Re: Getting 401 for newly created users using aaa-cli-jar


Ryan Goulding <ryandgoulding@...>
 

Which version of code are you running?  We changed the password hashing algorithm in master, and you are using an ancient version of the cli jar that is incompatible with master.

Regards,

Ryan Goulding

On Tue, Jul 17, 2018 at 2:12 PM, Naveen Kumar Verma <naveen.kumar.verma@...> wrote:

Hi Ryan,

 

I am doing just that, As I mentioned in my initial mail, I am using -a option to create the new user…

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

$ java -jar ~/Downloads/aaa-cli-jar-0.5.0-20170522.110416-143.jar -dbd . --nu naveen -a -p naveen

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Checking if default entries must be created in IDM store

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Found default domain in IDM store, skipping insertion of default data

New user created, as admin: naveen

 

Still I am getting 401.

It use to work earlier but not sure if recently something has been changed.

 

Thanks,

Naveen

 

From: Ryan Goulding [mailto:ryandgoulding@gmail.com]
Sent: Tuesday, July 17, 2018 11:38 PM


To: Naveen Kumar Verma <naveen.kumar.verma@ericsson.com>
Cc: aaa-dev@...
Subject: Re: [Aaa-dev] Getting 401 for newly created users using aaa-cli-jar

 

This tool was written for a very specific OpenStack OOO use case.  You will want to probably make the user an admin with the tool if you continue to use it (i.e., use the "-a" flag when you do newUser).  If you are using for generic interaction, use bin/idmtool.

 

Best,

Ryan


Regards,

Ryan Goulding

 

On Tue, Jul 17, 2018 at 2:06 PM, Naveen Kumar Verma <naveen.kumar.verma@ericsson.com> wrote:

Hi Ryan,

Aaa-cli-jar doesn’t specify any option to create grant or list it.

 

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

$ java -jar ~/Downloads/aaa-cli-jar-0.5.0-20170522.110416-143.jar -dbd . --help

Unrecognized options: [--help]

Option                       Description

------                       -----------

-?, -h                       Show help

-X, --debug                  Produce execution debug output

-a                           New User(s) added with 'admin' role

--changeUser, --cu <String>  Existing user name to change password

--dbd <File: path>           databaseDirectory (default: .)

--deleteUser, --du <String>  Existing user name to delete

-l, --listUsers              List all existing users

--newUser, --nu <String>     New user to create

-p, --passwd <String>        New password

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

 

When I tried using idmtool (first time user), it got hanged when I tried to list the users itself:

 

# ~/odl_repo/integration-distribution (master)

$ /c/Python27/python.exe karaf/target/assembly/bin/idmtool admin list-users

 

 

Is there any REST uri where can I can grants existing in the system?

 

Thanks,
Naveen

 

From: Ryan Goulding [mailto:ryandgoulding@gmail.com]
Sent: Tuesday, July 17, 2018 10:42 PM
To: Naveen Kumar Verma <naveen.kumar.verma@ericsson.com>
Cc: aaa-dev@...
Subject: Re: [Aaa-dev] Getting 401 for newly created users using aaa-cli-jar

 

Have you created a grant for the user?  Otherwise, it should return 401…

 

 

On Jul 17, 2018, at 12:37 PM, Naveen Kumar Verma <naveen.kumar.verma@ericsson.com> wrote:

 

Hi all, 

 

I am trying to create users using aaa-cli-jar, the users are getting created but I am getting 401 when I try to use that user.

 

Did anything changed recently?

 

Any idea what I am doing wrong:

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

$ java -jar ~/Downloads/aaa-cli-jar-0.5.0-20170522.110416-143.jar -dbd . -l

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Checking if default entries must be created in IDM store

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Found default domain in IDM store, skipping insertion of default data

User names:

admin

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

$ java -jar ~/Downloads/aaa-cli-jar-0.5.0-20170522.110416-143.jar -dbd . --nu naveen -a -p naveen

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Checking if default entries must be created in IDM store

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Found default domain in IDM store, skipping insertion of default data

New user created, as admin: naveen

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

$ java -jar ~/Downloads/aaa-cli-jar-0.5.0-20170522.110416-143.jar -dbd . -l

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Checking if default entries must be created in IDM store

[main] INFO org.opendaylight.aaa.api.StoreBuilder - Found default domain in IDM store, skipping insertion of default data

User names:

admin

naveen

 

# ~/odl_repo/integration-distribution/karaf/target/assembly/data (master)

 

# ~

$ curl -u naveen:naveen  -v -H 'Content-type: application/json' -X GET http://localhost:8181/auth/v1/users | python -mjson.tool

Note: Unnecessary use of -X or --request, GET is already inferred.

* timeout on name lookup is not supported

*   Trying ::1...

* TCP_NODELAY set

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to localhost (::1) port 8181 (#0)

* Server auth using Basic with user 'naveen'

> GET /auth/v1/users HTTP/1.1

> Host: localhost:8181

> Authorization: Basic bmF2ZWVuOm5hdmVlbg==

> User-Agent: curl/7.51.0

> Accept: */*

> Content-type: application/json

< HTTP/1.1 401 Unauthorized

< Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Mon, 16-Jul-2018 16:29:04 GMT

* Authentication problem. Ignoring this.

< WWW-Authenticate: BASIC realm="application"

< Content-Length: 0

* Curl_http_done: called premature == 0

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

* Connection #0 to host localhost left intact

Expecting value: line 1 column 1 (char 0)

 

# ~

 

 

 

Thanks,

Naveen

 

 

 

 

_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev

 

 


Join z.archive.aaa-dev@lists.opendaylight.org to automatically receive all group messages.