I will play with more this week and definitely will open one if reproducible.
Thank you for the heads up 😊.
Regards,
Jordan
-----Original Message-----
From: Daan Hoogland <daan.hoogl...@gmail.com>
Sent: Monday, May 31, 2021 10:31 AM
To: users <users@cloudstack.apache.org>
Subject: Re: when removing an account linked to ldap and re-adding it, login
fails
[X] This message came from outside your organization
ok Jordan,
tnx, if you can reproduce, please enter an issue on github.
On Mon, May 31, 2021 at 9:19 AM Yordan Kostov <yord...@nsogroup.com> wrote:
> Hello Dan,
>
> No it is 4.15 installation connection to XCP-NG cluster.
> All I did is a lot of testing - creating domains + accounts
> connected to LDAP and then deleting them.
> At some point that issue occurred.
>
> Best regards,
> Jordan
>
> -----Original Message-----
> From: Daan Hoogland <daan.hoogl...@gmail.com>
> Sent: Monday, May 31, 2021 10:08 AM
> To: users <users@cloudstack.apache.org>
> Subject: Re: when removing an account linked to ldap and re-adding it,
> login fails
>
>
> [X] This message came from outside your organization
>
>
> Tnx for reporting Yordan,
> Just one question, This issue you link to is supposed to have been
> solved in 4.14, did you create and delete the account before in an older
> version?
> tnx
>
> On Fri, May 28, 2021 at 3:59 PM Yordan Kostov <yord...@nsogroup.com>
> wrote:
>
> > Figured it out.
> > For anyone having this issue:
> >
> > Go to "ldap_trust_map" and correlate the entries with the accounts
> > in "Account" table.
> > Delete the irrelevant ones in "ldap_trust_map" and login is successful.
> >
> > Regards,
> > Jordan
> >
> >
> > -----Original Message-----
> > From: Yordan Kostov <yord...@nsogroup.com>
> > Sent: Friday, May 28, 2021 4:43 PM
> > To: users@cloudstack.apache.org
> > Subject: when removing an account linked to ldap and re-adding it,
> > login fails
> >
> >
> > [X] This message came from outside your organization
> >
> >
> > Hey everyone,
> >
> > ACD version 4.15.
> >
> > I am playing with LDAP and after some tests I cannot
> > login with ldap account anymore.
> > This is what I get as error messages:
> >
> > 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01'
> > is mapped to more then one account in domain and will be disabled.
> > 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2
> > auth for
> > user: acstest01
> > 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find
> > user with acstest01 in domain 18, or user source is not SAML2
> > 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to
> > authenticate user with username acstest01 in domain 18
> > 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find
> > an user with username acstest01 in domain 18
> > 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01
> > in domain 18 has failed to log in
> > 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet]
> > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication
> failure:
> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed
> > to authenticate user acstest01 in domain 18; please provide valid
> > credentials"}}
> >
> > I have only 1 account mapped in that domain so from
> > what I see it looks like this issue here ->
> > https://urldefense.com/v3/__https://github.com/apache/cloudstack/iss
> > ue
> > s/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkz
> > TT
> > a7A6dNOdYWqn$
> >
> > Any idea what should be cleaned in the DB to allow
> > login
> ?
> >
> > Regards,
> > Jordan
> >
> > <font size="2"><font color="#D8D8D8">11!</font>
> >
> >
>
> --
> Daan
>
--
Daan
