Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error 401 Unauthorized error when using LDAP authentication #17063

Open
mkj-git opened this issue Sep 14, 2024 · 0 comments
Open

Error 401 Unauthorized error when using LDAP authentication #17063

mkj-git opened this issue Sep 14, 2024 · 0 comments

Comments

@mkj-git
Copy link

mkj-git commented Sep 14, 2024

I have this sample LDAP in Apache Directory LDAP server

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Organization
dc: example

dn: ou=users,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups

dn: uid=admin,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
cn: Admin User
sn: User
uid: admin
mail: admin@example.com
userPassword: admin123
title: Administrator
description: Admin role user

dn: uid=internal_user,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
cn: Internal User
sn: User
uid: internal_user
mail: internal_user@example.com
userPassword: internalpass
title: Internal Employee
description: Internal user role

dn: cn=admins,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: admins
member: uid=admin,ou=users,dc=example,dc=com

dn: cn=internal,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: internal
member: uid=internal_user,ou=users,dc=example,dc=com

Here is my LDAP config inside "auto/_common/common.runtime.properties" file:

druid.auth.authenticatorChain=["ldap"]

druid.auth.authenticator.ldap.type=basic
druid.auth.authenticator.ldap.enableCacheNotifications=true

druid.auth.authenticator.ldap.credentialsValidator.type=ldap
druid.auth.authenticator.ldap.credentialsValidator.url=ldap://localhost:10389
druid.auth.authenticator.ldap.credentialsValidator.bindUser=uid=admin,ou=users,dc=example,dc=com
druid.auth.authenticator.ldap.credentialsValidator.bindPassword=admin123
druid.auth.authenticator.ldap.credentialsValidator.baseDn=dc=example,dc=com
druid.auth.authenticator.ldap.credentialsValidator.userSearch=(&(mail=%s)(objectClass=inetOrgPerson))
druid.auth.authenticator.ldap.credentialsValidator.userAttribute=mail

druid.auth.authenticator.ldap.authorizerName=ldapauth

druid.escalator.type=basic
druid.escalator.internalClientUsername=uid=internal_user,ou=users,dc=example,dc=com
druid.escalator.internalClientPassword=internalpass
druid.escalator.authorizerName=ldapauth

druid.auth.authorizers=["ldapauth"]

druid.auth.authorizer.ldapauth.type=basic
druid.auth.authorizer.ldapauth.initialAdminUser=internal@example.com
druid.auth.authorizer.ldapauth.initialAdminRole=admin
druid.auth.authorizer.ldapauth.roleProvider.type=ldap

I am getting this error when starting Druid

2024-09-14T05:57:52,825 WARN [main] org.apache.druid.java.util.common.RetryUtils - Retrying (1 of 9) in 774ms.
com.fasterxml.jackson.core.JsonParseException: Input does not start with Smile format header (first byte = 0x3c) and parser has REQUIRE_HEADER enabled: can not parse
 at [Source: (byte[])"<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 401 Unauthorized</title>
</head>
<body><h2>HTTP ERROR 401 Unauthorized</h2>
<table>
<tr><th>URI:</th><td>/druid-ext/basic-security/authentication/db/ldap/cachedSerializedUserMap</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>Unauthorized</td></tr>
<tr><th>SERVLET:</th><td>default</td></tr>
</table>

</body>
</html>
"; line: -1, column: 0]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mkj-git