LDAP Auth failing in YT 6.0
Hi,
After upgrading from 5.2 to 6.0 LDAP authentication against an AD Ldap server is no longer working.
After the upgrade the Ring Auth module was present, but the config had changed. I have now reconfigured it as follows, but I am unable to authenticate.
Server URL: ldap://ldapserver.a.b.c.d:389/DC=a,DC=b,DC=c,DC=d
DN Transform: (sAMAccountName=%u)
Filter:
Select SSL Key: No Key
Here "a.b.c.d" is our internal domain name, and ldapserver is FQDN to ldap server.
In 5.2 we would have configured "Query" to (sAMACccountName=%u).
When testing this (and several different combinations of Filters and DN Transforms), I only get "User not found", and the youtrack-std-logs has this to say about the autentication :
00:06:13,534 INFO [TrustStoreImpl ] TrustStore is empty -> return default TrustStore
00:06:13,534 INFO [LdapUserDirectory ] a\x12345: auth in LDAP
00:06:13,534 INFO [LdapClient ] Constructed DN: sAMAccountName=x12345
00:06:13,565 ERROR [LdapUserDirectory ] LDAP failure
00:06:13,565 WARN [BaseExceptionMapper ] REST exception for URL: /hub/api/rest/authmodules/0b105f9a-51e7-4d08-be7f-773dfb6a9b37/resolve
After upgrading from 5.2 to 6.0 LDAP authentication against an AD Ldap server is no longer working.
After the upgrade the Ring Auth module was present, but the config had changed. I have now reconfigured it as follows, but I am unable to authenticate.
Server URL: ldap://ldapserver.a.b.c.d:389/DC=a,DC=b,DC=c,DC=d
DN Transform: (sAMAccountName=%u)
Filter:
Select SSL Key: No Key
Here "a.b.c.d" is our internal domain name, and ldapserver is FQDN to ldap server.
In 5.2 we would have configured "Query" to (sAMACccountName=%u).
When testing this (and several different combinations of Filters and DN Transforms), I only get "User not found", and the youtrack-std-logs has this to say about the autentication :
00:06:13,534 INFO [TrustStoreImpl ] TrustStore is empty -> return default TrustStore
00:06:13,534 INFO [LdapUserDirectory ] a\x12345: auth in LDAP
00:06:13,534 INFO [LdapClient ] Constructed DN: sAMAccountName=x12345
00:06:13,565 ERROR [LdapUserDirectory ] LDAP failure
javax.naming.CommunicationException: simple bind failed: ldapserver:389 [Root exception is java.net.SocketException: Connection reset]…
javax.naming.CommunicationException: simple bind failed: ldapserver:389 [Root exception is java.net.SocketException: Connection reset]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at jetbrains.jetpass.auth.module.ldap.dnq.client.LdapClient.bind(LdapClient.java:50)
at jetbrains.jetpass.auth.module.ldap.dnq.client.LdapUserDirectory.bind(LdapUserDirectory.java:28)
at jetbrains.jetpass.auth.module.ldap.dnq.persistence.LdapUserAuthenticator.doResolve(LdapUserAuthenticator.java:31)
at jetbrains.jetpass.auth.module.ldap.dnq.persistence.LdapUserAuthenticator.doResolve(LdapUserAuthenticator.java:21)
at jetbrains.jetpass.auth.module.dnq.persistence.UserAuthenticationHandler.resolve(UserAuthenticationHandler.java:52)
at jetbrains.jetpass.dao.dnq.api.authority.module.JetPassAuthModuleDAO$4.invoke(JetPassAuthModuleDAO.java:123)
at jetbrains.jetpass.dao.dnq.api.authority.module.JetPassAuthModuleDAO$4.invoke(JetPassAuthModuleDAO.java:114)
at jetbrains.teamsys.dnq.runtime.txn._Txn.eval(_Txn.java:458)
at jetbrains.jetpass.dao.dnq.api.authority.module.JetPassAuthModuleDAO.resolve(JetPassAuthModuleDAO.java:114)
at jetbrains.jetpass.rest.api.authority.AuthModuleSubresource$1.invoke(AuthModuleSubresource.java:87)
at jetbrains.jetpass.rest.api.authority.AuthModuleSubresource$1.invoke(AuthModuleSubresource.java:85)
at jetbrains.jetpass.rest.common.ServiceRestExt.eval(ServiceRestExt.java:58)
at jetbrains.jetpass.rest.api.authority.AuthModuleSubresource.post_Resolve(AuthModuleSubresource.java:85)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:134)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.ResourceObjectRule.accept(ResourceObjectRule.java:100)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1483)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1414)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1363)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1353)
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:414)
at jetbrains.mps.webr.rpc.rest.provider.misc.DefaultRestRequestHandler.handle(DefaultRestRequestHandler.java:181)
at jetbrains.mps.webr.runtime.requestProcessor.RestRequestProcessor.processRequest(RestRequestProcessor.java:47)
at jetbrains.mps.webr.runtime.servlet.MainServlet.processRequest(MainServlet.java:252)
at jetbrains.mps.webr.runtime.servlet.MainServlet.doGet(MainServlet.java:138)
at jetbrains.mps.webr.runtime.servlet.MainServlet.doPost(MainServlet.java:216)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:698)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1509)
at jetbrains.mps.webr.runtime.filter.QueryParameterFilter.doFilter(QueryParameterFilter.java:25)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1497)
at org.eclipse.jetty.continuation.ContinuationFilter.doFilter(ContinuationFilter.java:127)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1497)
at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:82)
at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:242)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1497)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1497)
at jetbrains.jetpass.server.performance.PerformanceFilter$1.invoke(PerformanceFilter.java:24)
at jetbrains.jetpass.server.performance.PerformanceMonitor.request(PerformanceMonitor.java:75)
at jetbrains.jetpass.server.performance.PerformanceFilter.doFilter(PerformanceFilter.java:22)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1489)
at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:248)
at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:211)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1480)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:517)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:138)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:564)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1097)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:446)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1031)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:200)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:445)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:269)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:601)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:532)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:431)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:404)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:358)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:213)
... 89 more
00:06:13,565 WARN [BaseExceptionMapper ] REST exception for URL: /hub/api/rest/authmodules/0b105f9a-51e7-4d08-be7f-773dfb6a9b37/resolve
jetbrains.mps.webr.rpc.rest.provider.exception.RESTNotFoundException…
jetbrains.mps.webr.rpc.rest.provider.exception.RESTNotFoundException
at jetbrains.jetpass.rest.common.ExceptionExt.checkExists(ExceptionExt.java:56)
at jetbrains.jetpass.rest.api.authority.AuthModuleSubresource.post_Resolve(AuthModuleSubresource.java:85)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:134)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.ResourceObjectRule.accept(ResourceObjectRule.java:100)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1483)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1414)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1363)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1353)
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:414)
at jetbrains.mps.webr.rpc.rest.provider.misc.DefaultRestRequestHandler.handle(DefaultRestRequestHandler.java:181)
at jetbrains.mps.webr.runtime.requestProcessor.RestRequestProcessor.processRequest(RestRequestProcessor.java:47)
at jetbrains.mps.webr.runtime.servlet.MainServlet.processRequest(MainServlet.java:252)
at jetbrains.mps.webr.runtime.servlet.MainServlet.doGet(MainServlet.java:138)
at jetbrains.mps.webr.runtime.servlet.MainServlet.doPost(MainServlet.java:216)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:698)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1509)
at jetbrains.mps.webr.runtime.filter.QueryParameterFilter.doFilter(QueryParameterFilter.java:25)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1497)
at org.eclipse.jetty.continuation.ContinuationFilter.doFilter(ContinuationFilter.java:127)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1497)
at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:82)
at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:242)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1497)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1497)
at jetbrains.jetpass.server.performance.PerformanceFilter$1.invoke(PerformanceFilter.java:24)
at jetbrains.jetpass.server.performance.PerformanceMonitor.request(PerformanceMonitor.java:75)
at jetbrains.jetpass.server.performance.PerformanceFilter.doFilter(PerformanceFilter.java:22)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1489)
at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:248)
at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:211)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1480)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:517)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:138)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:564)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1097)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:446)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1031)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:200)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:445)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:269)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:601)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:532)
at java.lang.Thread.run(Thread.java:745)
Please sign in to leave a comment.
Please, find builds with target fix https://youtrack.jetbrains.com/issue/JT-27151#comment=27-833363
Please ignore these builds. Mistakenly don't include the fix. Next builds will be assembled shortly.
Sorry for confusing you.
Today the builds will be delivered.
How can I fix this?
I found the solution to change root password: http://confluence.jetbrains.com/display/YTD6/YouTrack+Start+Java+Parameters#YouTrackStartJavaParameters-SettingJavaStartParameters
But I don't understand how to set this paramenters.
LDAP is not working (see below) and I'm not able to reset the root user and password so I'm not able to access Youtrack at all.
Is there any workaround to access the system somehow?