search

marklogic / ml-gradle

Gradle plugin for automating everything involving MarkLogic
Other
72 stars 78 forks source link

mlDeploy failed due to LDAP validation error #653

Closed lifan0127 closed 1 year ago

lifan0127 commented 1 year ago

After upgrading to MarkLogic 11, we can no longer run mlDeploy through ml-gradle due to validation error for LDAP configuration. However, we use SAML instead of LDAP. (Here is our MarkLogic Support Ticket #35230)

Gradle output:

495 Sending JSON PUT request as user '[MASKED]' (who should have the 'manage-admin' and 'security' roles) to path: /manage/v2/external-security/my-okta-saml/properties
496 Logging HTTP response body to assist with debugging: {"errorResponse":{"statusCode":"500", "status":"Internal Server Error", "messageCode":"XDMP-VALIDATEMISSINGELT", "message":"XDMP-VALIDATEMISSINGELT: (err:XQDY0027) validate strict { $extsec } -- Missing required elements: Expected (sec:ldap-server-uri&sec:ldap-base&sec:ldap-attribute&sec:ldap-default-user&sec:ldap-password&sec:ldap-memberof-attribute?&sec:ldap-member-attribute?&sec:ldap-start-tls?&sec:ldap-certificate?&sec:ldap-private-key?&sec:ldap-nested-lookup?&sec:ldap-remove-domain?&sec:ldap-negative-cache-timeout?) at fn:doc(\"\")/sec:external-security/sec:ldap-server using schema \"security.xsd\""}}
497 Error occurred while sending PUT request to /manage/v2/external-security/my-okta-saml/properties; logging request body to assist with debugging: {
498  "external-security-name": "my-okta-saml",
499  "description": "",
500  "authentication": "saml",
501  "cache-timeout": 3000,
502  "authorization": "saml",
503  "saml-server": {
504    "saml-entity-id": "my-id",
505    "saml-attribute-name": [],
506    "saml-privilege-attribute-name": "",
507    "http-options": null,
508    "saml-destination": "",
509    "saml-issuer": "",
510    "saml-idp-certificate-authority": "<MASKED>",
511    "saml-sp-certificate": "",
512    "saml-sp-private-key": "",
513    "saml-assertion-host": ""
514  }
515}
516> Task :mlDeployApp FAILED
517 :mlDeployApp (Thread[Execution worker for ':',5,main]) completed. Took 15.134 secs.
518 FAILURE: Build failed with an exception.
519 * What went wrong:
520 Execution failed for task ':mlDeployApp'.
521 > 500 Internal Server Error: [{"errorResponse":{"statusCode":"500", "status":"Internal Server Error", "messageCode":"XDMP-VALIDATEMISSINGELT", "message":"XDMP-VALIDATEMISSINGELT: (err:XQDY0027) validate strict { $extsec } -- Missi... (613 bytes)]

MarkLogic log:

2023-03-01 22:15:34.222 Info: XDMP-VALIDATEMISSINGELT: (err:XQDY0027) validate strict { $extsec } -- Missing required elements: Expected (sec:ldap-server-uri&sec:ldap-base&sec:ldap-attribute&sec:ldap-default-user&sec:ldap-password&sec:ldap-memberof-attribute?&sec:ldap-member-attribute?&sec:ldap-start-tls?&sec:ldap-certificate?&sec:ldap-private-key?&sec:ldap-nested-lookup?&sec:ldap-remove-domain?&sec:ldap-negative-cache-timeout?) at fn:doc("")/sec:external-security/sec:ldap-server using schema "security.xsd"
2023-03-01 22:15:34.222 Info: 7947:2:/MarkLogic/security.xqy
rjrudin commented 1 year ago

Hi @lifan0127 - hold off on this for now, I'm on the support ticket too - we're looking into why this validation error is occuring. Per the docs at https://docs.marklogic.com/REST/PUT/manage/v2/external-security/[id-or-name]/properties , that endpoint should accept your SAML config.

We'll open a new ticket here if we do determine that ml-gradle needs to call a different endpoint.