Uploaded image for project: 'CloudStack'
  1. CloudStack
  2. CLOUDSTACK-1213

Not able to integrate LDAP with SSL auth in cloudstack

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Invalid
    • Affects Version/s: 4.0.1
    • Fix Version/s: None
    • Component/s: API
    • Labels:
    • Environment:
      Ubuntu 12.04 x64

      Description

      I have cloudstack 4.0.1-incubating installed and running successfully.
      I tried to run api command using username login.

      step1
      user login
      http://hostname:8080/client/api?command=login&username=admin&password=md5hash

      output:
      { "loginresponse" :

      { "timeout" : "1800", "lastname" : "cloud", "registered" : "false", "username" : "admin", "firstname" : "admin", "domainid" : "blablabla", "type" : "1", "userid" : "blablabla", "sessionkey" : "blablalbla", "account" : "admin" }

      }

      few doubts about login
      Does userid is same as JsessionID..? if yes then
      Do we have to pass the Jsessionid along with the URL or the above would do..?
      else
      where can I find the Jsessionid..? (as it is not displaying in the above command)

      step2:

      when i run this
      http://hostname:8096/client/api?apikey=blablabla&bindn=%20cn%3DDirectory%20Manager&bindpass=password&command=ldapConfig&hostname=ldapserver&queryfilter=%28%26%28uid%3D%25u%29%29&port=636&searchbase=ou%3Dpeople%2Cdc%3Ddomain%2Cdc%3Dcom&sessionkey=blablabla&ssl=true&truststore=%2Fetc%2Fssl%2FNdomaincert.jks&truststorepass=password&response=json

      i get below error

      { "ldapconfigresponse" :

      {"uuidList":[],"errorcode":431,"cserrorcode":4490,"errortext":"Naming Exception, check you ldap data ! simple bind failed: LDAPserver:636Caused by:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

      }

      I tried to use the certification file(.crt) without password and gave this error.

      { "ldapconfigresponse" :

      {"uuidList":[],"errorcode":431,"cserrorcode":4490,"errortext":"If you plan to use SSL then you need to configure the trust store."}

      }

      is providing password necessary..?, or am i missing something..?
      do you have any better solution for this..? or at-least can redirect me to the place where I can get help to integrate LDAP with SSL into cloudstack.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              khmadhu madhusudan
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: