cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sadhu suresh (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (CLOUDSTACK-3344) ldap:UI:sending wrong query filter(converting &symbol to "amp&")during ldapconfig through UI[due to this ldap users fail to login]
Date Wed, 24 Jul 2013 10:03:48 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-3344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

sadhu suresh reopened CLOUDSTACK-3344:
--------------------------------------


its still storing the amp symbol in the database
did ldapconfig both from UI and API and seeing different value for query filter

http://10.147.59.126:8080/client/api?command=ldapConfig&binddn=CN%3Dtest%2CCN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&bindpass=aaaa_1111&hostname=10.147.38.163&searchbase=CN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&queryfilter=(%26amp%3B(mail%3D%25e))&port=389&ssl=false&response=json&sessionkey=4LZTbD5qussoVFfeWXKl9KFX1cE%3D&_=1374659477752

{ "ldapconfigresponse" :  { "ldapconfig" : {"hostname":"10.147.38.163","port":"389","ssl":"false","searchbase":"CN=Users,DC=hyd-qa,DC=com","queryfilter":"(&amp;(mail=%e))","binddn":"CN=test,CN=Users,DC=hyd-qa,DC=com"}
}  }


when you refresh ,then amp is not shown in UI  but db has "amp" entry due to this fail to
login  with ldap credentials


mysql> select * from configuration where name like "%ldap%";
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| category | instance | component         | name                | value                  
                                         | description                                   
                                                            |
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| Hidden   | DEFAULT  | management-server | ldap.dn             | Xnd5TE6D7NCEh++h1fxc2RAWttBINHxVXXjeAHuTaplBA+9cqV8LBfRapaVyuwDM
| Specify the distinguished name of a user with the search permission on the directory   
                   |
| Hidden   | DEFAULT  | management-server | ldap.hostname       | DcgL+LoqA0k+sxbkl44EyFDhQSNQTBuf
                                | Hostname or ip address of the ldap server eg: my.ldap.com
                                                 |
| Hidden   | DEFAULT  | management-server | ldap.passwd         | aOS33EI72htwV4eGHDhqBs+hm9oa3ccO
                                | Enter the password                                     
                                                   |
| Hidden   | DEFAULT  | management-server | ldap.port           | BMugS6+mkm16JjYLiMwONA==
                                        | Specify the LDAP port if required, default is 389
                                                         |
| Hidden   | DEFAULT  | management-server | ldap.queryfilter    | WLGxV6IvIk40k3vseoBddBptKgfGVqsijX5eMZZCvbQ=
                    | You specify a query filter here, which narrows down the users, who can
be part of this domain              |
| Hidden   | DEFAULT  | management-server | ldap.searchbase     | XIIcnKfUkit/7KupE9ygGiUXYM9aVJTjc+Ineh3TP3/GqPo0Y6o/tQ==
        | The search base defines the starting point for the search in the directory tree
Example:  dc=cloud,dc=com. |
| Hidden   | DEFAULT  | management-server | ldap.truststore     | NULL                   
                                         | Enter the path to trusted keystore            
                                                            |
| Hidden   | DEFAULT  | management-server | ldap.truststorepass | NULL                   
                                         | Enter the password for trusted keystore       
                                                            |
| Hidden   | DEFAULT  | management-server | ldap.usessl         | ODc2oltFwKde3E981qlYfA==
                                        | Check Use SSL if the external LDAP server is configured
for LDAP over SSL.                                 |
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
9 rows in set (0.01 sec)

mysql> WLGxV6IvIk40k3vseoBddBptKgfGVqsijX5eMZZCvbQ=;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near 'WLGxV6IvIk40k3vseoBddBptKgfGVqsijX5eMZZCvbQ='
at line 1
mysql> select * from configuration where name like "%ldap%";
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| category | instance | component         | name                | value                  
                                         | description                                   
                                                            |
+----------+----------+-------------------+---------------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| Hidden   | DEFAULT  | management-server | ldap.dn             | pIHsAEwwK3CM1eet4iXWFfQcKyTTazZapchHj1n9NhuX8PM041r4imJ70xs02VUH
| Specify the distinguished name of a user with the search permission on the directory   
                   |
| Hidden   | DEFAULT  | management-server | ldap.hostname       | CxFBUxDhjDBNLVCVpqfB3hYH2VE/OqfA
                                | Hostname or ip address of the ldap server eg: my.ldap.com
                                                 |
| Hidden   | DEFAULT  | management-server | ldap.passwd         | pWsY95KvE9VgIiOGprzicAodfG7Id2eV
                                | Enter the password                                     
                                                   |
| Hidden   | DEFAULT  | management-server | ldap.port           | 7XNDI3wIygItDC1KVlozFQ==
                                        | Specify the LDAP port if required, default is 389
                                                         |
| Hidden   | DEFAULT  | management-server | ldap.queryfilter    | 4gOKtbj7OrrL9FCiUMz77HWZqCT571fO
                                | You specify a query filter here, which narrows down the
users, who can be part of this domain              |
| Hidden   | DEFAULT  | management-server | ldap.searchbase     | BObuJmv6qeZQK8Z7XqXIyYqA+ic/9bsVieTdk/BdT1hNSZAhltgANA==
        | The search base defines the starting point for the search in the directory tree
Example:  dc=cloud,dc=com. |
| Hidden   | DEFAULT  | management-server | ldap.truststore     | NULL                   
                                         | Enter the path to trusted keystore            
                                                            |
| Hidden   | DEFAULT  | management-server | ldap.truststorepass | NULL                   
                                         | Enter the password for trusted keystore       
                                                            |
| Hidden   | DEFAULT  | management-server | ldap.usessl         | 1PocqtT15b9Q+tMpItl8MQ==
                                        | Check Use SSL if the external LDAP server is configured
for LDAP over SSL.                                 |
+----------+----------+-------------------+---------------------+---------------


                
> ldap:UI:sending wrong query filter(converting &symbol to "amp&")during ldapconfig
through UI[due to this ldap users fail to login]
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-3344
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3344
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: UI
>    Affects Versions: 4.2.0
>            Reporter: sadhu suresh
>            Assignee: Ian Duffy
>            Priority: Critical
>             Fix For: 4.2.0
>
>         Attachments: screenshot_ldap_ui.png
>
>
> Steps:
> 1. Configured the LDAP through UI by providing query filter as email (eg:(&(mail=%e)))
> 2.check the configured values 
> Actual result:
> its converting & symbol into amp& while configuring the ldap through UI due to
this  ldap users fail to login.
> through API ,its working fine.this is the only problem with UI side where they converting
"&" symbolto "amp&"
> API fired while performing ldapconfig through UI:
> http://10.147.59.119:8080/client/api?command=ldapConfig&binddn=CN%3Dtest%2CCN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&bindpass=aaaa_1111&hostname=10.147.38.163&searchbase=CN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&queryfilter=(%26(mail%3D%25e))&port=389&ssl=false&response=json&sessionkey=zlWVnEF2HA3R4ekSa8kDXaZrY5k%3D&_=1372835435077
> { "ldapconfigresponse" :  { "ldapconfig" : {"hostname":"10.147.38.163","port":"389","ssl":"false","searchbase":"CN=Users,DC=hyd-qa,DC=com","queryfilter":"(&amp;(mail=%e))","binddn":"CN=test,CN=Users,DC=hyd-qa,DC=com"}
}  }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message