RE: when removing an account linked to ldap and re-adding it, login fails
I will play with more this week and definitely will open one if reproducible. Thank you for the heads up 😊. Regards, Jordan -Original Message- From: Daan Hoogland Sent: Monday, May 31, 2021 10:31 AM To: users Subject: Re: when removing an account linked to ldap and re-adding it, login fails [X] This message came from outside your organization ok Jordan, tnx, if you can reproduce, please enter an issue on github. On Mon, May 31, 2021 at 9:19 AM Yordan Kostov wrote: > Hello Dan, > > No it is 4.15 installation connection to XCP-NG cluster. > All I did is a lot of testing - creating domains + accounts > connected to LDAP and then deleting them. > At some point that issue occurred. > > Best regards, > Jordan > > -Original Message- > From: Daan Hoogland > Sent: Monday, May 31, 2021 10:08 AM > To: users > Subject: Re: when removing an account linked to ldap and re-adding it, > login fails > > > [X] This message came from outside your organization > > > Tnx for reporting Yordan, > Just one question, This issue you link to is supposed to have been > solved in 4.14, did you create and delete the account before in an older > version? > tnx > > On Fri, May 28, 2021 at 3:59 PM Yordan Kostov > wrote: > > > Figured it out. > > For anyone having this issue: > > > > Go to "ldap_trust_map" and correlate the entries with the accounts > > in "Account" table. > > Delete the irrelevant ones in "ldap_trust_map" and login is successful. > > > > Regards, > > Jordan > > > > > > -----Original Message- > > From: Yordan Kostov > > Sent: Friday, May 28, 2021 4:43 PM > > To: users@cloudstack.apache.org > > Subject: when removing an account linked to ldap and re-adding it, > > login fails > > > > > > [X] This message came from outside your organization > > > > > > Hey everyone, > > > > ACD version 4.15. > > > > I am playing with LDAP and after some tests I cannot > > login with ldap account anymore. > > This is what I get as error messages: > > > > 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' > > is mapped to more then one account in domain and will be disabled. > > 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 > > auth for > > user: acstest01 > > 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find > > user with acstest01 in domain 18, or user source is not SAML2 > > 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to > > authenticate user with username acstest01 in domain 18 > > 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find > > an user with username acstest01 in domain 18 > > 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 > > in domain 18 has failed to log in > > 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication > failure: > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed > > to authenticate user acstest01 in domain 18; please provide valid > > credentials"}} > > > > I have only 1 account mapped in that domain so from > > what I see it looks like this issue here -> > > https://urldefense.com/v3/__https://github.com/apache/cloudstack/iss > > ue > > s/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkz > > TT > > a7A6dNOdYWqn$ > > > > Any idea what should be cleaned in the DB to allow > > login > ? > > > > Regards, > > Jordan > > > > 11! > > > > > > -- > Daan > -- Daan
Re: when removing an account linked to ldap and re-adding it, login fails
ok Jordan, tnx, if you can reproduce, please enter an issue on github. On Mon, May 31, 2021 at 9:19 AM Yordan Kostov wrote: > Hello Dan, > > No it is 4.15 installation connection to XCP-NG cluster. > All I did is a lot of testing - creating domains + accounts > connected to LDAP and then deleting them. > At some point that issue occurred. > > Best regards, > Jordan > > -Original Message- > From: Daan Hoogland > Sent: Monday, May 31, 2021 10:08 AM > To: users > Subject: Re: when removing an account linked to ldap and re-adding it, > login fails > > > [X] This message came from outside your organization > > > Tnx for reporting Yordan, > Just one question, This issue you link to is supposed to have been solved > in 4.14, did you create and delete the account before in an older version? > tnx > > On Fri, May 28, 2021 at 3:59 PM Yordan Kostov > wrote: > > > Figured it out. > > For anyone having this issue: > > > > Go to "ldap_trust_map" and correlate the entries with the accounts in > > "Account" table. > > Delete the irrelevant ones in "ldap_trust_map" and login is successful. > > > > Regards, > > Jordan > > > > > > -Original Message----- > > From: Yordan Kostov > > Sent: Friday, May 28, 2021 4:43 PM > > To: users@cloudstack.apache.org > > Subject: when removing an account linked to ldap and re-adding it, > > login fails > > > > > > [X] This message came from outside your organization > > > > > > Hey everyone, > > > > ACD version 4.15. > > > > I am playing with LDAP and after some tests I cannot > > login with ldap account anymore. > > This is what I get as error messages: > > > > 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' > > is mapped to more then one account in domain and will be disabled. > > 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth > > for > > user: acstest01 > > 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find > > user with acstest01 in domain 18, or user source is not SAML2 > > 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to > > authenticate user with username acstest01 in domain 18 > > 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an > > user with username acstest01 in domain 18 > > 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in > > domain 18 has failed to log in > > 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet] > > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication > failure: > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to > > authenticate user acstest01 in domain 18; please provide valid > > credentials"}} > > > > I have only 1 account mapped in that domain so from > > what I see it looks like this issue here -> > > https://urldefense.com/v3/__https://github.com/apache/cloudstack/issue > > s/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTT > > a7A6dNOdYWqn$ > > > > Any idea what should be cleaned in the DB to allow login > ? > > > > Regards, > > Jordan > > > > 11! > > > > > > -- > Daan > -- Daan
RE: when removing an account linked to ldap and re-adding it, login fails
Hello Dan, No it is 4.15 installation connection to XCP-NG cluster. All I did is a lot of testing - creating domains + accounts connected to LDAP and then deleting them. At some point that issue occurred. Best regards, Jordan -Original Message- From: Daan Hoogland Sent: Monday, May 31, 2021 10:08 AM To: users Subject: Re: when removing an account linked to ldap and re-adding it, login fails [X] This message came from outside your organization Tnx for reporting Yordan, Just one question, This issue you link to is supposed to have been solved in 4.14, did you create and delete the account before in an older version? tnx On Fri, May 28, 2021 at 3:59 PM Yordan Kostov wrote: > Figured it out. > For anyone having this issue: > > Go to "ldap_trust_map" and correlate the entries with the accounts in > "Account" table. > Delete the irrelevant ones in "ldap_trust_map" and login is successful. > > Regards, > Jordan > > > -Original Message- > From: Yordan Kostov > Sent: Friday, May 28, 2021 4:43 PM > To: users@cloudstack.apache.org > Subject: when removing an account linked to ldap and re-adding it, > login fails > > > [X] This message came from outside your organization > > > Hey everyone, > > ACD version 4.15. > > I am playing with LDAP and after some tests I cannot > login with ldap account anymore. > This is what I get as error messages: > > 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' > is mapped to more then one account in domain and will be disabled. > 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth > for > user: acstest01 > 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find > user with acstest01 in domain 18, or user source is not SAML2 > 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to > authenticate user with username acstest01 in domain 18 > 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an > user with username acstest01 in domain 18 > 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in > domain 18 has failed to log in > 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure: > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to > authenticate user acstest01 in domain 18; please provide valid > credentials"}} > > I have only 1 account mapped in that domain so from > what I see it looks like this issue here -> > https://urldefense.com/v3/__https://github.com/apache/cloudstack/issue > s/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTT > a7A6dNOdYWqn$ > > Any idea what should be cleaned in the DB to allow login ? > > Regards, > Jordan > > 11! > > -- Daan
Re: when removing an account linked to ldap and re-adding it, login fails
Tnx for reporting Yordan, Just one question, This issue you link to is supposed to have been solved in 4.14, did you create and delete the account before in an older version? tnx On Fri, May 28, 2021 at 3:59 PM Yordan Kostov wrote: > Figured it out. > For anyone having this issue: > > Go to "ldap_trust_map" and correlate the entries with the accounts in > "Account" table. > Delete the irrelevant ones in "ldap_trust_map" and login is successful. > > Regards, > Jordan > > > -Original Message- > From: Yordan Kostov > Sent: Friday, May 28, 2021 4:43 PM > To: users@cloudstack.apache.org > Subject: when removing an account linked to ldap and re-adding it, login > fails > > > [X] This message came from outside your organization > > > Hey everyone, > > ACD version 4.15. > > I am playing with LDAP and after some tests I cannot login > with ldap account anymore. > This is what I get as error messages: > > 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' is > mapped to more then one account in domain and will be disabled. > 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth for > user: acstest01 > 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find user > with acstest01 in domain 18, or user source is not SAML2 > 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to authenticate > user with username acstest01 in domain 18 > 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an user > with username acstest01 in domain 18 > 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in > domain 18 has failed to log in > 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet] > (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure: > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to > authenticate user acstest01 in domain 18; please provide valid > credentials"}} > > I have only 1 account mapped in that domain so from what > I see it looks like this issue here -> > https://urldefense.com/v3/__https://github.com/apache/cloudstack/issues/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTTa7A6dNOdYWqn$ > > Any idea what should be cleaned in the DB to allow login ? > > Regards, > Jordan > > 11! > > -- Daan
RE: when removing an account linked to ldap and re-adding it, login fails
Figured it out. For anyone having this issue: Go to "ldap_trust_map" and correlate the entries with the accounts in "Account" table. Delete the irrelevant ones in "ldap_trust_map" and login is successful. Regards, Jordan -Original Message- From: Yordan Kostov Sent: Friday, May 28, 2021 4:43 PM To: users@cloudstack.apache.org Subject: when removing an account linked to ldap and re-adding it, login fails [X] This message came from outside your organization Hey everyone, ACD version 4.15. I am playing with LDAP and after some tests I cannot login with ldap account anymore. This is what I get as error messages: 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' is mapped to more then one account in domain and will be disabled. 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth for user: acstest01 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find user with acstest01 in domain 18, or user source is not SAML2 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to authenticate user with username acstest01 in domain 18 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an user with username acstest01 in domain 18 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in domain 18 has failed to log in 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure: {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to authenticate user acstest01 in domain 18; please provide valid credentials"}} I have only 1 account mapped in that domain so from what I see it looks like this issue here -> https://urldefense.com/v3/__https://github.com/apache/cloudstack/issues/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTTa7A6dNOdYWqn$ Any idea what should be cleaned in the DB to allow login ? Regards, Jordan 11!
when removing an account linked to ldap and re-adding it, login fails
Hey everyone, ACD version 4.15. I am playing with LDAP and after some tests I cannot login with ldap account anymore. This is what I get as error messages: 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' is mapped to more then one account in domain and will be disabled. 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth for user: acstest01 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find user with acstest01 in domain 18, or user source is not SAML2 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to authenticate user with username acstest01 in domain 18 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an user with username acstest01 in domain 18 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in domain 18 has failed to log in 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure: {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to authenticate user acstest01 in domain 18; please provide valid credentials"}} I have only 1 account mapped in that domain so from what I see it looks like this issue here -> https://github.com/apache/cloudstack/issues/3661 Any idea what should be cleaned in the DB to allow login ? Regards, Jordan