This group is locked. No changes can be made to the group while it is locked.
Date
1 - 8 of 8
How do I enable aaa-authn-model
|
Harinath Mallepally <hari@...>
Hi, I am building custom authorization for the RPC methods, I realized that I do not find the data in mdsal http://{{host}}:8181/restconf/config/aaa-authn-model:authentication returns { "errors": { "error": [ { "error-type": "application", "error-tag": "data-missing", "error-message": "Request could not be completed because the relevant data model content does not exist " } ] } } where as http://{{host}}:8181/auth/v1/users gives me users list. I need to access the user data through MDSAL so as I can validate user id (while granting permissions in my custom model). Can you please suggest? Thanks Hari |
|
|
|
Harinath Mallepally <hari@...>
I think the right question may be ,how do I enable mdsal for aaa. release notes for boron says: "This release of AAA includes experimental support for having the database of users and credentials stored in the cluster-aware MD-SAL datastore" On Sat, Mar 25, 2017 at 4:15 PM, Harinath Mallepally <hari@...> wrote:
|
|
|
|
Mohamed ElSerngawy <melserngawy@...>
Hi Harinath, It's not recommended to use MD-SAL, In fact it is not possible for the current AAA data store implementation. However, you can still retrieve the user identity info from H2 database (default datastore for AAA). check the IIDMStore class at aaa-authn-api bundle [0] and aaa-h2-store bundle [1]. hope this can help. Thanks On Sat, Mar 25, 2017 at 7:56 PM, Harinath Mallepally <hari@...> wrote:
|
|
|
|
Harinath Mallepally <hari@...>
Thanks Mohamed for the response. This means there is no support for clustering yet. Is this correct? thanks hari On Mar 27, 2017, at 6:14 AM, Mohamed ElSerngawy <melserngawy@...> wrote:
|
|
|
|
Mohamed ElSerngawy <melserngawy@...>
well, yes we can say there no support for clustering now. It is work in progress. On Mon, Mar 27, 2017 at 9:21 AM, Harinath Mallepally <hari@...> wrote:
|
|
|
|
Srini Seetharaman
Hi Mohamed I seem to be able to get it working fine by uninstalling odl-aaa-authn and instead installing feature odl-aaa-authn-mdsal-cluster. After doing that, querying MD-SAL config store of any of the instance http://controller2:8181/restconf/config/aaa-authn-model:authentication/user/user@sdn gives me the following. Anytime I add a domain + role + user to one instance, it shows up fine in the other instances of the cluster. { "user": { "userid": "user@sdn", "name": "user", "password": "oXxF3vrxmngC2fxcEaSvtA0DxwrZmLXHJtGx2vtVVy4=", "enabled": "true", "description": "user user", "domainid": "sdn", "salt": "TRBHJGWXCTMH" } } On Mon, Mar 27, 2017 at 6:47 AM, Mohamed ElSerngawy <melserngawy@...> wrote:
|
|
|
|
Mohamed ElSerngawy <melserngawy@...>
Hi Srini, Which ODL release you use ? anyway uninstall ODL features is not supported and it cause issues. In karaf4 upgrade there are enhancement at ODL for this issue but I believe it is still work in progress. Check the discussion at [0]. If you are using master, the aaa-mdsal bundle is working fine but the issue is you will need to replace the odl-aaa-authn feature encapsulated under odl-aaa-shiro feature with odl-aaa-mdsal-cluster feature. Then build everything it will work. Thanks On Mon, Mar 27, 2017 at 2:20 PM, Srini Seetharaman <srini.seetharaman@...> wrote:
|
|
|
|
Srini Seetharaman
Hi Mohamed - I'm using Boron. I did switch to using a custom odl-aaa-shiro feature with odl-aaa-authn-mdsal-cluster replacing the odl-aaa-authn. On Mon, Mar 27, 2017 at 11:35 AM, Mohamed ElSerngawy <melserngawy@...> wrote:
|
|
|