cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pranav Saxena <pranav.sax...@citrix.com>
Subject RE: ldapConfig API: Getting 401 unable to verify user credentials and/or request signature
Date Thu, 19 Jul 2012 17:45:31 GMT
I think , what he means is that you could execute your API request either by using port no
8096 where you don't require the api key and signature to be passed.
http://<ip>:8096/client/api?command=< xyz> . 

Or you always have the option of using the session key as well where you won't require to
use the api key explicitly. This would also allow you to execute your API request.You can
find the session key using Firebug console and append it to your command - 
http://<ip>:8096/client/api?command=< xyz>&sessionkey= < >

Please correct me , in case  I have misunderstood the point here. 

Regards,
Pranav

-----Original Message-----
From: Evan Miller [mailto:Evan.Miller@citrix.com] 
Sent: Thursday, July 19, 2012 11:00 PM
To: cloudstack-users@incubator.apache.org
Subject: RE: ldapConfig API: Getting 401 unable to verify user credentials and/or request
signature

What's the integrated API?
Just no apikey.
Any other requirements?

Regards,
Evan


-----Original Message-----
From: heince kurniawan [mailto:heince@gmail.com]
Sent: Thursday, July 19, 2012 12:00 AM
To: cloudstack-users@incubator.apache.org
Subject: Re: ldapConfig API: Getting 401 unable to verify user credentials and/or request
signature

I also never succeed using apikey to set ldapConfig.
Using the integrated API (without key) always works though.

Regards,
Heince


On 19-Jul-2012, at 11:50 AM, Abhinandan Prateek wrote:

> Bindpass should be unencrypted.
> 
> The format of params is fine.
> 
> The encoding should be as under:
> 
> http://10.147.29.101:8096/client/api?command=ldapConfig&hostname=10.14
> 7.28.250&searchbase=OU%3Dcitrix%2COU%3DDomain%20Controllers%2CDC%3Dhyd
> -qa&queryfilter=%28%26%28mail%3D%25e%29%29&binddn=CN%3DAdministrator%2
> CCN%3DUsers%2CDC%3Dhyd-qa&bindpass=xyzabc123&port=389&response=json
> 
> note: the braces also get encoding.
> 
> -abhi
> 
>> -----Original Message-----
>> From: Evan Miller [mailto:Evan.Miller@citrix.com]
>> Sent: Thursday, July 19, 2012 8:06 AM
>> To: cloudstack-users@incubator.apache.org
>> Subject: ldapConfig API: Getting 401 unable to verify user 
>> credentials and/or request signature
>> 
>> Running CloudStack Management Server:
>> v3.0.2.1
>> On:
>> [root@cumulus management]# uname -a
>> Linux cumulus.eng.citrite.net 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6
>> 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux [root@cumulus 
>> management]# Hypervisor :
>> XenServer v6.02
>> 
>> Hi:
>> 
>> I am sure there is something not quite right with my syntax, but I 
>> can't isolate what it is.
>> 
>> I am trying to run ldapConfig API.
>> 
>> Here are the nonencoded variable values:
>> 
>> &hostname=labscaler.eng.citrite.net
>> &port=389
>> &ssl=false
>> &searchbase=dc=automation,dc=com,ou=people
>> &queryfilter=(&(uid=%u))
>> &binddn=dc=automation,dc=com,cn=admins,ou=labscaler
>> &response=json
>> 
>> And, the LDAP bind dn password is SHA encrypted like so:
>> 
>> &bindpass=KEXF/g4zPdynLVqmtqqSPiJnLuJi0Ga1
>> 
>> And, here is my final url:
>> 
>> http://10.217.5.192:8080/client/api?apikey=iFl88lw1Pk6gKqUIFPN8vzZbJN
>> sUV
>> dYGIJKBTEXtrymcIH5UWp9VHjgnpP_zCmaucmi8XmwK75TR70z-
>> 2ayjGA&command=ldapConfig&hostname=labscaler.eng.citrite.net&port=38
>> 9&ssl=false&searchbase=dc%3Dautomation%2Cdc%3Dcom%2Cou%3Dpeople
>> &queryfilter=%28%26%28uid%3D%25u%29%29&binddn=dc%3Dautomation%
>> 2Cdc%3Dcom%2Ccn%3Dadmins%2Cou%3Dlabscaler&bindpass=KEXF/g4zPdyn
>> LVqmtqqSPiJnLuJi0Ga1&response=json&signature=IiIdwQkuJFL5iHsX1ojWThc
>> hnjk%3D
>> 
>> The above url produces this error:
>> 
>> { "ldapconfigresponse" : {"errorcode" : 401, "errortext" : "unable to 
>> verify user credentials and/or request signature"}  }
>> 
>> Is the SHA encryption of the bind dn password a problem?
>> 
>> Or, is there a problem with the queryfilter?
>> I am encodng it a bit before encoding the entire url and applying the 
>> signature. That is, here is how the queryfilter looks before full encoding:
>> (%26(uid=%25u))
>> 
>> Initially I am translating the % and & before passing to my signing 
>> script - rather than have my script deal with it.
>> 
>> 
>> Regards,
>> 
>> Evan Miller
>> 
>> Citrix Systems. Inc.
>> Desktop and Cloud Engineering Infrastructure
>> 4988 Great America Parkway
>> Santa Clara, CA 95054
> 


Mime
View raw message