What's the integrated API? Just no apikey. Any other requirements? Regards, Evan
-----Original Message----- From: heince kurniawan [mailto:hei...@gmail.com] Sent: Thursday, July 19, 2012 12:00 AM To: cloudstack-users@incubator.apache.org Subject: Re: ldapConfig API: Getting 401 unable to verify user credentials and/or request signature I also never succeed using apikey to set ldapConfig. Using the integrated API (without key) always works though. Regards, Heince On 19-Jul-2012, at 11:50 AM, Abhinandan Prateek wrote: > Bindpass should be unencrypted. > > The format of params is fine. > > The encoding should be as under: > > http://10.147.29.101:8096/client/api?command=ldapConfig&hostname=10.14 > 7.28.250&searchbase=OU%3Dcitrix%2COU%3DDomain%20Controllers%2CDC%3Dhyd > -qa&queryfilter=%28%26%28mail%3D%25e%29%29&binddn=CN%3DAdministrator%2 > CCN%3DUsers%2CDC%3Dhyd-qa&bindpass=xyzabc123&port=389&response=json > > note: the braces also get encoding. > > -abhi > >> -----Original Message----- >> From: Evan Miller [mailto:evan.mil...@citrix.com] >> Sent: Thursday, July 19, 2012 8:06 AM >> To: cloudstack-users@incubator.apache.org >> Subject: ldapConfig API: Getting 401 unable to verify user >> credentials and/or request signature >> >> Running CloudStack Management Server: >> v3.0.2.1 >> On: >> [root@cumulus management]# uname -a >> Linux cumulus.eng.citrite.net 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 >> 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux [root@cumulus >> management]# Hypervisor : >> XenServer v6.02 >> >> Hi: >> >> I am sure there is something not quite right with my syntax, but I >> can't isolate what it is. >> >> I am trying to run ldapConfig API. >> >> Here are the nonencoded variable values: >> >> &hostname=labscaler.eng.citrite.net >> &port=389 >> &ssl=false >> &searchbase=dc=automation,dc=com,ou=people >> &queryfilter=(&(uid=%u)) >> &binddn=dc=automation,dc=com,cn=admins,ou=labscaler >> &response=json >> >> And, the LDAP bind dn password is SHA encrypted like so: >> >> &bindpass=KEXF/g4zPdynLVqmtqqSPiJnLuJi0Ga1 >> >> And, here is my final url: >> >> http://10.217.5.192:8080/client/api?apikey=iFl88lw1Pk6gKqUIFPN8vzZbJN >> sUV >> dYGIJKBTEXtrymcIH5UWp9VHjgnpP_zCmaucmi8XmwK75TR70z- >> 2ayjGA&command=ldapConfig&hostname=labscaler.eng.citrite.net&port=38 >> 9&ssl=false&searchbase=dc%3Dautomation%2Cdc%3Dcom%2Cou%3Dpeople >> &queryfilter=%28%26%28uid%3D%25u%29%29&binddn=dc%3Dautomation% >> 2Cdc%3Dcom%2Ccn%3Dadmins%2Cou%3Dlabscaler&bindpass=KEXF/g4zPdyn >> LVqmtqqSPiJnLuJi0Ga1&response=json&signature=IiIdwQkuJFL5iHsX1ojWThc >> hnjk%3D >> >> The above url produces this error: >> >> { "ldapconfigresponse" : {"errorcode" : 401, "errortext" : "unable to >> verify user credentials and/or request signature"} } >> >> Is the SHA encryption of the bind dn password a problem? >> >> Or, is there a problem with the queryfilter? >> I am encodng it a bit before encoding the entire url and applying the >> signature. That is, here is how the queryfilter looks before full encoding: >> (%26(uid=%25u)) >> >> Initially I am translating the % and & before passing to my signing >> script - rather than have my script deal with it. >> >> >> Regards, >> >> Evan Miller >> >> Citrix Systems. Inc. >> Desktop and Cloud Engineering Infrastructure >> 4988 Great America Parkway >> Santa Clara, CA 95054 >
