Return-Path: X-Original-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 63E35C4F2 for ; Thu, 19 Jul 2012 17:30:59 +0000 (UTC) Received: (qmail 93013 invoked by uid 500); 19 Jul 2012 17:30:59 -0000 Delivered-To: apmail-incubator-cloudstack-users-archive@incubator.apache.org Received: (qmail 92986 invoked by uid 500); 19 Jul 2012 17:30:59 -0000 Mailing-List: contact cloudstack-users-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-users@incubator.apache.org Delivered-To: mailing list cloudstack-users@incubator.apache.org Received: (qmail 92973 invoked by uid 99); 19 Jul 2012 17:30:59 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Jul 2012 17:30:59 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of Evan.Miller@citrix.com designates 66.165.176.63 as permitted sender) Received: from [66.165.176.63] (HELO SMTP02.CITRIX.COM) (66.165.176.63) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Jul 2012 17:30:52 +0000 X-IronPort-AV: E=Sophos;i="4.77,615,1336363200"; d="scan'208";a="202703808" Received: from sjcpmailmx02.citrite.net ([10.216.14.75]) by FTLPIPO02.CITRIX.COM with ESMTP/TLS/RC4-MD5; 19 Jul 2012 13:30:30 -0400 Received: from SJCPMAILBOX01.citrite.net ([10.216.4.73]) by SJCPMAILMX02.citrite.net ([10.216.14.75]) with mapi; Thu, 19 Jul 2012 10:30:30 -0700 From: Evan Miller To: "cloudstack-users@incubator.apache.org" Date: Thu, 19 Jul 2012 10:30:28 -0700 Subject: RE: ldapConfig API: Getting 401 unable to verify user credentials and/or request signature Thread-Topic: ldapConfig API: Getting 401 unable to verify user credentials and/or request signature Thread-Index: Ac1lfC0zeTE9/b7rT/OFkokg9kYuSAAV+44g Message-ID: <93099572B72EB341B81A644E134F240B012F6D0DB72A@SJCPMAILBOX01.citrite.net> References: <93099572B72EB341B81A644E134F240B012F6D0DB64D@SJCPMAILBOX01.citrite.net> <64FB1554ABC9B44FAA773FBD6CB889C2F93BE01718@BANPMAILBOX01.citrite.net> <39B66AAE-EDDF-451B-A43E-00280D74935A@gmail.com> In-Reply-To: <39B66AAE-EDDF-451B-A43E-00280D74935A@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 What's the integrated API? Just no apikey. Any other requirements? Regards, Evan -----Original Message----- From: heince kurniawan [mailto:heince@gmail.com]=20 Sent: Thursday, July 19, 2012 12:00 AM To: cloudstack-users@incubator.apache.org Subject: Re: ldapConfig API: Getting 401 unable to verify user credentials = and/or request signature I also never succeed using apikey to set ldapConfig. Using the integrated API (without key) always works though. Regards, Heince On 19-Jul-2012, at 11:50 AM, Abhinandan Prateek wrote: > Bindpass should be unencrypted. >=20 > The format of params is fine. >=20 > The encoding should be as under: >=20 > http://10.147.29.101:8096/client/api?command=3DldapConfig&hostname=3D10.1= 4 > 7.28.250&searchbase=3DOU%3Dcitrix%2COU%3DDomain%20Controllers%2CDC%3Dhyd > -qa&queryfilter=3D%28%26%28mail%3D%25e%29%29&binddn=3DCN%3DAdministrator%= 2 > CCN%3DUsers%2CDC%3Dhyd-qa&bindpass=3Dxyzabc123&port=3D389&response=3Djson >=20 > note: the braces also get encoding. >=20 > -abhi >=20 >> -----Original Message----- >> From: Evan Miller [mailto:Evan.Miller@citrix.com] >> Sent: Thursday, July 19, 2012 8:06 AM >> To: cloudstack-users@incubator.apache.org >> Subject: ldapConfig API: Getting 401 unable to verify user=20 >> credentials and/or request signature >>=20 >> Running CloudStack Management Server: >> v3.0.2.1 >> On: >> [root@cumulus management]# uname -a >> Linux cumulus.eng.citrite.net 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 >> 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux [root@cumulus=20 >> management]# Hypervisor : >> XenServer v6.02 >>=20 >> Hi: >>=20 >> I am sure there is something not quite right with my syntax, but I=20 >> can't isolate what it is. >>=20 >> I am trying to run ldapConfig API. >>=20 >> Here are the nonencoded variable values: >>=20 >> &hostname=3Dlabscaler.eng.citrite.net >> &port=3D389 >> &ssl=3Dfalse >> &searchbase=3Ddc=3Dautomation,dc=3Dcom,ou=3Dpeople >> &queryfilter=3D(&(uid=3D%u)) >> &binddn=3Ddc=3Dautomation,dc=3Dcom,cn=3Dadmins,ou=3Dlabscaler >> &response=3Djson >>=20 >> And, the LDAP bind dn password is SHA encrypted like so: >>=20 >> &bindpass=3DKEXF/g4zPdynLVqmtqqSPiJnLuJi0Ga1 >>=20 >> And, here is my final url: >>=20 >> http://10.217.5.192:8080/client/api?apikey=3DiFl88lw1Pk6gKqUIFPN8vzZbJN >> sUV >> dYGIJKBTEXtrymcIH5UWp9VHjgnpP_zCmaucmi8XmwK75TR70z- >> 2ayjGA&command=3DldapConfig&hostname=3Dlabscaler.eng.citrite.net&port=3D= 38 >> 9&ssl=3Dfalse&searchbase=3Ddc%3Dautomation%2Cdc%3Dcom%2Cou%3Dpeople >> &queryfilter=3D%28%26%28uid%3D%25u%29%29&binddn=3Ddc%3Dautomation% >> 2Cdc%3Dcom%2Ccn%3Dadmins%2Cou%3Dlabscaler&bindpass=3DKEXF/g4zPdyn >> LVqmtqqSPiJnLuJi0Ga1&response=3Djson&signature=3DIiIdwQkuJFL5iHsX1ojWThc >> hnjk%3D >>=20 >> The above url produces this error: >>=20 >> { "ldapconfigresponse" : {"errorcode" : 401, "errortext" : "unable to=20 >> verify user credentials and/or request signature"} } >>=20 >> Is the SHA encryption of the bind dn password a problem? >>=20 >> Or, is there a problem with the queryfilter? >> I am encodng it a bit before encoding the entire url and applying the=20 >> signature. That is, here is how the queryfilter looks before full encodi= ng: >> (%26(uid=3D%25u)) >>=20 >> Initially I am translating the % and & before passing to my signing=20 >> script - rather than have my script deal with it. >>=20 >>=20 >> Regards, >>=20 >> Evan Miller >>=20 >> Citrix Systems. Inc. >> Desktop and Cloud Engineering Infrastructure >> 4988 Great America Parkway >> Santa Clara, CA 95054 >=20