Details
Major Description
When topology has
<param>
<name>main.ldapRealm.contextFactory.systemPassword</name>
<value>${ALIAS=knoxldapsystempassword}</value>
</param>
The validations fail as:
# /bin/knoxcli.sh system-user-auth-test --cluster ldapUsecase1Topo2
org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839]
For more information use --d for debug output.
Unable to successfully bind to LDAP server with topology credentials. Are your parameters correct?
# bin/knoxcli.sh user-auth-test --cluster ldapUsecase1Topo2 --u user1 --p Test123
org.apache.shiro.config.ConfigurationException: Unable to set property 'contextFactory.systemPassword' with value [S{ALIAS=knoxldapsystempassword}] on object of type org.apache.knox.gateway.shirorealm.KnoxLdapRealm. If 'S{ALIAS=knoxldapsystempassword}' is a reference to another (previously defined) object, prefix it with '$' to indicate that the referenced object should be used as the actual value. For example, $S{ALIAS=knoxldapsystempassword}
org.apache.knox.gateway.util.KnoxCLI$LDAPCommand$BadSubjectException: Subject could not be created with Shiro Config at sections=main,urls
For more information use --d for debug output.
ERR: Unable to authenticate user: user1
Note: we checked that the keystore has the right password value set:
# ${JAVA} GetValueFromJCEKS ${JCEKSFILE} ${JCEKSPASS} ${PW_ALIAS}
Test123
When the topology is configured with a plain password like:
<param>
<name>main.ldapRealm.contextFactory.systemPassword</name>
<value>Test123</value>
</param>
The validations run with no errors:
# bin/knoxcli.sh system-user-auth-test --cluster ldapUsecase1Topo3 System LDAP Bind successful. # bin/knoxcli.sh user-auth-test --cluster ldapUsecase1Topo3 --u user1 --p Test123 LDAP authentication successful!
Attachments
Issue Links
- links to
