search

apache / cloudstack

Apache CloudStack is an opensource Infrastructure as a Service (IaaS) cloud computing platform
https://cloudstack.apache.org/
Apache License 2.0
2.05k stars 1.1k forks source link

LDAP API Error "does not contain a URL" java.naming.provider.url property does not contain a URL #8336

Open tamoorahmedntu opened 10 months ago

tamoorahmedntu commented 10 months ago
ISSUE TYPE
COMPONENT NAME
Management server, API
CLOUDSTACK VERSION
18.01
CONFIGURATION

Advanced networking, LDAP integration

OS / ENVIRONMENT

Ubuntu 22

SUMMARY

running code under API get error message 

searchLdap query="username"
STEPS TO REPRODUCE
searchLdap query="username"
EXPECTED RESULTS

return search query information

ACTUAL RESULTS
2023-12-08 16:26:19,911 DEBUG [o.a.c.a.StaticRoleBasedAPIAccessChecker] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) RoleService is enabled. We will use it instead of StaticRoleBasedAPIAccessChecker.
2023-12-08 16:26:19,912 DEBUG [o.a.c.r.ApiRateLimitServiceImpl] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) API rate limiting is disabled. We will not use ApiRateLimitService.
2023-12-08 16:26:19,919 DEBUG [o.a.c.l.LdapContextFactory] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) initializing ldap with provider url: 
2023-12-08 16:26:19,919 DEBUG [o.a.c.l.LdapManagerImpl] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) ldap Exception: 
javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL
        at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:110)
        at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
        at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
        at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
        at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
        at org.apache.cloudstack.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:62)
        at org.apache.cloudstack.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:51)
        at org.apache.cloudstack.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:45)
        at org.apache.cloudstack.ldap.LdapManagerImpl.searchUsers(LdapManagerImpl.java:359)
        at org.apache.cloudstack.api.command.LdapUserSearchCmd.execute(LdapUserSearchCmd.java:76)
        at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163)
        at com.cloud.api.ApiServer.queueCommand(ApiServer.java:782)
        at com.cloud.api.ApiServer.handleRequest(ApiServer.java:603)
        at com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:347)
        at com.cloud.api.ApiServlet$1.run(ApiServlet.java:154)
        at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
        at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
        at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
        at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:151)
        at com.cloud.api.ApiServlet.doGet(ApiServlet.java:105)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
        at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1450)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:772)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
        at org.eclipse.jetty.server.Server.handle(Server.java:516)
        at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
        at java.base/java.lang.Thread.run(Thread.java:829)
2023-12-08 16:26:19,919 DEBUG [o.a.c.a.c.LdapUserSearchCmd] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) No users matching: username
2023-12-08 16:26:19,921 DEBUG [c.c.a.ApiServlet] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) ===END===  152.71.155.35 -- GET  command=searchLdap&query=username&response=json&sessionkey=fFIHT3UmAgiUVAxks-t25wAvJlE
2023-12-08 16:26:21,467 DEBUG [c.c.a.m.AgentManagerImpl] (AgentManager-Handler-3:null) (logid:) SeqA 21-89: Processing Seq 21-89:  { Cmd , MgmtId: -1, via: 21, Ver: v1, Flags: 11, [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"158","_loadInfo":"{
DaanHoogland commented 9 months ago

@tamoorahmedntu this is the exception you get when you have no ldap configured. It looks like you have an ommision in your ldap configured in cloudstack. Please check the values for 

"ldap.basedn"
"ldap.bind.principal"
"ldap.group.object"
"ldap.nested.groups.enable"
"ldap.provider"
"ldap.read.timeout"
"ldap.request.page.size"
"ldap.search.group.principle"
"ldap.user.object"
"user.authenticators.order"

and list your ldap configurations?

tamoorahmedntu commented 9 months ago

Hello, Thank you for this helpful information, please see below; This is the Config: Is this what you require or do you have an API which I can use

tamoorahmedntu commented 9 months ago

Capture ee

DaanHoogland commented 9 months ago

@tamoorahmedntu the ldap configuration you have configured is domain specific. If you add a configuration without domain, the search command should work.

NOTE the searchLdap API is only meant for manual import not for autoimport or autosync configurations.

tamoorahmedntu commented 9 months ago

@tamoorahmedntu the ldap configuration you have configured is domain specific. If you add a configuration without domain, the search command should work.

NOTE the searchLdap API is only meant for manual import not for autoimport or autosync configurations.

I'm really sorry but are you talking about the top pic or bottom ?

DaanHoogland commented 9 months ago

text would be easier ;) I am talking about the picture describing the ldap configurations , the top one.

DaanHoogland commented 9 months ago

that said, I will have to trust the basedn and bind principal as I cannot read those in the bottom picture. The error indicates nothing about that however. The global settings are global and only used as defaults for a domain as configured in the ldapconfiguration.

tamoorahmedntu commented 9 months ago

Unfortunately that still does not work maybe I'm doing something wrong. Configuration > LDAP configuration

host = my server name port = my port Domain = left alone

Is this correct?

DaanHoogland commented 9 months ago

yes that is correct. Does it give the same error?

tamoorahmedntu commented 9 months ago

yes that is correct. Does it give the same error?

yes 2024-01-03 09:49:39,411 DEBUG [o.a.c.l.LdapManagerImpl] (qtp989447607-19:ctx-541c510b ctx-e0ab4db8) (logid:a0cf2671) ldap Exception: javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:110) at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.apache.cloudstack.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:62) at org.apache.cloudstack.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:51) at org.apache.cloudstack.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:45) at org.apache.cloudstack.ldap.LdapManagerImpl.searchUsers(LdapManagerImpl.java:359) at org.apache.cloudstack.api.command.LdapUserSearchCmd.execute(LdapUserSearchCmd.java:76) at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163) at com.cloud.api.ApiServer.queueCommand(ApiServer.java:782) at com.cloud.api.ApiServer.handleRequest(ApiServer.java:603) at com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:347) at com.cloud.api.ApiServlet$1.run(ApiServlet.java:154) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52) at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:151) at com.cloud.api.ApiServlet.doGet(ApiServlet.java:105) at javax.servlet.http.HttpServlet.service(HttpServlet.java:645) at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1450) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:772) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:516) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) at java.base/java.lang.Thread.run(Thread.java:829) 2024-01-03 09:49:39,412 DEBUG [o.a.c.a.c.LdapUserSearchCmd] (qtp989447607-19:ctx-541c510b ctx-e0ab4db8) (logid:a0cf2671) No users matching: username

DaanHoogland commented 9 months ago

ok that will require some debugging than. No idea what else could be wrong.

DaanHoogland commented 9 months ago

can you import users?

tamoorahmedntu commented 9 months ago

can you import users?

to make sure I do it properly, could you confirm how to do this i would use importLdapUsers

DaanHoogland commented 9 months ago

yes, and also you can use the UI to import users, It would show available users from ldap if the configuration is correct.

tamoorahmedntu commented 9 months ago

yes, and also you can use the UI to import users, It would show available users from ldap if the configuration is correct.

i get the same error when doing through API but i don't see ldap button which should appear (to my knowledge )

JoaoJandre commented 9 months ago

It might be interesting to add this to 4.18.2

DaanHoogland commented 9 months ago

@JoaoJandre I am not sure if this is a bug or environmental yet. If it is a bug sure.

DaanHoogland commented 3 months ago

@tamoorahmedntu , I tried to reproduce using https://www.forumsys.com/2022/05/10/online-ldap-test-server/ as the ldapserver. my configuration seems to work:

image

my ldap configuration:

image

and connection:

image

The only thing I can think of next is that you don't use a standard port (3268) and cloudstack cannt handle that. Can you test with ports 389 and 636 to see if those work, please?

DaanHoogland commented 3 months ago

@tamoorahmedntu do you have any progress / furhter information?

tamoorahmedntu commented 3 months ago

Sorry for late reply. Unfortunately I can't Change port of Ldap, I was looking into other ways.

From: dahn @.> Sent: Friday, June 21, 2024 12:47:46 pm To: apache/cloudstack @.> Cc: Ahmed, Tamoor @.>; Mention @.> Subject: Re: [apache/cloudstack] LDAP API Error "does not contain a URL" java.naming.provider.url property does not contain a URL (Issue #8336)

@tamoorahmedntuhttps://github.com/tamoorahmedntu do you have any progress / furhter information?

— Reply to this email directly, view it on GitHubhttps://github.com/apache/cloudstack/issues/8336#issuecomment-2182598561, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANH2J2UXHRVXJAAKA5UNF4DZIQHF5AVCNFSM6AAAAABJIIH4LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBSGU4TQNJWGE. You are receiving this because you were mentioned.Message ID: @.***>

DISCLAIMER: This email is intended solely for the addressee. It may contain private and confidential information. If you are not the intended addressee, please take no action based on it nor show a copy to anyone. In this case, please reply to this email to highlight the error. Opinions and information in this email that do not relate to the official business of Nottingham Trent University shall be understood as neither given nor endorsed by the University. Nottingham Trent University has taken steps to ensure that this email and any attachments are virus-free, but we do advise that the recipient should check that the email and its attachments are actually virus free. This is in keeping with good computing practice.

DaanHoogland commented 3 months ago

@tamoorahmedntu you could run a test server against your LDAP and against https://www.forumsys.com/2022/05/10/online-ldap-test-server/ and see if there is a difference in results?