search

tchiotludo / akhq

Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more...
https://akhq.io/
Apache License 2.0
3.41k stars 659 forks source link

connection problem to ldap #559

Closed thedje closed 3 years ago

thedje commented 3 years ago

Hello, I instantiate via docker an image of akhq that I want to connect to our LDAP. For the moment, it doesn't work and I would like to know why. I read in an issue that there was the possibility of modifying the log level on io.micronaut.configuration.security.ldap. My question: how should I proceed?

tchiotludo commented 3 years ago

From micronaut docs : https://docs.micronaut.io/latest/guide/index.html

Controlling Log Levels with Properties Log levels can be configured via properties defined in application.yml (and environment variables) with the log.level prefix:

logger:
    levels:
        foo.bar: ERROR

Also from readme:

Debuging ldap connection can be done with

curl -i -X POST -H "Content-Type: application/json" \
       -d '{ "configuredLevel": "TRACE" }' \
       http://localhost:8080/loggers/io.micronaut.configuration.security
thedje commented 3 years ago

below my conf file(I think it is not coded correctly) : 

micronaut:
  security:
    enabled: true
    # LDAP configuration
    ldap:
      default:
        enabled: true
        context:
          server: 'ldaps://xxx:63'
          managerDn: 'xxxxx'
          managerPassword: 'xxxx'
        search:
          base: "OU=Standards,OU=........."
        groups:
          enabled: true
          base: "dc=example,dc=com"
  server:
    port: 8081
  logger:
    levels:
        io.micronaut.configuration.security.ldap: DEBUG

akhq:
  connections:
    my-cluster-ssl:
      properties:
        bootstrap.servers: "xxxxx:19092"
        security.protocol: SSL
        ssl.truststore.location: /etc/kafka/secrets/truststore.jks
        ssl.truststore.password: xxxxx
        ssl.keystore.location: /etc/kafka/secrets/xxx.jks
        ssl.keystore.password: xxxxx
  security:
    default-group: admin # Default groups for all the user even unlogged user
    # Groups definition
    groups:
      admin: # unique key
        name: admin # Group name
        roles:  # roles for the group
          - topic/read
          - topic/insert
          - topic/delete
          - topic/config/update
          - node/read
          - node/config/update
          - topic/data/read
          - topic/data/insert
          - topic/data/delete
          - group/read
          - group/delete
          - group/offsets/update
          - registry/read
          - registry/insert
          - registry/update
          - registry/delete
          - registry/version/delete
          - acls/read
          - connect/read
          - connect/insert
          - connect/update
          - connect/delete
          - connect/state/update
tchiotludo commented 3 years ago

indent please your yaml, it's unreadable :sweat_smile:

thedje commented 3 years ago

sorry, I just re-edited my previous post

tchiotludo commented 3 years ago

Logger is at root and not under micronaut

thedje commented 3 years ago

So I put the logger as root in the file :

logger:
  levels:
    io.micronaut.configuration.security.ldap: DEBUG

micronaut:
  security:
    enabled: true

I checked the correct level of trace via the API :

{"configuredLevel":"NOT_SPECIFIED","effectiveLevel":"INFO"},"io.micronaut.configuration.security.ldap":
{"configuredLevel":"DEBUG","effectiveLevel":"DEBUG"},"io.micronaut.configuration.security.ldap.LdapAuthenticationProvider":
{"configuredLevel":"NOT_SPECIFIED","effectiveLevel":"DEBUG"},"io.micronaut.configuration.security.ldap.context":
{"configuredLevel":"NOT_SPECIFIED","effectiveLevel":"DEBUG"},"io.micronaut.configuration.security.ldap.context.DefaultContextBuilder":
{"configuredLevel":"NOT_SPECIFIED","effectiveLevel":"DEBUG"},"io.micronaut.configuration.security.ldap.group":
{"configuredLevel":"NOT_SPECIFIED","effectiveLevel":"DEBUG"},"io.micronaut.configuration.security.ldap.group.DefaultLdapGroupProcessor":
{"configuredLevel":"NOT_SPECIFIED","effectiveLevel":"DEBUG"},"io.micronaut.context":

but, when I restart the container and I log in, I find the page without logging : image

and I have nothing in the logs: 

akhq    | 2021-01-12 13:46:39,260 INFO  main       i.m.runtime.Micronaut      Startup completed in 2190ms. Server Running: http://sl101999:8081
akhq    | 2021-01-12 13:46:49,194 INFO  pGroup-1-2 org.akhq.log.access        [Date: 2021-01-12T13:46:49.182454Z] [Duration: 15 ms] [Url: GET /ui/login] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,372 INFO  pGroup-1-2 org.akhq.log.access        [Date: 2021-01-12T13:46:49.371835Z] [Duration: 0 ms] [Url: GET /ui/static/css/main.391157bf.chunk.css] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,412 INFO  pGroup-1-3 org.akhq.log.access        [Date: 2021-01-12T13:46:49.411789Z] [Duration: 0 ms] [Url: GET /ui/static/css/2.7caccc14.chunk.css] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,434 INFO  pGroup-1-4 org.akhq.log.access        [Date: 2021-01-12T13:46:49.434138Z] [Duration: 0 ms] [Url: GET /ui/static/js/main.2631d833.chunk.js] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,496 INFO  pGroup-1-5 org.akhq.log.access        [Date: 2021-01-12T13:46:49.496249Z] [Duration: 0 ms] [Url: GET /ui/static/js/2.62ae1d40.chunk.js] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,741 INFO  pGroup-1-2 org.akhq.log.access        [Date: 2021-01-12T13:46:49.7411Z] [Duration: 0 ms] [Url: GET /ui/static/media/icon.648ce9c8.svg] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,815 INFO  pGroup-1-4 org.akhq.log.access        [Date: 2021-01-12T13:46:49.815521Z] [Duration: 0 ms] [Url: GET /ui/favicon.ico] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,819 INFO  1-thread-2 org.akhq.log.access        [Date: 2021-01-12T13:46:49.772892Z] [Duration: 46 ms] [Url: GET /api/me] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,884 INFO  1-thread-2 org.akhq.log.access        [Date: 2021-01-12T13:46:49.882902Z] [Duration: 0 ms] [Url: GET /api/cluster] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,909 INFO  1-thread-2 org.akhq.log.access        [Date: 2021-01-12T13:46:49.908907Z] [Duration: 0 ms] [Url: GET /api/cluster] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,953 INFO  pGroup-1-3 org.akhq.log.access        [Date: 2021-01-12T13:46:49.95291Z] [Duration: 0 ms] [Url: GET /ui/static/media/logo.45903e1f.svg] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,961 INFO  1-thread-2 org.akhq.log.access        [Date: 2021-01-12T13:46:49.961018Z] [Duration: 0 ms] [Url: GET /api/auths] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]
akhq    | 2021-01-12 13:46:49,988 INFO  pGroup-1-5 org.akhq.log.access        [Date: 2021-01-12T13:46:49.987725Z] [Duration: 0 ms] [Url: GET /ui/static/media/fontawesome-webfont.af7ae505.woff2] [Status: 200] [Ip: /172.20.0.193] [User: Anonymous]

I launched the following command without success :

[root@sl101999 akhq]# curl -i -X POST -H "Content-Type: application/json" -d '{ "configuredLevel": "TRACE" }' http://localhost:8080/loggers/io.micronaut.configuration.security
HTTP/1.1 405 Method Not Allowed
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 654
Server: Jetty(9.4.24.v20191120)

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 405 HTTP method POST is not supported by this URL</title>
</head>
<body><h2>HTTP ERROR 405 HTTP method POST is not supported by this URL</h2>
<table>
<tr><th>URI:</th><td>/loggers/io.micronaut.configuration.security</td></tr>
<tr><th>STATUS:</th><td>405</td></tr>
<tr><th>MESSAGE:</th><td>HTTP method POST is not supported by this URL</td></tr>
<tr><th>SERVLET:</th><td>org.eclipse.jetty.servlet.ServletHandler$Default404Servlet-290d210d</td></tr>
</table>
<hr><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.4.24.v20191120</a><hr/>

</body>
</html>
tchiotludo commented 3 years ago

Are you sure about the url from your curl ?

Powered by Jetty:// 9.4.24.v20191120

There is no jetty in akhq :thinking:

thedje commented 3 years ago

indeed, I had the wrong url :

[root@sl101999 akhq]# curl -i -X POST -H "Content-Type: application/json" -d '{ "configuredLevel": "TRACE" }' http://xxxxxx/loggers/io.micronaut.configuration.security
HTTP/1.1 307 Temporary Redirect
Location: /login
Date: Wed, 13 Jan 2021 07:55:17 GMT
connection: keep-alive
transfer-encoding: chunked

In the log file I have the line: akhq | 2021-01-13 07:53:08,183 INFO pGroup-1-4 org.akhq.log.access [Date: 2021-01-13T07:53:08.182681Z] [Duration: 0 ms] [Url: POST /loggers/io.micronaut.configuration.security] [Status: 307] [Ip: /172.23.202.53] [User: Anonymous]

thedje commented 3 years ago

I have made progress in my investigations. In fact, I have to add the Basic Auth part to access the logging target.

And after having properly configured the ldap part, it works.

tchiotludo commented 3 years ago

glad to know it works :+1: