search

fatmcgav / fatmcgav-glassfish

Rewritten Glassfish module to improve functionality and support.
http://github.com/fatmcgav/fatmcgav-glassfish
GNU General Public License v3.0
6 stars 31 forks source link

adding auth_realm with ldap doesn't work #47

Closed billjamzz closed 9 years ago

billjamzz commented 9 years ago

Debug: asadmin command = asadmin --port 8048 --user admin create-auth-realm --target server --classname com.sun.enterprise.security.auth.realm.ldap.LDAPRealm --proper ty search-filter=sAMAccountname\=\%s:search-bind-password=xxx:jaas-context=zumaRealm:base-dn=DC\=j2global,DC\=com:directory=ldap://example.com:389:g roup-search-filter=member\=%d:search-bind-dn=j2global\reporting.archive ZumaRealm2z Debug: exec command = su - glassfish -c "asadmin --port 8048 --user admin create-auth-realm --target server --classname com.sun.enterprise.security.auth.realm.ldap.LD APRealm --property search-filter=sAMAccountname\=\%s:search-bind-password=Vc0de123:jaas-context=zumaRealm:base-dn=DC\=j2global,DC\=com:directory=ldap://example.com:389:group-search-filter=member\=%d:search-bind-dn=j2global\reporting.archive ZumaRealm2z" remote failure: Invalid property syntax, "=" in value: search-filter=sAMAccountname=%s Invalid property syntax, "=" in value: search-filter=sAMAccountname=%s Usage: create-auth-realm --classname=classname [--property=property] [--target=server] authrealmname Error: Command create-auth-realm failed.

Error: /Stage[main]/Billapp_class::Zuma/Authrealm[ZumaRealm2z]/ensure: change from absent to present failed: Command create-auth-realm failed.

same command run at command line works fine.

[glassfish@billappvm02 test ~]$ asadmin --port 8048 --user admin create-auth-realm --target server --classname com.sun.enterprise.security.auth.realm.ldap.LDAPRealm --property "search-filter=sAMAccountname\=\%s:search-bind-password=xxx:jaas-context=zumaRealm:base-dn=DC\=j2global,DC\=com:directory=ldap://example.com:389:group-search-filter=member\=%d:search-bind-dn=j2global\reporting.archive" ZumaRealm2d Command create-auth-realm executed successfully.

It seems like its not honoring the --classname when run through puppet.

Manifest:

        authrealm { 'ZumaRealm2z':
                ensure  => present,
                portbase  => '8000',
                asadminuser    => 'admin',
                user           => 'glassfish',
                #classname => 'com.j2.core.zuma.security.ZumaRealm',
                classname => 'com.sun.enterprise.security.auth.realm.ldap.LDAPRealm',
                properties => "search-filter=sAMAccountname\\=\%s:search-bind-password=$billing_ad_user_pw:jaas-context=zumaRealm:base-dn=DC\\=j2global,DC\\=com:direc
tory=ldap\://example.com\:389:group-search-filter=member\\=%d:search-bind-dn=j2global\\$billing_ad_user",

        }

tried various levels of '\' too.

fatmcgav commented 9 years ago

Cheers for logging...

The only real difference I can see between the 2 asadmin commands is that the working one is double quoted...

I'll try and get a look at that this weekend... As I've definitely created auth realms successfully before... Albeit not as complex as yours :)

fatmcgav commented 9 years ago

@billjamzz I managed to get this working with the code as is, by changing the 'properties' value from a string to a hash, like so:

        authrealm { 'ZumaRealm2z':
                ensure  => present,
                portbase  => '8000',
                asadminuser    => 'admin',
                user           => 'vagrant',
                #classname => 'com.j2.core.zuma.security.ZumaRealm',
                classname => 'com.sun.enterprise.security.auth.realm.ldap.LDAPRealm',
                #properties => "search-filter=sAMAccountname\=%s:search-bind-password=password:jaas-context=zumaRealm:base-dn=DC\=j2global,DC\=com:directory=ldap\://example.com\:389:group-search-filter=member\=%d:search-bind-dn=j2global\password",
                properties => {
                        'search-filter' => 'sAMAccountname=%s',
                        'search-bind-password' => 'password',
                        'jaas-context' => 'zumaRealm',
                        'base-dn' => 'DC=j2global,DC=com',
                        'directory' => 'ldap://example.com:389',
                        'group-search-filter' => 'member=%d',
                        'search-bind-dn' => 'j2global\password'
                }

So this is probably a documentation issue rather than a functionality one :)

Let me know if the above works for you...

Cheers Gavin

billjamzz commented 9 years ago

that worked, thank you!

fatmcgav commented 9 years ago

Cool, cheers for confirming. I'll try and get the docs updated to better explain the options...

Closes #47 On 10 Mar 2015 17:55, "billjamzz" notifications@github.com wrote:

that worked, thank you!

— Reply to this email directly or view it on GitHub https://github.com/fatmcgav/fatmcgav-glassfish/issues/47#issuecomment-78109919 .