[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-1142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13570029#comment-13570029
 ] 

Mice Xia commented on CLOUDSTACK-1142:
--------------------------------------

Here is how i configured LDAP in CS 3.0.x, it is supposed to work in 4.0:
1) enable global configuration integration.port 8096
2) create accounts in both Cloudstack and Windows AD, with same email address 
(here i used email address to bind them)
3) send ldapconfig command with curl
curl 'http://localhost:8096/client/api?
command=ldapConfig
&hostname=172.16.1.15
&searchbase=OU%3DTest%2CDC%3Dtcloud%2CDC%3Dlocal
&binddn=CN%3DAdministrator%2CCN%3DUsers%2CDC%3Dtcloud%2CDC%3Dlocal
&queryfilter=%28%26%28mail%3D%25e%29%29
&bindpass=password
&port=389&response=json'

** please notice that special chars are url encoded **

4) change sharedFunction.js

- var md5Hashed = true; 
+ var md5Hashed = false;

4) login in UI with AD password

                
> Testing LDAP Auth Failed - due to "%" being illegal character in queryfilter
> ----------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-1142
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1142
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server
>    Affects Versions: 4.1.0
>         Environment: CentOS 6.3 with CloudStack 4.1 from git on 02/01/2013
>            Reporter: ilya musayev
>            Priority: Critical
>              Labels: LDAP
>
> While attempting to test the LdapConfig command, i was unable to succesefully 
> execute the API command due to 
> { "ldapconfigresponse" : 
> {"errorcode":431,"cserrorcode":9999,"errortext":"queryfilter could not be 
> decoded, received value (sAMAccountName=%u) which contains illegal characters 
> eg.%"} }
> This command i'm executing has worked successfully on 4.0, however its broken 
> in latest 4.1 from git. Everything has been encoded properly and i use 8096 
> to bypass auth mechanism.
> Is there a reason why "%" became an illegal character when i ran this 
> command? Please update the documentation if its no longer required to use "%" 
> as in (sAMAccountName=%u) in query filter with alternate solution.
> If i alter the query filter and make it such that  (sAMAccountName=u)  is no 
> longer there - it works.
> In my attempt to login with user that is on AD LDAP - i get this error:
> java.lang.NullPointerException
>       at 
> com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
>       at 
> com.sun.jndi.ldap.LdapNamingEnumeration.nextAux(LdapNamingEnumeration.java:263)
>       at 
> com.sun.jndi.ldap.LdapNamingEnumeration.nextImpl(LdapNamingEnumeration.java:254)
>       at 
> com.sun.jndi.ldap.LdapNamingEnumeration.next(LdapNamingEnumeration.java:202)
>       at 
> com.cloud.server.auth.LDAPUserAuthenticator.authenticate(LDAPUserAuthenticator.java:117)
>       at 
> com.cloud.user.AccountManagerImpl.getUserAccount(AccountManagerImpl.java:1901)
>       at 
> com.cloud.user.AccountManagerImpl.authenticateUser(AccountManagerImpl.java:1772)
>       at com.cloud.api.ApiServer.loginUser(ApiServer.java:763)
>       at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:218)
>       at com.cloud.api.ApiServlet.doPost(ApiServlet.java:76)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>       at 
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
>       at 
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
>       at 
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
>       at 
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
>       at 
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
>       at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
>       at 
> org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
>       at 
> org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
>       at 
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
>       at org.mortbay.jetty.Server.handle(Server.java:326)
>       at 
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
>       at 
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
>       at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
>       at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
>       at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
>       at 
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
>       at 
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Thanks
> ilya

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to