Issue #2063
closed
Trouble connecting to LDAP(Active Directory) Server Whole API Authentication
Description
I am trying to configure apache ldap for pulp server but i get the following error.
2016-07-06 10:20:33,789 - ERROR - Client-side exception occurred
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/pulp/client/extensions/core.py", line 474, in run
exit_code = Cli.run(self, args)
File "/usr/lib/python2.7/site-packages/okaara/cli.py", line 974, in run
exit_code = command_or_section.execute(self.prompt, remaining_args)
File "/usr/lib/python2.7/site-packages/pulp/client/extensions/extensions.py", line 210, in execute
return self.method(*arg_list, **clean_kwargs)
File "/usr/lib/python2.7/site-packages/pulp/client/admin/admin_auth.py", line 49, in login
result = self.context.server.actions.login(username, password).response_body
File "/usr/lib/python2.7/site-packages/pulp/bindings/actions.py", line 20, in login
return self.server.POST(path)
File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 100, in POST
log_request_body=log_request_body, ignore_prefix=ignore_prefix)
File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 166, in _request
self._handle_exceptions(response_code, response_body)
File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 202, in _handle_exceptions
raise exceptions.ApacheServerException(response_body)
ApacheServerException
There was an internal server error while trying to access the Pulp application.
One possible cause is that the database needs to be migrated to the latest
version. If this is the case, run pulp-manage-db and restart the services. More
information may be found in Apache's log.
I re-run the migrations but did not work for me. I am using the basic example from the documentation site.
<Files webservices.wsgi>
SetEnvIfNoCase ^Authorization$ "Basic.*" USE_APACHE_AUTH=1
Order allow,deny
Allow from env=!USE_APACHE_AUTH
Satisfy Any
# configure basic auth
AuthType basic
AuthBasicProvider ldap
AuthName "Pulp"
AuthLDAPURL "ldap://myactivedirectory.com?sAMAccountName"
AuthLDAPBindDN "cn=validCN"
AuthLDAPBindPassword "password"
AuthLDAPRemoteUserAttribute sAMAccountName
#AuthzLDAPAuthoritative On
Require valid-user
#WSGIPassAuthorization On
#WSGIProcessGroup pulp
#WSGIApplicationGroup pulp
#SSLRenegBufferSize 1048576
SSLRequireSSL
SSLVerifyDepth 3
SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient optional
</Files>
Updated by mhrivnak over 7 years ago
On the server side, please check the apache logs and system log for any error messages that might help us determine what went wrong, and add any relevant output to this issue.
Here is some documentation about specifically how to find pulp's log output: http://docs.pulpproject.org/user-guide/troubleshooting.html#logging
Updated by Anonymous over 7 years ago
mhrivnak wrote:
On the server side, please check the apache logs and system log for any error messages that might help us determine what went wrong, and add any relevant output to this issue.
Here is some documentation about specifically how to find pulp's log output: http://docs.pulpproject.org/user-guide/troubleshooting.html#logging
Seems like the error might not be on the server. After enabling DEBUG i could not see anything on Apache or /var/log/messages ...
Is there a way to enable pulp-admin debugging?
Updated by mhrivnak over 7 years ago
Try running "pulp-admin -vv" followed by the rest of your command. That should output some debug info about the request and response.
Updated by Anonymous over 7 years ago
mhrivnak wrote:
Try running "pulp-admin -vv" followed by the rest of your command. That should output some debug info about the request and response.
I am not sure if the pulp.conf is correct though. My apache version is ...
apachectl -v
Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
Server built: Mar 21 2016 02:33:00
and does not like #AuthzLDAPAuthoritative On
pulp-admin -vv login -u admin -p admin
2016-07-13 10:25:41,593 - DEBUG - sending POST request to /pulp/api/v2/actions/login/
2016-07-13 10:25:41,615 - INFO - POST request to /pulp/api/v2/actions/login/ with parameters None
2016-07-13 10:25:41,615 - INFO - Response status : 401
2016-07-13 10:25:41,615 - INFO - Response body :
"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>401 Unauthorized</title>\n</head><body>\n<h1>Unauthorized</h1>\n<p>This server could not verify that you\nare authorized to access the document\nrequested. Either you supplied the wrong\ncredentials (e.g., bad password), or your\nbrowser doesn't understand how to supply\nthe credentials required.</p>\n</body></html>\n"
2016-07-13 10:25:41,615 - ERROR - Client-side exception occurred
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/pulp/client/extensions/core.py", line 474, in run
exit_code = Cli.run(self, args)
File "/usr/lib/python2.7/site-packages/okaara/cli.py", line 974, in run
exit_code = command_or_section.execute(self.prompt, remaining_args)
File "/usr/lib/python2.7/site-packages/pulp/client/extensions/extensions.py", line 210, in execute
return self.method(*arg_list, **clean_kwargs)
File "/usr/lib/python2.7/site-packages/pulp/client/admin/admin_auth.py", line 49, in login
result = self.context.server.actions.login(username, password).response_body
File "/usr/lib/python2.7/site-packages/pulp/bindings/actions.py", line 20, in login
return self.server.POST(path)
File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 100, in POST
log_request_body=log_request_body, ignore_prefix=ignore_prefix)
File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 166, in _request
self._handle_exceptions(response_code, response_body)
File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 207, in _handle_exceptions
raise code_class_mappings[response_code](response_body)
File "/usr/lib/python2.7/site-packages/pulp/bindings/exceptions.py", line 16, in __init__
self.href = response_body.pop('_href', None)
AttributeError: 'str' object has no attribute 'pop'
Updated by amacdona@redhat.com over 7 years ago
- Status changed from NEW to CLOSED - NOTABUG
This seems like a setup problem so we are going to close. Please feel free to reopen if you believe this is a bug and have more info. We are on #pulp in freenode and you can get to our mailing list here: https://www.redhat.com/mailman/listinfo/pulp-list if you would like to get some help.
Updated by Anonymous over 7 years ago
amacdona@redhat.com wrote:
This seems like a setup problem so we are going to close. Please feel free to reopen if you believe this is a bug and have more info. We are on #pulp in freenode and you can get to our mailing list here: https://www.redhat.com/mailman/listinfo/pulp-list if you would like to get some help.
Can you provide examples on LDAP Configuration with Active Directory?
Updated by Anonymous over 7 years ago
lmayorga1980 wrote:
amacdona@redhat.com wrote:
This seems like a setup problem so we are going to close. Please feel free to reopen if you believe this is a bug and have more info. We are on #pulp in freenode and you can get to our mailing list here: https://www.redhat.com/mailman/listinfo/pulp-list if you would like to get some help.
Can you provide examples on LDAP Configuration with Active Directory?
If someone needs a working AD Pulp.Conf configuration.
<Files webservices.wsgi>
SetEnvIfNoCase ^Authorization$ "Basic.*" USE_APACHE_AUTH=1
Order allow,deny
Allow from env=!USE_APACHE_AUTH
Satisfy Any
# configure basic auth
AuthType basic
AuthBasicProvider ldap
AuthName "Pulp"
AuthLDAPURL "ldap://myactivedirectory.com:<port>?DC=xx,DC=yy,DC=zz?sAMAccountName"
AuthLDAPBindDN "cn=validCN"
AuthLDAPBindPassword "password"
LDAPReferrals off
AuthLDAPRemoteUserAttribute sAMAccountName
Require valid-user
WSGIPassAuthorization On
WSGIProcessGroup pulp
WSGIApplicationGroup pulp
SSLRenegBufferSize 1048576
SSLRequireSSL
SSLVerifyDepth 3
SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient optional
</Files>
Updated by bmbouter over 3 years ago
- Category deleted (
14)
We are removing the 'API' category per open floor discussion June 16, 2020.
.