|
Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Hi Ryan/Team,
I am trying to onfigure OpenLdap with ODL (Beryllium version).
I have done below changes in shiro.ini file
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly
ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
ldapRealm.contextFactory.url = ldap://<url>:389
But I am not able to login to ODL. I am getting below logs in karaf.
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid
= ? {1: 'sdn'}
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid
= ? {1: 'matrix@sdn'}
2018-04-10 13:44:26,373 | INFO | qtp501175937-730 | ODLJndiLdapRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix
2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix
2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>
Please help me out in this.
Regards,
Harshit Kaushik
|
|
|
Ryan Goulding <ryandgoulding@...>
Hi Harshit,
Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server? By the way, ODL Beryllium is very old and has not been supported for quite some time.
On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:
Hi Ryan/Team,
I am trying to onfigure OpenLdap with ODL (Beryllium version).
I have done below changes in shiro.ini file
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly
ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
ldapRealm.contextFactory.url = ldap://<url>:389
But I am not able to login to ODL. I am getting below logs in karaf.
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | get domain
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table DOMAINS already exists
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep15: SELECT * FROM DOMAINS WHERE domainid
= ? {1: 'sdn'}
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4 | check user / pwd
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | getUsers for: matrix in domain sdn
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | Table USERS already exists
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4 | query string: prep17: SELECT * FROM USERS WHERE userid
= ? {1: 'matrix@sdn'}
2018-04-10 13:44:26,373 | INFO | qtp501175937-730 | ODLJndiLdapRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix
2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | AAA LDAP connection from matrix
2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4 | Unsuccessful authentication attempt by matrix from <URL>
Please help me out in this.
Regards,
Harshit Kaushik
|
|
|
Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Hi Ryan,
Thanks for the reply.
Our exact inputs in shiro.ini is
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net
ldapRealm.contextFactory.url = ldap://10.112.192.134:389
ldapRealm.searchBase = dc=matrix-intra,dc=net
and also added this line
securityManager.realms = $tokenAuthRealm, $ldapRealm
We know ODL Beryllium is very old, but any how we have to use this. Please help.
Regards,
Harshit Kaushik
From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...; wdec@...; aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL
Hi Harshit,
Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server? By the way, ODL Beryllium is very old and has not been supported for quite some time.
toggle quoted messageShow quoted text
On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) < harshit.kaushik.ext@...> wrote:
Hi Ryan/Team,
I am trying to onfigure OpenLdap with ODL (Beryllium version).
I have done below changes in shiro.ini file
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly
ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
ldapRealm.contextFactory.url = ldap://<url>:389
But I am not able to login to ODL. I am getting below logs in karaf.
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| get domain
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table DOMAINS already exists
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ? {1: 'sdn'}
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| check user / pwd
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| getUsers for: matrix in domain sdn
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table USERS already exists
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep17: SELECT * FROM USERS WHERE userid = ? {1: 'matrix@sdn'}
2018-04-10 13:44:26,373 | INFO | qtp501175937-730 | ODLJndiLdapRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Unsuccessful authentication attempt by matrix from <URL>
Please help me out in this.
Regards,
Harshit Kaushik
|
|
|
Ryan Goulding <ryandgoulding@...>
+aaa-dev; please keep the list in the loop.
One issue is that you are using ODLJndiLdapRealm without the "ldapRealm.attributeForComparison" set. I would start off with using the variant ODLJndiLdapRealmAuthNOnly to start, then as you figure out AuthN add in AuthZ later. If you don't define the attributeForComparison, things won't work.
On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:
Hi Ryan,
Thanks for the reply.
Our exact inputs in shiro.ini is
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net
ldapRealm.contextFactory.url = ldap://10.112.192.134:389
ldapRealm.searchBase = dc=matrix-intra,dc=net
and also added this line
securityManager.realms = $tokenAuthRealm, $ldapRealm
We know ODL Beryllium is very old, but any how we have to use this. Please help.
Regards,
Harshit Kaushik
From: Ryan Goulding [mailto:ryandgoulding@gmail.com]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...; wdec@...; aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@nokia.com>; Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL
Hi Harshit,
Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server? By the way, ODL Beryllium is very old and has not been supported for quite some time.
On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:
Hi Ryan/Team,
I am trying to onfigure OpenLdap with ODL (Beryllium version).
I have done below changes in shiro.ini file
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly
ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
ldapRealm.contextFactory.url = ldap://<url>:389
But I am not able to login to ODL. I am getting below logs in karaf.
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| get domain
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table DOMAINS already exists
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ? {1: 'sdn'}
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| check user / pwd
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| getUsers for: matrix in domain sdn
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table USERS already exists
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep17: SELECT * FROM USERS WHERE userid = ? {1: 'matrix@sdn'}
2018-04-10 13:44:26,373 | INFO | qtp501175937-730 | ODLJndiLdapRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Unsuccessful authentication attempt by matrix from <URL>
Please help me out in this.
Regards,
Harshit Kaushik
|
|
|
Hi Kaushik,
You may need to specify the common name "cn" instead of "uid", so your shiro.ini could be looks like as below.
ldapRealm.userDnTemplate = cn={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
BR
On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:
Hi Ryan,
Thanks for the reply.
Our exact inputs in shiro.ini is
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net
ldapRealm.contextFactory.url = ldap://10.112.192.134:389
ldapRealm.searchBase = dc=matrix-intra,dc=net
and also added this line
securityManager.realms = $tokenAuthRealm, $ldapRealm
We know ODL Beryllium is very old, but any how we have to use this. Please help.
Regards,
Harshit Kaushik
From: Ryan Goulding [mailto:ryandgoulding@gmail.com]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...; wdec@...; aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@nokia.com>; Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL
Hi Harshit,
Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server? By the way, ODL Beryllium is very old and has not been supported for quite some time.
On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:
Hi Ryan/Team,
I am trying to onfigure OpenLdap with ODL (Beryllium version).
I have done below changes in shiro.ini file
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly
ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
ldapRealm.contextFactory.url = ldap://<url>:389
But I am not able to login to ODL. I am getting below logs in karaf.
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| get domain
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table DOMAINS already exists
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ? {1: 'sdn'}
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| check user / pwd
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| getUsers for: matrix in domain sdn
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table USERS already exists
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep17: SELECT * FROM USERS WHERE userid = ? {1: 'matrix@sdn'}
2018-04-10 13:44:26,373 | INFO | qtp501175937-730 | ODLJndiLdapRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Unsuccessful authentication attempt by matrix from <URL>
Please help me out in this.
Regards,
Harshit Kaushik
_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev
-- Mohamed ElSerngawy
+1 438 993 2462
|
|
|
Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Hi Mohamed/ Ryan,
Thanks for the help
😊.
Currently we are facing some issues with OpenLdap. After fixing this problem I will try the solutions provided by you.
Regards,
Harshit Kaushik
From: Mohamed El-Serngawy [mailto:m.elserngawy@...]
Sent: Thursday, April 12, 2018 6:33 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: Ryan Goulding <ryandgoulding@...>; Hrudaykumar H <hrudaykumar.h@...>; wdec@...; aaa-dev@...; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>
Subject: Re: [Aaa-dev] Configuring OpenLdap with ODL
Hi Kaushik,
You may need to specify the common name "cn" instead of "uid", so your shiro.ini could be looks like as below.
ldapRealm.userDnTemplate = cn={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
toggle quoted messageShow quoted text
On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) < harshit.kaushik.ext@...> wrote:
Hi Ryan,
Thanks for the reply.
Our exact inputs in shiro.ini is
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net
ldapRealm.contextFactory.url = ldap://10.112.192.134:389
ldapRealm.searchBase = dc=matrix-intra,dc=net
and also added this line
securityManager.realms = $tokenAuthRealm, $ldapRealm
We know ODL Beryllium is very old, but any how we have to use this. Please help.
Regards,
Harshit Kaushik
From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...;
wdec@...;
aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>;
Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL
Hi Harshit,
Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server? By the way, ODL Beryllium is very old and has not been supported
for quite some time.
On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:
Hi Ryan/Team,
I am trying to onfigure OpenLdap with ODL (Beryllium version).
I have done below changes in shiro.ini file
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly
ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
ldapRealm.contextFactory.url = ldap://<url>:389
But I am not able to login to ODL. I am getting below logs in karaf.
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| get domain
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table DOMAINS already exists
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ? {1: 'sdn'}
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| check user / pwd
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| getUsers for: matrix in domain sdn
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table USERS already exists
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep17: SELECT * FROM USERS WHERE userid = ? {1: 'matrix@sdn'}
2018-04-10 13:44:26,373 | INFO | qtp501175937-730 | ODLJndiLdapRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Unsuccessful authentication attempt by matrix from <URL>
Please help me out in this.
Regards,
Harshit Kaushik
_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev
--
|
|
|
Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Hi Ryan/Team,
Thanks for the help. I have successfully integrated openldap with odl.
I have one concern, is it necessary to restart karaf after updating shiro.ini file. Because in my case odl is not allowing me to login through openldap after updating shiro.ini until and unless we
restart karaf.
Is there any procedure or way through which can skip the restarting of karaf.
Regards,
Harshit Kaushik
From: Kaushik, Harshit (EXT - IN/Noida)
Sent: Tuesday, April 17, 2018 11:45 AM
To: 'Mohamed El-Serngawy' <m.elserngawy@...>
Cc: Ryan Goulding <ryandgoulding@...>; Hrudaykumar H <hrudaykumar.h@...>; wdec@...; aaa-dev@...; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>
Subject: RE: [Aaa-dev] Configuring OpenLdap with ODL
Hi Mohamed/ Ryan,
Thanks for the help
😊.
Currently we are facing some issues with OpenLdap. After fixing this problem I will try the solutions provided by you.
Regards,
Harshit Kaushik
From: Mohamed El-Serngawy [mailto:m.elserngawy@...]
Sent: Thursday, April 12, 2018 6:33 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: Ryan Goulding <ryandgoulding@...>; Hrudaykumar H <hrudaykumar.h@...>;
wdec@...;
aaa-dev@...; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>
Subject: Re: [Aaa-dev] Configuring OpenLdap with ODL
Hi Kaushik,
You may need to specify the common name "cn" instead of "uid", so your shiro.ini could be looks like as below.
ldapRealm.userDnTemplate = cn={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
toggle quoted messageShow quoted text
On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) < harshit.kaushik.ext@...> wrote:
Hi Ryan,
Thanks for the reply.
Our exact inputs in shiro.ini is
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net
ldapRealm.contextFactory.url = ldap://10.112.192.134:389
ldapRealm.searchBase = dc=matrix-intra,dc=net
and also added this line
securityManager.realms = $tokenAuthRealm, $ldapRealm
We know ODL Beryllium is very old, but any how we have to use this. Please help.
Regards,
Harshit Kaushik
From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...;
wdec@...;
aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>;
Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL
Hi Harshit,
Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server? By the way, ODL Beryllium is very old and has not been supported
for quite some time.
On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:
Hi Ryan/Team,
I am trying to onfigure OpenLdap with ODL (Beryllium version).
I have done below changes in shiro.ini file
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly
ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
ldapRealm.contextFactory.url = ldap://<url>:389
But I am not able to login to ODL. I am getting below logs in karaf.
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| get domain
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table DOMAINS already exists
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ? {1: 'sdn'}
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| check user / pwd
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| getUsers for: matrix in domain sdn
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table USERS already exists
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep17: SELECT * FROM USERS WHERE userid = ? {1: 'matrix@sdn'}
2018-04-10 13:44:26,373 | INFO | qtp501175937-730 | ODLJndiLdapRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Unsuccessful authentication attempt by matrix from <URL>
Please help me out in this.
Regards,
Harshit Kaushik
_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev
--
|
|
|
Ryan Goulding <ryandgoulding@...>
No, ODL must be restarted.
On Apr 19, 2018, at 5:22 AM, Kaushik, Harshit (EXT - IN/Noida) < harshit.kaushik.ext@...> wrote:
Hi Ryan/Team,
Thanks for the help. I have successfully integrated openldap with odl.
I have one concern, is it necessary to restart karaf after updating shiro.ini file. Because in my case odl is not allowing me to login through openldap after updating shiro.ini until and unless we
restart karaf.
Is there any procedure or way through which can skip the restarting of karaf.
Regards,
Harshit Kaushik
Hi Mohamed/ Ryan,
Thanks for the help
😊.
Currently we are facing some issues with OpenLdap. After fixing this problem I will try the solutions provided by you.
Regards,
Harshit Kaushik
From: Mohamed El-Serngawy [mailto:m.elserngawy@...]
Sent: Thursday, April 12, 2018 6:33 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: Ryan Goulding <ryandgoulding@...>; Hrudaykumar H <hrudaykumar.h@...>;
wdec@...;
aaa-dev@...; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>
Subject: Re: [Aaa-dev] Configuring OpenLdap with ODL
Hi Kaushik,
You may need to specify the common name "cn" instead of "uid", so your shiro.ini could be looks like as below.
ldapRealm.userDnTemplate = cn={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
On Thu, Apr 12, 2018 at 2:25 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:
Hi Ryan,
Thanks for the reply.
Our exact inputs in shiro.ini is
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=people,dc=matrix-intra,dc=net
ldapRealm.contextFactory.url = ldap://10.112.192.134:389
ldapRealm.searchBase = dc=matrix-intra,dc=net
and also added this line
securityManager.realms = $tokenAuthRealm, $ldapRealm
We know ODL Beryllium is very old, but any how we have to use this. Please help.
Regards,
Harshit Kaushik
From: Ryan Goulding [mailto:ryandgoulding@...]
Sent: Wednesday, April 11, 2018 11:09 PM
To: Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...>
Cc: saichler@...;
wdec@...;
aaa-dev@...; Kapoor, Sumit 3. (EXT - IN/Noida) <sumit.3.kapoor.ext@...>; Mohammed, Mehboobkhan (EXT - IN) <mehboobkhan.mohammed.ext@...>;
Hrudaykumar H <hrudaykumar.h@...>
Subject: Re: Configuring OpenLdap with ODL
Hi Harshit,
Did you replace the values in shiro.ini between square brackets <> with the appropriate values for your LDAP server? By the way, ODL Beryllium is very old and has not been supported
for quite some time.
On Tue, Apr 10, 2018 at 7:05 AM, Kaushik, Harshit (EXT - IN/Noida) <harshit.kaushik.ext@...> wrote:
Hi Ryan/Team,
I am trying to onfigure OpenLdap with ODL (Beryllium version).
I have done below changes in shiro.ini file
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly
ldapRealm.userDnTemplate = uid={0},ou=people,dc=<my-Domain>,dc=<my-TLD>
ldapRealm.contextFactory.url = ldap://<url>:389
But I am not able to login to ODL. I am getting below logs in karaf.
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | TokenAuthRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
2018-04-10 13:44:26,360 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| get domain
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table DOMAINS already exists
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | DomainStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep15: SELECT * FROM DOMAINS WHERE domainid = ? {1: 'sdn'}
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | IdmLightProxy | 222 - org.opendaylight.aaa.idmlight - 0.3.4.Beryllium-SR4
| check user / pwd
2018-04-10 13:44:26,367 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| getUsers for: matrix in domain sdn
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | AbstractStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| Table USERS already exists
2018-04-10 13:44:26,372 | DEBUG | qtp501175937-730 | UserStore | 221 - org.opendaylight.aaa.h2-store - 0.3.4.Beryllium-SR4
| query string: prep17: SELECT * FROM USERS WHERE userid = ? {1: 'matrix@sdn'}
2018-04-10 13:44:26,373 | INFO | qtp501175937-730 | ODLJndiLdapRealm | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,373 | DEBUG | qtp501175937-730 | Accounter | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| AAA LDAP connection from matrix
2018-04-10 13:44:26,376 | DEBUG | qtp501175937-730 | AuthenticationListener | 211 - org.opendaylight.aaa.shiro - 0.3.4.Beryllium-SR4
| Unsuccessful authentication attempt by matrix from <URL>
Please help me out in this.
Regards,
Harshit Kaushik
_______________________________________________
aaa-dev mailing list
aaa-dev@...
https://lists.opendaylight.org/mailman/listinfo/aaa-dev
--
|
|
|
