Re: Getting 401 for newly created users using aaa-cli-jar


Naveen Kumar Verma
 

Hi Ryan,

 

I am doing just that, As I mentioned in my initial mail, I am using -a option to create the new user…

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

$ java -jar ~/Downloads/aaa-cli-jar-0.5.0-20170522.110416-143.jar -dbd . --nu naveen -a -p naveen

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Checking if default entries must be created in IDM store

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Found default domain in IDM store, skipping insertion of default data

New user created, as admin: naveen

 

Still I am getting 401.

It use to work earlier but not sure if recently something has been changed.

 

Thanks,

Naveen

 

From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Tuesday, July 17, 2018 11:38 PM
To: Naveen Kumar Verma <naveen.kumar.verma@...>
Cc: aaa-dev@...
Subject: Re: [Aaa-dev] Getting 401 for newly created users using aaa-cli-jar

 

This tool was written for a very specific OpenStack OOO use case.  You will want to probably make the user an admin with the tool if you continue to use it (i.e., use the "-a" flag when you do newUser).  If you are using for generic interaction, use bin/idmtool.

 

Best,

Ryan


Regards,

Ryan Goulding

 

On Tue, Jul 17, 2018 at 2:06 PM, Naveen Kumar Verma <naveen.kumar.verma@...> wrote:

Hi Ryan,

Aaa-cli-jar doesn’t specify any option to create grant or list it.

 

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

$ java -jar ~/Downloads/aaa-cli-jar-0.5.0-20170522.110416-143.jar -dbd . --help

Unrecognized options: [--help]

Option                       Description

------                       -----------

-?, -h                       Show help

-X, --debug                  Produce execution debug output

-a                           New User(s) added with 'admin' role

--changeUser, --cu <String>  Existing user name to change password

--dbd <File: path>           databaseDirectory (default: .)

--deleteUser, --du <String>  Existing user name to delete

-l, --listUsers              List all existing users

--newUser, --nu <String>     New user to create

-p, --passwd <String>        New password

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

 

When I tried using idmtool (first time user), it got hanged when I tried to list the users itself:

 

# ~/odl_repo/integration-distribution (master)

$ /c/Python27/python.exe karaf/target/assembly/bin/idmtool admin list-users

 

 

Is there any REST uri where can I can grants existing in the system?

 

Thanks,
Naveen

 

From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Tuesday, July 17, 2018 10:42 PM
To: Naveen Kumar Verma <naveen.kumar.verma@...>
Cc: aaa-dev@...
Subject: Re: [Aaa-dev] Getting 401 for newly created users using aaa-cli-jar

 

Have you created a grant for the user?  Otherwise, it should return 401…

 

 

On Jul 17, 2018, at 12:37 PM, Naveen Kumar Verma <naveen.kumar.verma@...> wrote:

 

Hi all, 

 

I am trying to create users using aaa-cli-jar, the users are getting created but I am getting 401 when I try to use that user.

 

Did anything changed recently?

 

Any idea what I am doing wrong:

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

$ java -jar ~/Downloads/aaa-cli-jar-0.5.0-20170522.110416-143.jar -dbd . -l

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Checking if default entries must be created in IDM store

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Found default domain in IDM store, skipping insertion of default data

User names:

admin

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

$ java -jar ~/Downloads/aaa-cli-jar-0.5.0-20170522.110416-143.jar -dbd . --nu naveen -a -p naveen

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Checking if default entries must be created in IDM store

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Found default domain in IDM store, skipping insertion of default data

New user created, as admin: naveen

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

$ java -jar ~/Downloads/aaa-cli-jar-0.5.0-20170522.110416-143.jar -dbd . -l

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Checking if default entries must be created in IDM store

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Found default domain in IDM store, skipping insertion of default data

User names:

admin

naveen

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

 

# ~

$ curl -u naveen:naveen  -v -H 'Content-type: application/json' -X GET http://localhost:8181/auth/v1/users | python -mjson.tool

Note: Unnecessary use of -X or --request, GET is already inferred.

* timeout on name lookup is not supported

*   Trying ::1...

* TCP_NODELAY set

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to localhost (::1) port 8181 (#0)

* Server auth using Basic with user 'naveen'

> GET /auth/v1/users HTTP/1.1

> Host: localhost:8181

> Authorization: Basic bmF2ZWVuOm5hdmVlbg==

> User-Agent: curl/7.51.0

> Accept: */*

> Content-type: application/json

< HTTP/1.1 401 Unauthorized

< Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Mon, 16-Jul-2018 16:29:04 GMT

* Authentication problem. Ignoring this.

< WWW-Authenticate: BASIC realm="application"

< Content-Length: 0

* Curl_http_done: called premature == 0

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

* Connection #0 to host localhost left intact

Expecting value: line 1 column 1 (char 0)

 

# ~

 

 

 

Thanks,

Naveen

 

 

 

 

_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev

 

 

Join z.archive.aaa-dev@lists.opendaylight.org to automatically receive all group messages.