ldap multiple urls - Githubissues

plouarn commented 1 month ago

Issue submitter TODO list

[X] I've looked up my issue in FAQ
[X] I've searched for an already existing issues here
[X] I've tried running main-labeled docker image and the issue still persists there
[X] I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

when i give in conf ldap.urls with a list of ldap urls that doesn't work.

Expected behavior

must work with multiple urls else why put a "s" ;-)

Your installation details

App version: artifacts.kpn.org/provectuslabs/kafka-ui:latest

application.yml:

logging: level: root: INFO com.provectus: TRACE reactor.netty.http.server.AccessLog: INFO org.springframework.security: INFO

auth: type: LDAP

kafka: clusters:

properties: enable.idempotence: false ssl.endpoint.identification.algorithm: ""

spring: ldap: urls: "{{ ldaps }}" base: "uid={0},{{ldap_user_base_dn}}" admin-user: "{{ ldap_readonly_user }}" admin-password: "{{ ldap_password }}" user-filter-search-base: "{{ldap_user_base_dn}}" user-filter-search-filter: "(uid={0})" group-filter-search-base: "{{ ldap_group_base_dn }}"

rbac: roles:

- name: support
  clusters:
    - Default
  subjects:
    - provider: ldap
      type: group
      value: {{ ldap_group_names[1] }}

  permissions:
    - resource: APPLICATIONCONFIG
      actions: all

    - resource: CLUSTERCONFIG
      actions: all

    - resource: TOPIC
      value: ".*"
      actions: all

    - resource: CONSUMER
      value: ".*"
      actions: all

    - resource: SCHEMA
      value: ".*"
      actions: all

    - resource: CONNECT
      value: ".*"
      actions: all

    - resource: KSQL
      actions: all

    - resource: ACL
      actions: all

Steps to reproduce

put in application.yml spring: ldap: urls: "server1, server2"

Screenshots

No response

Logs

No response

Additional context

in https://github.com/kafbat/kafka-ui/blob/main/api/src/main/java/io/kafbat/ui/config/auth/LdapSecurityConfig.java

public LdapContextSource ldapContextSource() { LdapContextSource ctx = new LdapContextSource(); ctx.setUrl(props.getUrls()); ctx.setUserDn(props.getAdminUser()); ctx.setPassword(props.getAdminPassword()); ctx.afterPropertiesSet(); return ctx; }

we are setting "ctx.setUrl(props.getUrls());" but must be something like: var ldapurls =props.getUrls().split(','); if (ldapurls.length > 1) { ctx.setUrls(ldapurls); } else { ctx.setUrl(props.getUrls()); }

see https://docs.spring.io/spring-ldap/docs/1.3.x/apidocs/org/springframework/ldap/core/support/AbstractContextSource.html#setUrls(java.lang.String[])

github-actions[bot] commented 1 month ago

Hi plouarn! 👋

Welcome, and thank you for opening your first issue in the repo!

Please wait for triaging by our maintainers.

As development is carried out in our spare time, you can support us by sponsoring our activities or even funding the development of specific issues. Sponsorship link

If you plan to raise a PR for this issue, please take a look at our contributing guide.

Haarolean commented 1 month ago

@plouarn can you try supplying a space-separated list of URLs instead?

kapybro[bot] commented 1 month ago

Further user feedback is requested. Please reply within 7 days or we might close the issue.