https://datahubproject.io logo
Join Slack
Powered by
Hello team, I am trying the add LDAP aut to helm d...
# troubleshoot
g
Hello team, I am trying the add LDAP aut to helm datahub but stuck. I did below changes but doesn’t work. Am I missing somethings? Thanks 1. add mount path for new jaas.yaml and confs at frontends values yaml
Copy code
extraEnvs:
  - name: AUTH_JAAS_ENABLED
    value: "true"
  - name: JAVA_OPTS
    value: |-
      -Djava.security.auth.login.config=/datahub-frontend/conf/custom/jaas.conf


extraVolumes:
  - name: jaas-conf-volume
    configMap:
      name: jaas-conf

extraVolumeMounts:
  - name: jaas-conf-volume
    mountPath: datahub-frontend/conf/custom/jaas.conf
    subPath: jaas.conf
    readOnly: true
2.the Jaas file:
Copy code
WHZ-Authentication {
  com.sun.security.auth.module.LdapLoginModule sufficient
  userProvider="<ldap://server.com.tr:389/CN=test,OU=test2,OU=SERVICE> USERS,DC=infoshop,DC=com,DC=tr"
  authIdentity="{USERNAME}"
  java.naming.security.authentication="simple"
  debug="true"
  useSSL="true";
};
b
whey @glamorous-wire-83850, what are you experiencing as problem?
g
Hi @microscopic-australia-66302 thanks for reply, I did the changes at above, but ı cant login with ldap(stock datahub-datahub user-pass stil working bdw).
Copy code
ERROR application - The submitted callback is of type: class javax.security.auth.callback.NameCallback : javax.security.auth.callback.NameCallback@25e7e6bf
11:51:06 [application-akka.actor.default-dispatcher-41] ERROR application - The submitted callback is of type: class javax.security.auth.callback.PasswordCallback : javax.security.auth.callback.PasswordCallback@1880a29c
 [LdapLoginModule] attempting to authenticate user: ogencer
 [LdapLoginModule] authentication failed
 [LdapLoginModule] aborted authentication
f
@glamorous-wire-83850 I am configuring LDAP auth, and met some problem, have you solved the problem? Can you share your full values.yaml config file ? thanks.
c
I am configuring LDAP auth, and met some problem, have you solved the problem? Can you share your full values.yaml config file ? thanks.
f
Copy code
HZ-Authentication {
    org.eclipse.jetty.jaas.spi.PropertyFileLoginModule sufficient debug="true" file="/datahub-frontend/conf/user.props";
    com.sun.security.auth.module.LdapLoginModule REQUIRED
    userProvider="<ldap://xxx.xxx.net:389/dc=xxx,dc=net>"
    java.naming.security.authentication="simple"
    java.naming.security.principal="cn=readonly,dc=xxx,dc=net"
    userFilter="(&(|(samAccountName={USERNAME})(userPrincipalName={USERNAME})(cn={USERNAME}))(objectClass=user))"
    useSSL=false
    java.naming.security.credentials="Password"
    debug=false;
};
@careful-lunch-53644 Please refer this config. If you deployed on k8s,then you can mount this file on the datahub-frontend pod.
c
@fierce-baker-1392 thanks for reply,I am configuring LDAP auth still authentication failed. How should I set the jaas.conf. ============================================================ ldapsearch info ldapsearch -x -h $(hostname -f) -b uid=zhiyong_ma,cn=users,cn=accounts,dc=ds,dc=xxx,dc=com # extended LDIF # # LDAPv3 # base <uid=zhiyong_ma,cn=users,cn=accounts,dc=ds,dc=xxx,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # zhiyong_ma, users, accounts, ds.xxx.com dn: uid=zhiyong_ma,cn=users,cn=accounts,dc=ds,dc=xxx,dc=com displayName: zhiyong ma uid: zhiyong_ma objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson objectClass: inetuser objectClass: posixaccount objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: ipasshuser objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry loginShell: /bin/sh initials: zm gecos: zhiyong ma sn: ma homeDirectory: /home/zhiyong_ma givenName: zhiyong cn: zhiyong ma uidNumber: 1957600033 gidNumber: 1957600033 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ============================================================ jaas.conf WHZ-Authentication { org.eclipse.jetty.jaas.spi.PropertyFileLoginModule sufficient debug="true" file="/datahub-frontend/conf/user.props"; com.sun.security.auth.module.LdapLoginModule REQUIRED userProvider="ldap://xxx.xxx.net:389/dc=ds,dc=xxx,dc=com" java.naming.security.authentication="simple" java.naming.security.principal="cn=users,cn=accounts,dc=ds,dc=xxx,dc=com" userFilter="(&(|(samAccountName={USERNAME})(userPrincipalName={USERNAME})(uid={USERNAME}))(objectClass=person))" useSSL=false java.naming.security.credentials="Password" debug=true; }; =========================================== docker container - datahub-frontend-react log [LdapLoginModule] search-first mode; SSL disabled [LdapLoginModule] user provider: ldap://ldap_server_name.ds.xxx.com:389/dc=ds,dc=kingdee,dc=com [LdapLoginModule] authentication failed [LdapLoginModule] aborted authentication [LdapLoginModule] search-first mode; SSL disabled
f
Could you post the full error log in datahub-frontend module?
c
@fierce-baker-1392 this file is dtahub-frontend odule full log
datahub-frontend-react.log
@fierce-baker-1392 when i log in, the dtahub-frontend module log file just append this content . [LdapLoginModule] search-first mode; SSL disabled [LdapLoginModule] user provider: ldap://ldap_server_name.ds.xxx.com:389/dc=ds,dc=kingdee,dc=com [LdapLoginModule] authentication failed [LdapLoginModule] aborted authentication [LdapLoginModule] search-first mode; SSL disabled
f
Datahub use LdapLoginModule for JAAS login. I think you can have a look at the usage of this module. The program has ran here, but don’t have any more information to locate it through log you post.
30 Views
Open in Slack
PreviousNext
Powered by