LDAP Configuration : USER_NOT_FOUND #889
-
Hi, We have chosen your application to maintain our MSK on AWS. We have managed to set up basic authentication but with LDAP we are having problems. We have checked that there is connectivity with LDAP. Attached is the configuration: micronaut:
security:
enabled: true
token:
jwt:
signatures:
secret:
generator:
secret: dgTXXXXXXXXXXXXXXXXXXXdg3$GHgfj
ldap:
default:
enabled: true
context:
server: 'ldap://ibr-dev-mad.ibr.local:389'
managerDn: 'CN=akhq,OU=AKHQ,OU=Applications,OU=XXX Data,OU=IBR_USER_REPO,DC=IBR,DC=LOCAL'
managerPassword: 'password'
search:
base: "OU=AKHQ,OU=Applications,OU=XXX Data,OU=IBR_USER_REPO,DC=IBR,DC=LOCAL"
groups:
enabled: true
base: "OU=AKHQ,OU=Applications,OU=XXX Data,OU=IBR_USER_REPO,DC=IBR,DC=LOCAL"
akhq:
security:
default-group: no-roles
basic-auth:
- username: admin
password: a56ad3f2440820608303a0d4a84b1f1858660ead830b8e7df8e8d0b5a7eed13a
groups:
- admin
groups:
topic-reader:
name: topic-reader # Group name
roles: # roles for the group
- topic/read
attributes:
# List of Regexp to filter topic available for group
# Single line String also allowed
# topics-filter-regexp: "^(projectA_topic|projectB_.*)$"
topics-filter-regexp:
- "^projectA_topic$" # Individual topic
- "^projectB_.*$" # Topic group
connects-filter-regexp:
- "^test.*$"
consumer-groups-filter-regexp:
- "consumer.*"
topic-writer:
name: topic-writer # Group name
roles:
- topic/read
- topic/insert
- topic/delete
- topic/config/update
attributes:
topics-filter-regexp:
- "test.*"
connects-filter-regexp:
- "^test.*$"
consumer-groups-filter-regexp:
- "consumer.*"
ldap:
groups:
- name: AWS-MSK
groups:
- topic-reader
- topic-writer
users:
- username: akhq
groups:
- topic-reader
- topic-writer
connections:
Sandbox:
properties:
bootstrap.servers: ${BOOTSTRAP_SERVERS}
security.protocol: SASL_SSL
sasl.mechanism: SCRAM-SHA-512
sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username=${SASL_JAAS_CONFIG_USERNAME} password=${SASL_JAAS_CONFIG_PASSWORD};` We have tested the same configuration with an LDAP client and it works perfectly. However when we go to log into the application we get the following WATN in the log: WARN r-thread-1 u.LoginFailedEventListener Login failed reason USER_NOT_FOUND, username unknown, message User Not Found This is a screenshot of the same configuration for LDAP testing: Could you please help us? Thank you, |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 5 replies
-
I'm not a pro on ldap authentification since I don't have any LDAP server on my side. |
Beta Was this translation helpful? Give feedback.
-
Hello, You have an application developed in which you offer LDAP authentication, following your official documentation it should work and it does not. Nobody says that you are a LDAP professional, but if you have a documentation for your application and it doesn't work, the most correct thing would be that you help to make it work, because following the steps you explain it doesn't work. We want to use AKHQ, but if the LDAP documentation you provide doesn't work... we won't be able to use it, that's why we ask for your help since you are the developer of AKHQ. We are waiting for some convincing answer. Best regards, thank you very much |
Beta Was this translation helpful? Give feedback.
-
Thanks @FrankMormino for your reply, really appreciate to remind that's an open source project ! @javier-torres : your angry response is clearly inappropriate in the context of an open source application, if you want to a full support, go for a commercial application where you pay the support you want! LDAP is working and there is example on the documentation here. There is unit test also that prove that's working and a lot of people is using it. Just all LDAP tree is different and I don't (and I won't) know yours. |
Beta Was this translation helpful? Give feedback.
-
Hello, I am sorry my words have been misinterpreted, in that case I apologize and I totally agree that it is an open source project and I appreciate the work you do and I think it is a great tool. I will try to find a solution to connect to my LDAP. I just wanted to show my code and see if we all saw something wrong that made it not work for me, but anyway I will continue investigating on my own. Thank you very much |
Beta Was this translation helpful? Give feedback.
Thanks @FrankMormino for your reply, really appreciate to remind that's an open source project !
@javier-torres : your angry response is clearly inappropriate in the context of an open source application, if you want to a full support, go for a commercial application where you pay the support you want!
LDAP is working and there is example on the documentation here. There is unit test also that prove that's working and a lot of people is using it.
Just all LDAP tree is different and I don't (and I won't) know yours.