By: Werner Dijkerman user 31 Oct 2019 at 8:43 a.m. CDT

4 Responses
Werner Dijkerman gravatar
Deployed the containers to a bunch of servers. OpenDJ, Consul and Vault on a "backend" node and the oxauth, oxtrust, ofshiboleth, oxpassword and the nginx running on a "application" server. Generated the configuration with the config-init image and uploaded successfully to Consul and Vault. OpenDJ is running on port 11636 (I already have an OpenDJ running so I changed ports for the docker image) and after a start I can see there is data available, like the admin user. I also set the `GLUU_LDAP_URL` on all containers to use the 11636 port. The applications are running fine as well and don't see any errors during startup of them. But when I try to login with the admin user it fails. I see the following error in the oxauth container: ```2019-10-31 14:07:55,578 ERROR [qtp705265961-9] [org.xdi.oxauth.service.AuthenticationService] ( - Failed to find entries with baseDN: o=gluu, filter: (&(&(objectClass=top))(&(uid=admin))) 2019-10-31 14:07:55,608 INFO [qtp705265961-9] [org.xdi.oxauth.auth.Authenticator] ( - Authentication failed for 'admin'``` I can not see any reason why this is failing. When I install the `openldap-clients` in the container of for example oxauth or oxtrust I can do a `ldapsearch -H ldaps://${GLUU_LDAP_URL} -D "cn=directory manager" -w 'password' -b "o=gluu" '(&(&(objectClass=top))(&(uid=admin)))' uid` and it returns a uid. But I can not see what is going wrong. I even added a local log4jxml and used that `-v /data/oxauth/log4j2.xml:/opt/gluu/jetty/oxauth/webapps/oxauth/WEB-INF/classes/log4j2.xml` but don't see anything useful. What can I do to fix it? :-)

By Michael Schwartz staff 31 Oct 2019 at 8:48 a.m. CDT

Michael Schwartz gravatar
That's very strange if `ldapsearch` is working with the same password. There is a persistence log, did you check that?

By Werner Dijkerman user 31 Oct 2019 at 8:54 a.m. CDT

Werner Dijkerman gravatar
Hi, I see this information in the persistence log: ```2019-10-31 14:49:12,539 INFO [Thread-677] [xdi.oxauth.service.status.ldap.LdapStatusTimer] ( - connectionProvider statistics: LDAPConnectionPoolStatistics(numAvailableConnections=1, maxAvailableConnections=10, numSuccessfulConnectionAttempts=3, numFailedConnectionAttempts=0, numConnectionsClosedDefunct=0, numConnectionsClosedExpired=2, numConnectionsClosedUnneeded=0, numSuccessfulCheckouts=1107, numFailedCheckouts=0, numReleasedValid=1107) 2019-10-31 14:49:12,539 INFO [Thread-677] [xdi.oxauth.service.status.ldap.LdapStatusTimer] ( - bindConnectionProvider statistics: LDAPConnectionPoolStatistics(numAvailableConnections=1, maxAvailableConnections=10, numSuccessfulConnectionAttempts=24, numFailedConnectionAttempts=0, numConnectionsClosedDefunct=23, numConnectionsClosedExpired=0, numConnectionsClosedUnneeded=0, numSuccessfulCheckouts=0, numFailedCheckouts=0, numReleasedValid=0) 2019-10-31 14:49:12,539 ERROR [Thread-677] [xdi.oxauth.service.status.ldap.LdapStatusTimer] ( - authConnectionProvider#0 is empty 2019-10-31 14:49:12,539 ERROR [Thread-677] [xdi.oxauth.service.status.ldap.LdapStatusTimer] ( - bindAuthConnectionProvider#0 is empty ``` I think this looks fine right?

By Isman Firmansyah staff 31 Oct 2019 at 9:55 a.m. CDT

Isman Firmansyah gravatar
Hi Werner, I'm afraid changing the `GLUU_LDAP_URL` to `host:11636` is not enough as there are entries that contains reference to port 1636. Please check the `inum=$YOUR_INUM,ou=appliances,o=gluu` entry and its `oxIDPAuthentication` attribute. Also, check the `oxTrustConfApplication` attribute of `ou=oxtrust,ou=configuration,inum=$YOUR_INUM,ou=appliances,o=gluu` as well.

By Werner Dijkerman user 31 Oct 2019 at 1:35 p.m. CDT

Werner Dijkerman gravatar
Hi Isman, Thank you for your answer. Although the ports where fine in the entries you mentioned, I had to update the host to an ip and then I was able to login. The `GLUU_LDAP_INIT_HOST` environment variable on my OpenDJ container had a wrong value. Thanks!