cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evan Miller <Evan.Mil...@citrix.com>
Subject RE: ldapConfig API: Getting 401 unable to verify user credentials and/or request signature
Date Thu, 19 Jul 2012 17:30:28 GMT
What's the integrated API?
Just no apikey.
Any other requirements?

Regards,
Evan


-----Original Message-----
From: heince kurniawan [mailto:heince@gmail.com] 
Sent: Thursday, July 19, 2012 12:00 AM
To: cloudstack-users@incubator.apache.org
Subject: Re: ldapConfig API: Getting 401 unable to verify user credentials and/or request
signature

I also never succeed using apikey to set ldapConfig.
Using the integrated API (without key) always works though.

Regards,
Heince


On 19-Jul-2012, at 11:50 AM, Abhinandan Prateek wrote:

> Bindpass should be unencrypted.
> 
> The format of params is fine.
> 
> The encoding should be as under:
> 
> http://10.147.29.101:8096/client/api?command=ldapConfig&hostname=10.14
> 7.28.250&searchbase=OU%3Dcitrix%2COU%3DDomain%20Controllers%2CDC%3Dhyd
> -qa&queryfilter=%28%26%28mail%3D%25e%29%29&binddn=CN%3DAdministrator%2
> CCN%3DUsers%2CDC%3Dhyd-qa&bindpass=xyzabc123&port=389&response=json
> 
> note: the braces also get encoding.
> 
> -abhi
> 
>> -----Original Message-----
>> From: Evan Miller [mailto:Evan.Miller@citrix.com]
>> Sent: Thursday, July 19, 2012 8:06 AM
>> To: cloudstack-users@incubator.apache.org
>> Subject: ldapConfig API: Getting 401 unable to verify user 
>> credentials and/or request signature
>> 
>> Running CloudStack Management Server:
>> v3.0.2.1
>> On:
>> [root@cumulus management]# uname -a
>> Linux cumulus.eng.citrite.net 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6
>> 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux [root@cumulus 
>> management]# Hypervisor :
>> XenServer v6.02
>> 
>> Hi:
>> 
>> I am sure there is something not quite right with my syntax, but I 
>> can't isolate what it is.
>> 
>> I am trying to run ldapConfig API.
>> 
>> Here are the nonencoded variable values:
>> 
>> &hostname=labscaler.eng.citrite.net
>> &port=389
>> &ssl=false
>> &searchbase=dc=automation,dc=com,ou=people
>> &queryfilter=(&(uid=%u))
>> &binddn=dc=automation,dc=com,cn=admins,ou=labscaler
>> &response=json
>> 
>> And, the LDAP bind dn password is SHA encrypted like so:
>> 
>> &bindpass=KEXF/g4zPdynLVqmtqqSPiJnLuJi0Ga1
>> 
>> And, here is my final url:
>> 
>> http://10.217.5.192:8080/client/api?apikey=iFl88lw1Pk6gKqUIFPN8vzZbJN
>> sUV
>> dYGIJKBTEXtrymcIH5UWp9VHjgnpP_zCmaucmi8XmwK75TR70z-
>> 2ayjGA&command=ldapConfig&hostname=labscaler.eng.citrite.net&port=38
>> 9&ssl=false&searchbase=dc%3Dautomation%2Cdc%3Dcom%2Cou%3Dpeople
>> &queryfilter=%28%26%28uid%3D%25u%29%29&binddn=dc%3Dautomation%
>> 2Cdc%3Dcom%2Ccn%3Dadmins%2Cou%3Dlabscaler&bindpass=KEXF/g4zPdyn
>> LVqmtqqSPiJnLuJi0Ga1&response=json&signature=IiIdwQkuJFL5iHsX1ojWThc
>> hnjk%3D
>> 
>> The above url produces this error:
>> 
>> { "ldapconfigresponse" : {"errorcode" : 401, "errortext" : "unable to 
>> verify user credentials and/or request signature"}  }
>> 
>> Is the SHA encryption of the bind dn password a problem?
>> 
>> Or, is there a problem with the queryfilter?
>> I am encodng it a bit before encoding the entire url and applying the 
>> signature. That is, here is how the queryfilter looks before full encoding:
>> (%26(uid=%25u))
>> 
>> Initially I am translating the % and & before passing to my signing 
>> script - rather than have my script deal with it.
>> 
>> 
>> Regards,
>> 
>> Evan Miller
>> 
>> Citrix Systems. Inc.
>> Desktop and Cloud Engineering Infrastructure
>> 4988 Great America Parkway
>> Santa Clara, CA 95054
> 


Mime
View raw message