Configuring OpenLdap with ODL


Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
 

Hi Ryan/Team,

 

I am trying to onfigure OpenLdap with ODL (Beryllium version).

 

I have done below changes in shiro.ini file

 

ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly

ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

ldapRealm.contextFactory.url = ldap://<url>:389

 

But I am not able to login to ODL. I am getting below logs in karaf.

 

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm                   | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore                      | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ?  {1: 'sdn'}

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid = ?  {1: 'matrix@sdn'}

2018-04-10 13:44:26,373 | INFO  | qtp501175937-730 | ODLJndiLdapRealm                 | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter                        | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener           | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>

 

 

Please help me out in this.

Regards,

Harshit Kaushik


Ryan Goulding <ryandgoulding@...>
 

Hi Harshit,

Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server?  By the way, ODL Beryllium is very old and has not been supported for quite some time.

Regards,

Ryan Goulding

On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan/Team,

 

I am trying to onfigure OpenLdap with ODL (Beryllium version).

 

I have done below changes in shiro.ini file

 

ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly

ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

ldapRealm.contextFactory.url = ldap://<url>:389

 

But I am not able to login to ODL. I am getting below logs in karaf.

 

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm                   | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore                      | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ?  {1: 'sdn'}

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid = ?  {1: 'matrix@sdn'}

2018-04-10 13:44:26,373 | INFO  | qtp501175937-730 | ODLJndiLdapRealm                 | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter                        | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener           | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>

 

 

Please help me out in this.

Regards,

Harshit Kaushik



Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
 

Hi Ryan,

Thanks for the reply.

Our exact inputs in shiro.ini is


ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm

ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net

ldapRealm.contextFactory.url = ldap://10.112.192.134:389

ldapRealm.searchBase = dc=matrix-intra,dc=net

 

and also added this line

securityManager.realms = $tokenAuthRealm, $ldapRealm

 

We know ODL Beryllium is very old, but any how we have to use this. Please help.

 

Regards,

Harshit Kaushik

 

From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...; wdec@...; aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL

 

Hi Harshit,

 

Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server?  By the way, ODL Beryllium is very old and has not been supported for quite some time.


Regards,

Ryan Goulding

 

On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan/Team,

 

I am trying to onfigure OpenLdap with ODL (Beryllium version).

 

I have done below changes in shiro.ini file

 

ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly

ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

ldapRealm.contextFactory.url = ldap://<url>:389

 

But I am not able to login to ODL. I am getting below logs in karaf.

 

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm                   | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore                      | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ?  {1: 'sdn'}

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid = ?  {1: 'matrix@sdn'}

2018-04-10 13:44:26,373 | INFO  | qtp501175937-730 | ODLJndiLdapRealm                 | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter                        | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener           | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>

 

 

Please help me out in this.

Regards,

Harshit Kaushik

 


Ryan Goulding <ryandgoulding@...>
 

+aaa-dev;  please keep the list in the loop.

One issue is that you are using ODLJndiLdapRealm without the "ldapRealm.attributeForComparison" set.  I would start off with using the variant ODLJndiLdapRealmAuthNOnly to start, then as you figure out AuthN add in AuthZ later.  If you don't define the attributeForComparison, things won't work.

Regards,

Ryan Goulding

On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan,

Thanks for the reply.

Our exact inputs in shiro.ini is


ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm

ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net

ldapRealm.contextFactory.url = ldap://10.112.192.134:389

ldapRealm.searchBase = dc=matrix-intra,dc=net

 

and also added this line

securityManager.realms = $tokenAuthRealm, $ldapRealm

 

We know ODL Beryllium is very old, but any how we have to use this. Please help.

 

Regards,

Harshit Kaushik

 

From: Ryan Goulding [mailto:ryandgoulding@gmail.com]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...; wdec@...; aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@nokia.com>; Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL

 

Hi Harshit,

 

Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server?  By the way, ODL Beryllium is very old and has not been supported for quite some time.


Regards,

Ryan Goulding

 

On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan/Team,

 

I am trying to onfigure OpenLdap with ODL (Beryllium version).

 

I have done below changes in shiro.ini file

 

ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly

ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

ldapRealm.contextFactory.url = ldap://<url>:389

 

But I am not able to login to ODL. I am getting below logs in karaf.

 

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm                   | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore                      | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ?  {1: 'sdn'}

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid = ?  {1: 'matrix@sdn'}

2018-04-10 13:44:26,373 | INFO  | qtp501175937-730 | ODLJndiLdapRealm                 | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter                        | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener           | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>

 

 

Please help me out in this.

Regards,

Harshit Kaushik

 



Mohamed ElSerngawy
 

Hi Kaushik,

You may need to specify the common name "cn" instead of "uid", so your shiro.ini could be looks like as below. 

ldapRealm.userDnTemplate = cn={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

BR


On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan,

Thanks for the reply.

Our exact inputs in shiro.ini is


ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm

ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net

ldapRealm.contextFactory.url = ldap://10.112.192.134:389

ldapRealm.searchBase = dc=matrix-intra,dc=net

 

and also added this line

securityManager.realms = $tokenAuthRealm, $ldapRealm

 

We know ODL Beryllium is very old, but any how we have to use this. Please help.

 

Regards,

Harshit Kaushik

 

From: Ryan Goulding [mailto:ryandgoulding@gmail.com]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...; wdec@...; aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@nokia.com>; Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL

 

Hi Harshit,

 

Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server?  By the way, ODL Beryllium is very old and has not been supported for quite some time.


Regards,

Ryan Goulding

 

On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan/Team,

 

I am trying to onfigure OpenLdap with ODL (Beryllium version).

 

I have done below changes in shiro.ini file

 

ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly

ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

ldapRealm.contextFactory.url = ldap://<url>:389

 

But I am not able to login to ODL. I am getting below logs in karaf.

 

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm                   | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore                      | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ?  {1: 'sdn'}

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid = ?  {1: 'matrix@sdn'}

2018-04-10 13:44:26,373 | INFO  | qtp501175937-730 | ODLJndiLdapRealm                 | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter                        | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener           | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>

 

 

Please help me out in this.

Regards,

Harshit Kaushik

 


_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev




--
Mohamed ElSerngawy

+1 438 993 2462


Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
 

Hi Mohamed/ Ryan,

 

Thanks for the help 😊.

Currently we are facing some issues with OpenLdap. After fixing this problem I will try the solutions provided by you.

 

Regards,

Harshit Kaushik

 

 

 

From: Mohamed El-Serngawy [mailto:m.elserngawy@...]
Sent: Thursday, April 12, 2018 6:33 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: Ryan Goulding <ryandgoulding@...>; Hrudaykumar H <hrudaykumar.h@...>; wdec@...; aaa-dev@...; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>
Subject: Re: [Aaa-dev] Configuring OpenLdap with ODL

 

Hi Kaushik,

 

You may need to specify the common name "cn" instead of "uid", so your shiro.ini could be looks like as below. 

 

ldapRealm.userDnTemplate = cn={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

 

BR

 

 

On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan,

Thanks for the reply.

Our exact inputs in shiro.ini is


ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm

ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net

ldapRealm.contextFactory.url = ldap://10.112.192.134:389

ldapRealm.searchBase = dc=matrix-intra,dc=net

 

and also added this line

securityManager.realms = $tokenAuthRealm, $ldapRealm

 

We know ODL Beryllium is very old, but any how we have to use this. Please help.

 

Regards,

Harshit Kaushik

 

From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...; wdec@...; aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL

 

Hi Harshit,

 

Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server?  By the way, ODL Beryllium is very old and has not been supported for quite some time.


Regards,

Ryan Goulding

 

On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan/Team,

 

I am trying to onfigure OpenLdap with ODL (Beryllium version).

 

I have done below changes in shiro.ini file

 

ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly

ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

ldapRealm.contextFactory.url = ldap://<url>:389

 

But I am not able to login to ODL. I am getting below logs in karaf.

 

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm                   | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore                      | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ?  {1: 'sdn'}

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid = ?  {1: 'matrix@sdn'}

2018-04-10 13:44:26,373 | INFO  | qtp501175937-730 | ODLJndiLdapRealm                 | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter                        | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener           | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>

 

 

Please help me out in this.

Regards,

Harshit Kaushik

 


_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev



 

--

Mohamed ElSerngawy

 

+1 438 993 2462


Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
 

Hi Ryan/Team,

 

Thanks for the help. I have successfully integrated openldap with odl.

 

I have one concern, is it necessary to restart karaf after updating shiro.ini file. Because in my case odl is not allowing me to login through openldap after updating shiro.ini until and unless we restart karaf.

Is there any procedure or way through which can skip the restarting of karaf.

 

Regards,

Harshit Kaushik

 

From: Kaushik, Harshit (EXT - IN/Noida)
Sent: Tuesday, April 17, 2018 11:45 AM
To: 'Mohamed El-Serngawy' <m.elserngawy@...>
Cc: Ryan Goulding <ryandgoulding@...>; Hrudaykumar H <hrudaykumar.h@...>; wdec@...; aaa-dev@...; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>
Subject: RE: [Aaa-dev] Configuring OpenLdap with ODL

 

Hi Mohamed/ Ryan,

 

Thanks for the help 😊.

Currently we are facing some issues with OpenLdap. After fixing this problem I will try the solutions provided by you.

 

Regards,

Harshit Kaushik

 

 

 

From: Mohamed El-Serngawy [mailto:m.elserngawy@...]
Sent: Thursday, April 12, 2018 6:33 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: Ryan Goulding <ryandgoulding@...>; Hrudaykumar H <hrudaykumar.h@...>; wdec@...; aaa-dev@...; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>
Subject: Re: [Aaa-dev] Configuring OpenLdap with ODL

 

Hi Kaushik,

 

You may need to specify the common name "cn" instead of "uid", so your shiro.ini could be looks like as below. 

 

ldapRealm.userDnTemplate = cn={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

 

BR

 

 

On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan,

Thanks for the reply.

Our exact inputs in shiro.ini is


ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm

ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net

ldapRealm.contextFactory.url = ldap://10.112.192.134:389

ldapRealm.searchBase = dc=matrix-intra,dc=net

 

and also added this line

securityManager.realms = $tokenAuthRealm, $ldapRealm

 

We know ODL Beryllium is very old, but any how we have to use this. Please help.

 

Regards,

Harshit Kaushik

 

From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...; wdec@...; aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL

 

Hi Harshit,

 

Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server?  By the way, ODL Beryllium is very old and has not been supported for quite some time.


Regards,

Ryan Goulding

 

On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan/Team,

 

I am trying to onfigure OpenLdap with ODL (Beryllium version).

 

I have done below changes in shiro.ini file

 

ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly

ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

ldapRealm.contextFactory.url = ldap://<url>:389

 

But I am not able to login to ODL. I am getting below logs in karaf.

 

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm                   | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore                      | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ?  {1: 'sdn'}

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid = ?  {1: 'matrix@sdn'}

2018-04-10 13:44:26,373 | INFO  | qtp501175937-730 | ODLJndiLdapRealm                 | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter                        | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener           | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>

 

 

Please help me out in this.

Regards,

Harshit Kaushik

 


_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev



 

--

Mohamed ElSerngawy

 

+1 438 993 2462


Ryan Goulding <ryandgoulding@...>
 

No, ODL must be restarted.


On Apr 19, 2018, at 5:22 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan/Team,

 

Thanks for the help. I have successfully integrated openldap with odl.

 

I have one concern, is it necessary to restart karaf after updating shiro.ini file. Because in my case odl is not allowing me to login through openldap after updating shiro.ini until and unless we restart karaf.

Is there any procedure or way through which can skip the restarting of karaf.

 

Regards,

Harshit Kaushik

 

From: Kaushik, Harshit (EXT - IN/Noida)
Sent: Tuesday, April 17, 2018 11:45 AM
To: 'Mohamed El-Serngawy' <m.elserngawy@...>
Cc: Ryan Goulding <ryandgoulding@...>; Hrudaykumar H <hrudaykumar.h@...>; wdec@...; aaa-dev@...; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>
Subject: RE: [Aaa-dev] Configuring OpenLdap with ODL

 

Hi Mohamed/ Ryan,

 

Thanks for the help 😊.

Currently we are facing some issues with OpenLdap. After fixing this problem I will try the solutions provided by you.

 

Regards,

Harshit Kaushik

 

 

 

From: Mohamed El-Serngawy [mailto:m.elserngawy@...]
Sent: Thursday, April 12, 2018 6:33 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: Ryan Goulding <ryandgoulding@...>; Hrudaykumar H <hrudaykumar.h@...>; wdec@...; aaa-dev@...; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>
Subject: Re: [Aaa-dev] Configuring OpenLdap with ODL

 

Hi Kaushik,

 

You may need to specify the common name "cn" instead of "uid", so your shiro.ini could be looks like as below. 

 

ldapRealm.userDnTemplate = cn={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

 

BR

 

 

On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan,

Thanks for the reply.

Our exact inputs in shiro.ini is


ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm

ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net

ldapRealm.contextFactory.url = ldap://10.112.192.134:389

ldapRealm.searchBase = dc=matrix-intra,dc=net

 

and also added this line

securityManager.realms = $tokenAuthRealm, $ldapRealm

 

We know ODL Beryllium is very old, but any how we have to use this. Please help.

 

Regards,

Harshit Kaushik

 

From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...; wdec@...; aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL

 

Hi Harshit,

 

Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server?  By the way, ODL Beryllium is very old and has not been supported for quite some time.


Regards,

Ryan Goulding

 

On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:

Hi Ryan/Team,

 

I am trying to onfigure OpenLdap with ODL (Beryllium version).

 

I have done below changes in shiro.ini file

 

ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly

ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>

ldapRealm.contextFactory.url = ldap://<url>:389

 

But I am not able to login to ODL. I am getting below logs in karaf.

 

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm                   | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth

2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore                      | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ?  {1: 'sdn'}

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy                    | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd

2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore                    | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists

2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore                        | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid = ?  {1: 'matrix@sdn'}

2018-04-10 13:44:26,373 | INFO  | qtp501175937-730 | ODLJndiLdapRealm                 | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter                        | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix

2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener           | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>

 

 

Please help me out in this.

Regards,

Harshit Kaushik

 


_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev



 

--

Mohamed ElSerngawy

 

+1 438 993 2462