cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhinandan Prateek <Abhinandan.Prat...@citrix.com>
Subject RE: ldapConfig API: Getting 401 unable to verify user credentials and/or request signature
Date Thu, 19 Jul 2012 03:50:50 GMT
Bindpass should be unencrypted.

The format of params is fine.

The encoding should be as under:

http://10.147.29.101:8096/client/api?command=ldapConfig&hostname=10.147.28.250&searchbase=OU%3Dcitrix%2COU%3DDomain%20Controllers%2CDC%3Dhyd-qa&queryfilter=%28%26%28mail%3D%25e%29%29&binddn=CN%3DAdministrator%2CCN%3DUsers%2CDC%3Dhyd-qa&bindpass=xyzabc123&port=389&response=json

note: the braces also get encoding.

-abhi

>-----Original Message-----
>From: Evan Miller [mailto:Evan.Miller@citrix.com]
>Sent: Thursday, July 19, 2012 8:06 AM
>To: cloudstack-users@incubator.apache.org
>Subject: ldapConfig API: Getting 401 unable to verify user credentials and/or
>request signature
>
>Running CloudStack Management Server:
>  v3.0.2.1
>On:
>  [root@cumulus management]# uname -a
>  Linux cumulus.eng.citrite.net 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6
>19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux
>  [root@cumulus management]#
>Hypervisor :
>  XenServer v6.02
>
>Hi:
>
>I am sure there is something not quite right with my syntax, but I can't isolate
>what it is.
>
>I am trying to run ldapConfig API.
>
>Here are the nonencoded variable values:
>
>  &hostname=labscaler.eng.citrite.net
>  &port=389
>  &ssl=false
>  &searchbase=dc=automation,dc=com,ou=people
>  &queryfilter=(&(uid=%u))
>  &binddn=dc=automation,dc=com,cn=admins,ou=labscaler
>  &response=json
>
>And, the LDAP bind dn password is SHA encrypted like so:
>
>  &bindpass=KEXF/g4zPdynLVqmtqqSPiJnLuJi0Ga1
>
>And, here is my final url:
>
>http://10.217.5.192:8080/client/api?apikey=iFl88lw1Pk6gKqUIFPN8vzZbJNsUV
>dYGIJKBTEXtrymcIH5UWp9VHjgnpP_zCmaucmi8XmwK75TR70z-
>2ayjGA&command=ldapConfig&hostname=labscaler.eng.citrite.net&port=38
>9&ssl=false&searchbase=dc%3Dautomation%2Cdc%3Dcom%2Cou%3Dpeople
>&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=dc%3Dautomation%
>2Cdc%3Dcom%2Ccn%3Dadmins%2Cou%3Dlabscaler&bindpass=KEXF/g4zPdyn
>LVqmtqqSPiJnLuJi0Ga1&response=json&signature=IiIdwQkuJFL5iHsX1ojWThc
>hnjk%3D
>
>The above url produces this error:
>
>{ "ldapconfigresponse" : {"errorcode" : 401, "errortext" : "unable to verify user
>credentials and/or request signature"}  }
>
>Is the SHA encryption of the bind dn password a problem?
>
>Or, is there a problem with the queryfilter?
>I am encodng it a bit before encoding the entire url and applying the
>signature. That is, here is how the queryfilter looks before full encoding:
>  (%26(uid=%25u))
>
>Initially I am translating the % and & before passing to my signing script -
>rather than have my script deal with it.
>
>
>Regards,
>
>Evan Miller
>
>Citrix Systems. Inc.
>Desktop and Cloud Engineering Infrastructure
>4988 Great America Parkway
>Santa Clara, CA 95054


Mime
View raw message