Re: Configuring OpenLdap with ODL


Ryan Goulding <ryandgoulding@...>
 

+aaa-dev;  please keep the list in the loop.

One issue is that you are using ODLJndiLdapRealm without the "ldapRealm.attributeForComparison" set.  I would start off with using the variant ODLJndiLdapRealmAuthNOnly to start, then as you figure out AuthN add in AuthZ later.  If you don't define the attributeForComparison, things won't work.

Regards,

Ryan Goulding

On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan,

Thanks for the reply.

Our exact inputs in shiro.ini is


ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm

ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net

ldapRealm.contextFactory.url = ldap://10.112.192.134:389

ldapRealm.searchBase = dc=matrix-intra,dc=net

 

and also added this line

securityManager.realms = $tokenAuthRealm, $ldapRealm

 

We know ODL Beryllium is very old, but any how we have to use this. Please help.

 

Regards,

Harshit Kaushik

 

From: Ryan Goulding [mailto:ryandgoulding@gmail.com]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...; wdec@...; aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@nokia.com>; Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL

 

Hi Harshit,

 

Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server?  By the way, ODL Beryllium is very old and has not been supported for quite some time.


Regards,

Ryan Goulding

 

On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan/Team,

 

I am trying to onfigure OpenLdap with ODL (Beryllium version).

 

I have done below changes in shiro.ini file

 

ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly

ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

ldapRealm.contextFactory.url = ldap://<url>:389

 

But I am not able to login to ODL. I am getting below logs in karaf.

 

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm                   | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore                      | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ?  {1: 'sdn'}

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid = ?  {1: 'matrix@sdn'}

2018-04-10 13:44:26,373 | INFO  | qtp501175937-730 | ODLJndiLdapRealm                 | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter                        | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener           | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>

 

 

Please help me out in this.

Regards,

Harshit Kaushik

 


Join z.archive.aaa-dev@lists.opendaylight.org to automatically receive all group messages.