

<font size="2"><font color="#D8D8D8">11!</font>

Reply via email to