Project

Profile

Help

Issue #2063

Trouble connecting to LDAP(Active Directory) Server Whole API Authentication

Added by Anonymous over 4 years ago. Updated 4 months ago.

Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
2.8.5
Platform Release:
OS:
RHEL 7
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

I am trying to configure apache ldap for pulp server but i get the following error.

2016-07-06 10:20:33,789 - ERROR - Client-side exception occurred
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/pulp/client/extensions/core.py", line 474, in run
    exit_code = Cli.run(self, args)
  File "/usr/lib/python2.7/site-packages/okaara/cli.py", line 974, in run
    exit_code = command_or_section.execute(self.prompt, remaining_args)
  File "/usr/lib/python2.7/site-packages/pulp/client/extensions/extensions.py", line 210, in execute
    return self.method(*arg_list, **clean_kwargs)
  File "/usr/lib/python2.7/site-packages/pulp/client/admin/admin_auth.py", line 49, in login
    result = self.context.server.actions.login(username, password).response_body
  File "/usr/lib/python2.7/site-packages/pulp/bindings/actions.py", line 20, in login
    return self.server.POST(path)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 100, in POST
    log_request_body=log_request_body, ignore_prefix=ignore_prefix)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 166, in _request
    self._handle_exceptions(response_code, response_body)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 202, in _handle_exceptions
    raise exceptions.ApacheServerException(response_body)
ApacheServerException
There was an internal server error while trying to access the Pulp application.
One possible cause is that the database needs to be migrated to the latest
version. If this is the case, run pulp-manage-db and restart the services. More
information may be found in Apache's log.

I re-run the migrations but did not work for me. I am using the basic example from the documentation site.

<Files webservices.wsgi>
    SetEnvIfNoCase ^Authorization$ "Basic.*" USE_APACHE_AUTH=1
    Order allow,deny
    Allow from env=!USE_APACHE_AUTH
    Satisfy Any

    # configure basic auth
    AuthType basic
    AuthBasicProvider ldap
    AuthName "Pulp"
    AuthLDAPURL "ldap://myactivedirectory.com?sAMAccountName"
    AuthLDAPBindDN "cn=validCN"
    AuthLDAPBindPassword "password"
    AuthLDAPRemoteUserAttribute sAMAccountName
    #AuthzLDAPAuthoritative On
    Require valid-user

    #WSGIPassAuthorization On
    #WSGIProcessGroup pulp
    #WSGIApplicationGroup pulp
    #SSLRenegBufferSize  1048576
    SSLRequireSSL
    SSLVerifyDepth 3
    SSLOptions +StdEnvVars +ExportCertData
    SSLVerifyClient optional
</Files>

History

#1 Updated by mhrivnak over 4 years ago

On the server side, please check the apache logs and system log for any error messages that might help us determine what went wrong, and add any relevant output to this issue.

Here is some documentation about specifically how to find pulp's log output: http://docs.pulpproject.org/user-guide/troubleshooting.html#logging

#2 Updated by Anonymous over 4 years ago

mhrivnak wrote:

On the server side, please check the apache logs and system log for any error messages that might help us determine what went wrong, and add any relevant output to this issue.

Here is some documentation about specifically how to find pulp's log output: http://docs.pulpproject.org/user-guide/troubleshooting.html#logging

Seems like the error might not be on the server. After enabling DEBUG i could not see anything on Apache or /var/log/messages ...

Is there a way to enable pulp-admin debugging?

#3 Updated by mhrivnak over 4 years ago

Try running "pulp-admin -vv" followed by the rest of your command. That should output some debug info about the request and response.

#4 Updated by Anonymous over 4 years ago

mhrivnak wrote:

Try running "pulp-admin -vv" followed by the rest of your command. That should output some debug info about the request and response.

I am not sure if the pulp.conf is correct though. My apache version is ...

apachectl -v
Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
Server built:   Mar 21 2016 02:33:00

and does not like #AuthzLDAPAuthoritative On

pulp-admin -vv login -u admin -p admin
2016-07-13 10:25:41,593 - DEBUG - sending POST request to /pulp/api/v2/actions/login/
2016-07-13 10:25:41,615 - INFO - POST request to /pulp/api/v2/actions/login/ with parameters None
2016-07-13 10:25:41,615 - INFO - Response status : 401 

2016-07-13 10:25:41,615 - INFO - Response body :
 "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>401 Unauthorized</title>\n</head><body>\n<h1>Unauthorized</h1>\n<p>This server could not verify that you\nare authorized to access the document\nrequested.  Either you supplied the wrong\ncredentials (e.g., bad password), or your\nbrowser doesn't understand how to supply\nthe credentials required.</p>\n</body></html>\n"

2016-07-13 10:25:41,615 - ERROR - Client-side exception occurred
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/pulp/client/extensions/core.py", line 474, in run
    exit_code = Cli.run(self, args)
  File "/usr/lib/python2.7/site-packages/okaara/cli.py", line 974, in run
    exit_code = command_or_section.execute(self.prompt, remaining_args)
  File "/usr/lib/python2.7/site-packages/pulp/client/extensions/extensions.py", line 210, in execute
    return self.method(*arg_list, **clean_kwargs)
  File "/usr/lib/python2.7/site-packages/pulp/client/admin/admin_auth.py", line 49, in login
    result = self.context.server.actions.login(username, password).response_body
  File "/usr/lib/python2.7/site-packages/pulp/bindings/actions.py", line 20, in login
    return self.server.POST(path)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 100, in POST
    log_request_body=log_request_body, ignore_prefix=ignore_prefix)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 166, in _request
    self._handle_exceptions(response_code, response_body)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 207, in _handle_exceptions
    raise code_class_mappings[response_code](response_body)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/exceptions.py", line 16, in __init__
    self.href = response_body.pop('_href', None)
AttributeError: 'str' object has no attribute 'pop'

#5 Updated by amacdona@redhat.com over 4 years ago

  • Status changed from NEW to CLOSED - NOTABUG

This seems like a setup problem so we are going to close. Please feel free to reopen if you believe this is a bug and have more info. We are on #pulp in freenode and you can get to our mailing list here: https://www.redhat.com/mailman/listinfo/pulp-list if you would like to get some help.

#6 Updated by Anonymous over 4 years ago

wrote:

This seems like a setup problem so we are going to close. Please feel free to reopen if you believe this is a bug and have more info. We are on #pulp in freenode and you can get to our mailing list here: https://www.redhat.com/mailman/listinfo/pulp-list if you would like to get some help.

Can you provide examples on LDAP Configuration with Active Directory?

#7 Updated by Anonymous over 4 years ago

lmayorga1980 wrote:

wrote:

This seems like a setup problem so we are going to close. Please feel free to reopen if you believe this is a bug and have more info. We are on #pulp in freenode and you can get to our mailing list here: https://www.redhat.com/mailman/listinfo/pulp-list if you would like to get some help.

Can you provide examples on LDAP Configuration with Active Directory?

If someone needs a working AD Pulp.Conf configuration.


<Files webservices.wsgi>
    SetEnvIfNoCase ^Authorization$ "Basic.*" USE_APACHE_AUTH=1
    Order allow,deny
    Allow from env=!USE_APACHE_AUTH
    Satisfy Any

    # configure basic auth
    AuthType basic
    AuthBasicProvider ldap
    AuthName "Pulp" 
    AuthLDAPURL "ldap://myactivedirectory.com:<port>?DC=xx,DC=yy,DC=zz?sAMAccountName" 
    AuthLDAPBindDN "cn=validCN" 
    AuthLDAPBindPassword "password" 
    LDAPReferrals off
    AuthLDAPRemoteUserAttribute sAMAccountName
    Require valid-user

    WSGIPassAuthorization On
    WSGIProcessGroup pulp
    WSGIApplicationGroup pulp
    SSLRenegBufferSize  1048576
    SSLRequireSSL
    SSLVerifyDepth 3
    SSLOptions +StdEnvVars +ExportCertData
    SSLVerifyClient optional
</Files>

#8 Updated by bmbouter over 1 year ago

  • Tags Pulp 2 added

#9 Updated by bmbouter 4 months ago

  • Category deleted (14)

We are removing the 'API' category per open floor discussion June 16, 2020.

Please register to edit this issue

Also available in: Atom PDF