Project

General

Profile

Actions

Bug #4922

closed

Rudder OpenLDAP Authentication sans ipv4 localhost

Added by Layne Breitkreutz over 10 years ago. Updated about 9 years ago.

Status:
Released
Priority:
N/A
Category:
System integration
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Rudder encounters issues when working with a server that has no ipv4 localhost assigned, attempting to connect to ldap results in errors unless "127.0.0.1" is specifically defined as the server the host (as opposed to localhost)

using localhost:

/opt/rudder/bin/ldapsearch -h localhost -p 389 -D "cn=manager,cn=rudder-configuration" -w 'ldap_password'  -b 'cn=rudder-configuration' -s onelevel
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

using 127.0.0.1:

root@rudder:/# /opt/rudder/bin/ldapsearch -h 127.0.0.1 -p 389 -D "cn=manager,cn=rudder-configuration" -w 'ldap_password'  -b 'cn=rudder-configuration' -s onelevel
# extended LDIF
#
# LDAPv3
# base <cn=rudder-configuration> with scope oneLevel
# filter: (objectclass=*)
# requesting: ALL
#

# Nodes, rudder-configuration
dn: ou=Nodes,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Nodes
description: Branch that stores all the Nodes

# Rudder, rudder-configuration
dn: ou=Rudder,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Rudder
description: Branch that stores all Rudder specific data

# Inventories, rudder-configuration
dn: ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Inventories
description: Inventory information

# Application Properties, rudder-configuration
dn: ou=Application Properties,cn=rudder-configuration
ou: Application Properties
objectClass: organizationalUnit
objectClass: top

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4

Actions #1

Updated by François ARMAND over 10 years ago

  • Category set to System integration
  • Target version set to 140

This bug was encoutered on an openvz host.
OpenVZ seems to rewrite /etc/hosts and only set ipv6 information.

So, we should either adapt Rudder parts to be able to work on ipv6-only host, or better check context to abort early on a problematic configuration (that bug was a little to long to understand).

Actions #2

Updated by Layne Breitkreutz over 10 years ago

clarification: issue is having ::1 ALSO defined as localhost

Actions #3

Updated by Matthieu CERDA about 10 years ago

  • Target version changed from 140 to 3.0.0~beta1
Actions #4

Updated by Jonathan CLARKE about 10 years ago

  • Target version changed from 3.0.0~beta1 to 3.0.0~beta2
Actions #5

Updated by François ARMAND about 10 years ago

  • Target version changed from 3.0.0~beta2 to 3.0.0~rc1
Actions #6

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 3.0.0~rc1 to 3.0.0
Actions #7

Updated by François ARMAND almost 10 years ago

  • Target version changed from 3.0.0 to 2.11.6

OpenVZ is correctly supported in Rudder 2.11. This ticket should be requalified on that version.

Actions #8

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.11.6 to 2.11.7
Actions #9

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.11.7 to 2.11.8
Actions #10

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.11.8 to 2.11.9
Actions #11

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.11.9 to 2.11.10
Actions #12

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.11.10 to 2.11.11
Actions #13

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.11.11 to 2.11.12
Actions #14

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.11.12 to 2.11.13
Actions #15

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.11.13 to 2.11.14
Actions #16

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.11.14 to 2.11.15
Actions #17

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.11.15 to 2.11.16
Actions #18

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.11.16 to 2.11.17
Actions #19

Updated by Jonathan CLARKE about 9 years ago

This particular bug can be easily solved by asking OpenLDAP to listen on "localhost" instead of "127.0.0.1". This way, OpenLDAP will figure out for itself which IP address "localhost" is, and listen to whichever is appropriate.

Actions #20

Updated by Jonathan CLARKE about 9 years ago

  • Status changed from New to In progress
  • Assignee set to Jonathan CLARKE
Actions #21

Updated by Jonathan CLARKE about 9 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/822
Actions #22

Updated by Jonathan CLARKE about 9 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions #24

Updated by Vincent MEMBRÉ about 9 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.17, 3.0.12 and 3.1.5 which were released today.

Actions

Also available in: Atom PDF