Tnx for reporting Yordan,
Just one question, This issue you link to is supposed to have been solved
in 4.14, did you create and delete the account before in an older version?
tnx
On Fri, May 28, 2021 at 3:59 PM Yordan Kostov <yord...@nsogroup.com> wrote:
> Figured it out.
> For anyone having this issue:
>
> Go to "ldap_trust_map" and correlate the entries with the accounts in
> "Account" table.
> Delete the irrelevant ones in "ldap_trust_map" and login is successful.
>
> Regards,
> Jordan
>
>
> -----Original Message-----
> From: Yordan Kostov <yord...@nsogroup.com>
> Sent: Friday, May 28, 2021 4:43 PM
> To: users@cloudstack.apache.org
> Subject: when removing an account linked to ldap and re-adding it, login
> fails
>
>
> [X] This message came from outside your organization
>
>
> Hey everyone,
>
> ACD version 4.15.
>
> I am playing with LDAP and after some tests I cannot login
> with ldap account anymore.
> This is what I get as error messages:
>
> 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' is
> mapped to more then one account in domain and will be disabled.
> 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth for
> user: acstest01
> 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find user
> with acstest01 in domain 18, or user source is not SAML2
> 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to authenticate
> user with username acstest01 in domain 18
> 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an user
> with username acstest01 in domain 18
> 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in
> domain 18 has failed to log in
> 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure:
> {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> authenticate user acstest01 in domain 18; please provide valid
> credentials"}}
>
> I have only 1 account mapped in that domain so from what
> I see it looks like this issue here ->
> https://urldefense.com/v3/__https://github.com/apache/cloudstack/issues/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTTa7A6dNOdYWqn$
>
> Any idea what should be cleaned in the DB to allow login ?
>
> Regards,
> Jordan
>
> <font size="2"><font color="#D8D8D8">11!</font>
>
>
--
Daan
