ERROR LDAP error validating user #7
Comments
|
Hi David, Thanks for filing a ticket. I've setup an account on OneLogin and have asked them for opensource access to VLDAP. I'll keep you posted and if I get access I will be able to isolate the proper configuration and or remedy a fix. I'll keep you updated this week. -jeremy |
|
Thanks!! Let me know if there is anything I can do to help. |
|
I've actually run into this a couple of weeks ago but I still need to prepare a pull request. I solved it by doing this: It will probably help to make this configurable. Besides that I think the nullpointer should never happen and show a normal error. |
|
I am getting this exact error with OpenLDAP... I haven't tried the patch guidob posted, I am not gifted with Java building. |
|
So I think the issue may be this: The search for my username (jomernik) returns ok (see the return below) However, @ https://github.com/ContainX/marathon-ldap/blob/master/src/main/java/io/containx/marathon/plugin/auth/util/LDAPHelper.java#L93 It looks like it's trying to pull the realDN to be distinguishedname, but that doesn't exist, openLDAP is using entrydn as was the case for guidob. Ideally, I think we need a config entry to identify which is used, as @guidob stated. I don't want to change and recompile at this point, as I don't have the environment for it, is this a large change to make? Thanks! John Return from initial username search: [2016-12-07 14:37:25,046] INFO LDAP user search found cn=jomernik: null:null:{givenname=givenName: John, entrydn=entryDN: cn=jomernik,ou=users,ou=zetashared,dc=marathon,dc=mesos, modifytimestamp=modifyTimestamp: 20161207202411Z, objectclass=objectClass: top, posixAccount, inetOrgPerson, createtimestamp=createTimestamp: 20161207202411Z, subschemasubentry=subschemaSubentry: cn=Subschema, uid=uid: jomernik, uidnumber=uidNumber: 1000002, cn=cn: jomernik, hassubordinates=hasSubordinates: FALSE, loginshell=loginShell: /bin/bash, modifiersname=modifiersName: cn=admin,dc=marathon,dc=mesos, creatorsname=creatorsName: cn=admin,dc=marathon,dc=mesos, gidnumber=gidNumber: 2501, structuralobjectclass=structuralObjectClass: inetOrgPerson, homedirectory=homeDirectory: /home/jomernik, sn=sn: Omernik, entryuuid=entryUUID: dbf68178-5106-1036-8144-eb1d1c2c2b3d, entrycsn=entryCSN: 20161207202411.939425Z#000000#000#000000} (io.containx.marathon.plugin.auth.util.LDAPHelper:pool-3-thread-1) |
|
I've got the same error, so I discuss with some admins here and there is a bit confusion with the DN. A distinguished name is a reference in the LDAP Directory Information Tree. In the RFC5020, the attribute entrydn is a copy of the DN
Maybe, it's better to get the DN directly instead of trying with an hypothetic attribute distinguishedname or entrydn or something else (in Spring there is getName) update: I create a PR #10 with https://docs.oracle.com/javase/tutorial/jndi/newstuff/dn.html |
[issue #7] use ldap native dn and not a copy in an attribute
Hi,
I'm trying to get the plugin working with the OneLogin LDAP service, but I keep getting the error message "ERROR LDAP error validating user".
I'm using the 1.3 plugin with marathon 1.3.3.
Here is what I see in the logs:
https://gist.github.com/davidsayers/b98cb9d81460fa7c8f5d1a44b02703d5
Here is the config I am using:
https://gist.github.com/davidsayers/9673154d9b8a265f961faa7c014a278d
Hopefully you can point me in the right direction.
Thanks
David
The text was updated successfully, but these errors were encountered: