Closed didip closed 9 months ago
Did you manage to fix this issue, I'm facing the same LDAP: error code 34 - Invalid DN, however I couldn't find what is wrong in the configuration. basedn, as well the users are reachable from ldapsearch.
druid.auth.authenticatorChain=["ldap"]
druid.auth.basic.ssl.trustStorePath=/usr/local/druid-path/certs/truststore.jks druid.auth.basic.ssl.protocol=tls druid.auth.basic.ssl.trustStorePassword=xxxxxx
druid.auth.authenticator.ldap.type=basic druid.auth.authenticator.ldap.enableCacheNotifications=true druid.auth.authenticator.ldap.credentialsValidator.type=ldap druid.auth.authenticator.ldap.credentialsValidator.url=ldaps://ldapurl.domain:636 druid.auth.authenticator.ldap.credentialsValidator.bindUser=xxxxx druid.auth.authenticator.ldap.credentialsValidator.bindPassword=xxxxxxxxxx druid.auth.authenticator.ldap.credentialsValidator.baseDn=dc=xxxx,dc=xxxxxx,dc=xxxxx druid.auth.authenticator.ldap.credentialsValidator.userSearch=(cn=%s) druid.auth.authenticator.ldap.credentialsValidator.userAttribute=cn druid.auth.authenticator.ldap.authorizerName=ldapauth
druid.escalator.type=basic druid.escalator.internalClientUsername=xxxxx druid.escalator.internalClientPassword=xxxxxxxx druid.escalator.authorizerName=ldapauth
druid.auth.authorizers=["ldapauth"] druid.auth.authorizer.ldapauth.type=basic druid.auth.authorizer.ldapauth.initialAdminUser=xxxx druid.auth.authorizer.ldapauth.initialAdminRole=admin druid.auth.authorizer.ldapauth.roleProvider.type=ldap
This issue has been marked as stale due to 280 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@druid.apache.org list. Thank you for your contributions.
This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.
Description
It is very difficult to debug LDAP errors because there's minimal logging. For example:
It is very hard to figure out which part of the DN that is bad.
It would be much better if Druid logs more LDAP errors.