LDAP setup for CAIMITO

[muralikalyan]

How to configure LDAP in place of database authentication in caimito?

[ngasiproj]

Murali, Could you provide more info on the use case scenario. Is it one of the following 2: single_cloud_account_with_single_storage Simple setup with one pre-defined storage (AKA Container or Bucket). Access is determined by Caimito Access Control. This is ideal for end users or Content Delivery. This is the default setup.

cloud_accounts_for_administration_only This is a direct proxy or pass-through setup. Access is determined by authenticated Cloud accounts to the configured Storage server. This is ideal for using Caimito as an alternative to the Cloud dashboard for administration. The defaultdigest value must be set to PLAIN in the /usr/caimito/webapps/WEB-INF/shaft/server.properties file. And each Cloud User account info (Cloud user name and API key) must be added via the User Manager.

[muralikalyan]

hi,

In the simplest case of single_cloud_account_with_single_storage. The users are created with "user management" page to access the storage allotments in one container.(for example swift) Those users are created from tomcat configuration to the default database "derby" with /usr/caimito/conf/Catalina/localhost/ROOT.xml. As per the manual we can change the database(derby or postgres) here. but in place database how to configure the ldap server(in tomcat configuration) i tried the tomcat ldap thing but not properly working. thanks,

[ngasiproj]

Please download the latest build from here: http://cloud-drive.ngasi.com/s1/f1/caimito/public/caimito.zip Edit ./WEB-INF/jamun/server.json Do a search for ldap and edit accordingly: "defaultusertype":"ldap": Sets users authentication to a LDAP Server as apposed to the default Database Server login ("defaultusertype":"db"). NOTE in LDAP login settings, the caimitoadmin Superuser is authenticated against the Database server. NOTE: This version is not compatible with previous version.

[muralikalyan]

Hi, The URL(http://cloud-drive.ngasi.com/s1/f1/caimito/public/caimito.zip) is giving 404 error. i can able to download only github version(https://github.com/ngasiproj/caimito/archive/master.zip) but that is a previous version.

thanks,

[ngasiproj]

Apologies. Give it another try please.

[muralikalyan]

Hi, thanks for the new version.

with the new version(0.10) i am getting the following exception for startup.sh. with both ldap and database configuration.

root@ccad041:/usr/caimito/bin# ./startup.sh Using CATALINA_BASE: /usr/caimito Using CATALINA_HOME: /usr/caimito Using CATALINA_TMPDIR: /usr/caimito/temp Using JRE_HOME: /usr/caimito/jdk Using CLASSPATH: /usr/caimito/bin/bootstrap.jar:/usr/caimito/bin/tomcat-juli.jar 12 Mar, 2013 1:13:03 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/caimito/jdk/jre/lib/i386/client:/usr/caimito/jdk/jre/lib/i386:/usr/caimito/jdk/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib 12 Mar, 2013 1:13:03 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-bio-8619"] 12 Mar, 2013 1:13:03 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 600 ms 12 Mar, 2013 1:13:03 PM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina 12 Mar, 2013 1:13:03 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.27 12 Mar, 2013 1:13:03 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor /usr/caimito/conf/Catalina/localhost/ROOT.xml INIT Jamun ASYNC FILTER v.5-b01282013A java.lang.NumberFormatException: For input string: "" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48) at java.lang.Long.parseLong(Long.java:431) at java.lang.Long.(Long.java:678) at org.jamun.server.utils.JamunRestConfig.(JamunRestConfig.java:158) at org.jamun.JamunServer.(JamunServer.java:76) at org.jamun.JamunAsyncFilter.init(JamunAsyncFilter.java:106) at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:277) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:258) at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:382) at org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:103) at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4638) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5294) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:895) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:871) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:615) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:649) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1585) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) 12 Mar, 2013 1:13:04 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-bio-8619"] 12 Mar, 2013 1:13:04 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 1591 ms

for ldap i only changed the server.json. for original server.json also the exception is coming

[ngasiproj]

Apologies once again. Don't worry we will get it.

Add the following to ./WEB-INF/jamun/server.json "max.app.log.size":1000000, "max.serverobjs":5,

[muralikalyan]

Hi, thanks that error is gone. but while opening the ca/admin.html page its not displaying any. and giving the following exception at the server side while opening the admin page.

root@ccad041:/usr/caimito/bin# ./startup.sh Using CATALINA_BASE: /usr/caimito Using CATALINA_HOME: /usr/caimito Using CATALINA_TMPDIR: /usr/caimito/temp Using JRE_HOME: /usr/caimito/jdk Using CLASSPATH: /usr/caimito/bin/bootstrap.jar:/usr/caimito/bin/tomcat-juli.jar 13 Mar, 2013 12:25:07 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/caimito/jdk/jre/lib/i386/client:/usr/caimito/jdk/jre/lib/i386:/usr/caimito/jdk/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib 13 Mar, 2013 12:25:07 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-bio-80"] 13 Mar, 2013 12:25:07 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 590 ms 13 Mar, 2013 12:25:07 PM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina 13 Mar, 2013 12:25:07 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.27 13 Mar, 2013 12:25:07 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor /usr/caimito/conf/Catalina/localhost/ROOT.xml 13 Mar, 2013 12:25:43 PM org.apache.catalina.util.SessionIdGenerator createSecureRandom INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [35,872] milliseconds. INIT Jamun ASYNC FILTER v.5-b01282013A 13 Mar, 2013 12:25:44 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-bio-80"] 13 Mar, 2013 12:25:44 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 37500 ms Caimito Version 0.10.1 java.lang.NullPointerException at org.jamun.JamunAsyncFilter.performFilter(JamunAsyncFilter.java:247) at org.jamun.JamunAsyncFilter$1.run(JamunAsyncFilter.java:444) at org.apache.catalina.core.AsyncContextImpl$RunnableWrapper.run(AsyncContextImpl.java:474) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662)

[ngasiproj]

Please download and install the latest build from here: http://cloud-drive.ngasi.com/s1/f1/caimito/public/caimito.zip

[muralikalyan]

Thanks its working.

With anonymous bind only i am authenticating.(but finally getting 403 error when users trying to acces/mount the respective created directories with thier ldap credentials) With simple bind. where i need to put the bind user and password. in the server.json file no field is there to put the bind information (like ldap.bind or ldap.password).

[ngasiproj]

Glad to see we are making progress. Could you elaborate on what other additional LDAP option you would like to see (forgive my limited LDAP expertise). Below is the present JAVA code: Hashtable<String, String> env = new Hashtable<String, String>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, JamunRestConfig.getDefaultConfigValue(app,"ldap.url","ldap://ldap_server:389")); // env.put(Context.SECURITY_AUTHENTICATION, JamunRestConfig.getDefaultConfigValue(app,"ldap.authentication","simple")); env.put(Context.SECURITY_PRINCIPAL, JamunRestConfig.getDefaultConfigValue(app,"ldap.domain","domain") + "\" + user); //we have 2 \ because it's a escape char env.put(Context.SECURITY_CREDENTIALS, pass);

            // Create the initial context

            DirContext ctx = new InitialDirContext(env);
            boolean result = ctx != null;

[muralikalyan]

Hi, With my ldap configuration in server.json icant able to authenticate to my ldap server.

my configuration is like. "defaultusertype":"ldap", "ldap.url":"ldap://10.1.82.22:389", "ldap.authentication":"simple", "ldap.domain":"ou=People,o=ccad.in,dc=ccad,dc=in",

My dn, and other ldap configurations are correct and working good for other applications. Did you checked the code is working with your ldap setup. iam providing some extra attributes in case of apache ldap settings.

for example in a apache configuration the ldap settings are like that: <Location /nicvdi> AuthName "nicvdi" AuthType basic AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPUrl "ldap://10.1.82.22/dc=ccad,dc=in?uid" AuthLDAPBindDN "cn=Directory manager" AuthLDAPBindPassword "xxxxxxxx" require valid-user

at caimito server side iam getting these exception, probably because iam not giving the bind information at application configuration(in server.json).

javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:270) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720) at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:296) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.InitialContext.(InitialContext.java:197) at javax.naming.directory.InitialDirContext.(InitialDirContext.java:82) at org.jamun.server.auth.GenericUserMgr.ldapLogin(GenericUserMgr.java:246) at org.jamun.server.auth.GenericUserMgr.login(GenericUserMgr.java:285) at org.jamun.server.auth.UserMgr.login(UserMgr.java:315) at org.jamun.server.auth.UserMgr.getUser(UserMgr.java:156) at org.jamun.server.auth.UserMgr.getUser(UserMgr.java:146) at org.jamun.server.auth.UserMgr.auth(UserMgr.java:72) at org.jamun.server.objs.ServerObjsInterf.checkAccess(ServerObjsInterf.java:152) at org.jamun.server.objs.ServerObjsInterf.process(ServerObjsInterf.java:72) at org.jamun.server.rest.RestAPI.processReq(RestAPI.java:134) at org.jamun.server.rest.RestAPI.sendResp(RestAPI.java:117) at org.jamun.JamunAsyncFilter.performFilter(JamunAsyncFilter.java:316) at org.jamun.JamunAsyncFilter$1.run(JamunAsyncFilter.java:444) at org.apache.catalina.core.AsyncContextImpl$RunnableWrapper.run(AsyncContextImpl.java:474) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) org.jamun.server.auth.JamunAuthException: unable_to_authenticate at org.jamun.server.auth.GenericUserMgr.ldapLogin(GenericUserMgr.java:259) at org.jamun.server.auth.GenericUserMgr.login(GenericUserMgr.java:285) at org.jamun.server.auth.UserMgr.login(UserMgr.java:315) at org.jamun.server.auth.UserMgr.getUser(UserMgr.java:156) at org.jamun.server.auth.UserMgr.getUser(UserMgr.java:146) at org.jamun.server.auth.UserMgr.auth(UserMgr.java:72) at org.jamun.server.objs.ServerObjsInterf.checkAccess(ServerObjsInterf.java:152) at org.jamun.server.objs.ServerObjsInterf.process(ServerObjsInterf.java:72) at org.jamun.server.rest.RestAPI.processReq(RestAPI.java:134) at org.jamun.server.rest.RestAPI.sendResp(RestAPI.java:117) at org.jamun.JamunAsyncFilter.performFilter(JamunAsyncFilter.java:316) at org.jamun.JamunAsyncFilter$1.run(JamunAsyncFilter.java:444) at org.apache.catalina.core.AsyncContextImpl$RunnableWrapper.run(AsyncContextImpl.java:474) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662)

thanks for replying,

[muralikalyan]

Hi, the java code is complete for ldap configuration. but in configuration file(server.json) the parameters are missing(user and password for binding) so in my case for "simple" bind. i cant able to authenticate.

[ngasiproj]

I am assuming the each user will be login in via their own LDAP credentials. NOTE you still nead to add each user as your normally would via the Caimito console. It is also important for ANY existing DB be dropped or cleared out. So try the following steps: 1)stop caimito. 2)remove or rename caimito folder 3) Download latest caimito http://cloud-drive.ngasi.com/s1/f1/caimito/public/caimito.zip 4)set LDAP settings in jamun/server.json like so: "defaultusertype":"ldap", "ldap.url":"ldap://10.1.82.22:389", "ldap.authentication":"simple", "ldap.domain":"domain", 5)After starting caimito, add users and path privileges via the Caimito Web Interface: http://hostname:8619/ca/admin.html Enter any password when creating user.