incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "madhusudan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-1213) Not able to integrate LDAP with SSL auth in cloudstack
Date Mon, 11 Feb 2013 06:11:13 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-1213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

madhusudan updated CLOUDSTACK-1213:
-----------------------------------

      Security:     (was: Public)
    Issue Type: Task  (was: Test)
    
> Not able to integrate LDAP with SSL auth in cloudstack
> ------------------------------------------------------
>
>                 Key: CLOUDSTACK-1213
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1213
>             Project: CloudStack
>          Issue Type: Task
>          Components: API
>    Affects Versions: 4.0.1
>         Environment: Ubuntu 12.04 x64
>            Reporter: madhusudan
>            Priority: Minor
>              Labels: LDAP, integration
>
> I have cloudstack 4.0.1-incubating installed and  running successfully.
> I tried to run api command using username login.
> step1
> user login
> http://hostname:8080/client/api?command=login&username=admin&password=md5hash
> output:
> { "loginresponse" : { "timeout" : "1800", "lastname" : "cloud", "registered" : "false",
"username" : "admin", "firstname" : "admin", "domainid" : "blablabla", "type" : "1", "userid"
: "blablabla", "sessionkey" : "blablalbla", "account" : "admin" } }
> few doubts about login
>   Does userid is same as JsessionID..?  if yes then
>   Do we have to pass the Jsessionid  along with the URL or the above would do..?
>   else
>   where can I find the Jsessionid..? (as it is not displaying in the above command)
>   
> step2:
> when i run this 
> http://hostname:8096/client/api?apikey=blablabla&bindn=%20cn%3DDirectory%20Manager&bindpass=password&command=ldapConfig&hostname=ldapserver&queryfilter=%28%26%28uid%3D%25u%29%29&port=636&searchbase=ou%3Dpeople%2Cdc%3Ddomain%2Cdc%3Dcom&sessionkey=blablabla&ssl=true&truststore=%2Fetc%2Fssl%2FNdomaincert.jks&truststorepass=password&response=json
> i get below error
> { "ldapconfigresponse" : {"uuidList":[],"errorcode":431,"cserrorcode":4490,"errortext":"Naming
Exception, check you ldap data ! simple bind failed: LDAPserver:636Caused by:sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target"} }
> I tried to use the certification file(.crt) without password and gave this error.
> { "ldapconfigresponse" : {"uuidList":[],"errorcode":431,"cserrorcode":4490,"errortext":"If
you plan to use SSL then you need to configure the trust store."} }
> is providing password necessary..?, or am i missing something..?
> do you have any better solution for this..? or at-least can redirect me to the place
where I can get help to integrate LDAP with SSL into cloudstack.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message