Project

General

Profile

Actions
Copy link

Bug #4922

closed

Rudder OpenLDAP Authentication sans ipv4 localhost

Added by Layne Breitkreutz over 10 years ago. Updated almost 9 years ago.

Status:
Released
Priority:
N/A
Assignee:
Benoît PECCATTE
Category:
System integration
Target version:
2.11.17
Pull Request:
https://github.com/Normation/rudder-p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Rudder encounters issues when working with a server that has no ipv4 localhost assigned, attempting to connect to ldap results in errors unless "127.0.0.1" is specifically defined as the server the host (as opposed to localhost)

using localhost:

/opt/rudder/bin/ldapsearch -h localhost -p 389 -D "cn=manager,cn=rudder-configuration" -w 'ldap_password'  -b 'cn=rudder-configuration' -s onelevel
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

using 127.0.0.1:

root@rudder:/# /opt/rudder/bin/ldapsearch -h 127.0.0.1 -p 389 -D "cn=manager,cn=rudder-configuration" -w 'ldap_password'  -b 'cn=rudder-configuration' -s onelevel
# extended LDIF
#
# LDAPv3
# base <cn=rudder-configuration> with scope oneLevel
# filter: (objectclass=*)
# requesting: ALL
#

# Nodes, rudder-configuration
dn: ou=Nodes,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Nodes
description: Branch that stores all the Nodes

# Rudder, rudder-configuration
dn: ou=Rudder,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Rudder
description: Branch that stores all Rudder specific data

# Inventories, rudder-configuration
dn: ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Inventories
description: Inventory information

# Application Properties, rudder-configuration
dn: ou=Application Properties,cn=rudder-configuration
ou: Application Properties
objectClass: organizationalUnit
objectClass: top

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4

Actions
Copy link
 #1

Updated by François ARMAND over 10 years ago

  • Category set to System integration
  • Target version set to 140

This bug was encoutered on an openvz host.
OpenVZ seems to rewrite /etc/hosts and only set ipv6 information.

So, we should either adapt Rudder parts to be able to work on ipv6-only host, or better check context to abort early on a problematic configuration (that bug was a little to long to understand).

Actions
Copy link
 #2

Updated by Layne Breitkreutz over 10 years ago

clarification: issue is having ::1 ALSO defined as localhost

Actions
Copy link
 #3

Updated by Matthieu CERDA about 10 years ago

  • Target version changed from 140 to 3.0.0~beta1
Actions
Copy link
 #4

Updated by Jonathan CLARKE almost 10 years ago

  • Target version changed from 3.0.0~beta1 to 3.0.0~beta2
Actions
Copy link
 #5

Updated by François ARMAND almost 10 years ago

  • Target version changed from 3.0.0~beta2 to 3.0.0~rc1
Actions
Copy link
 #6

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 3.0.0~rc1 to 3.0.0
Actions
Copy link
 #7

Updated by François ARMAND almost 10 years ago

  • Target version changed from 3.0.0 to 2.11.6

OpenVZ is correctly supported in Rudder 2.11. This ticket should be requalified on that version.

Actions
Copy link
 #8

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.11.6 to 2.11.7
Actions
Copy link
 #9

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.11.7 to 2.11.8
Actions
Copy link
 #10

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.11.8 to 2.11.9
Actions
Copy link
 #11

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.11.9 to 2.11.10
Actions
Copy link
 #12

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.11.10 to 2.11.11
Actions
Copy link
 #13

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.11.11 to 2.11.12
Actions
Copy link
 #14

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.11.12 to 2.11.13
Actions
Copy link
 #15

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.11.13 to 2.11.14
Actions
Copy link
 #16

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.11.14 to 2.11.15
Actions
Copy link
 #17

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.11.15 to 2.11.16
Actions
Copy link
 #18

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.11.16 to 2.11.17
Actions
Copy link
 #19

Updated by Jonathan CLARKE almost 9 years ago

This particular bug can be easily solved by asking OpenLDAP to listen on "localhost" instead of "127.0.0.1". This way, OpenLDAP will figure out for itself which IP address "localhost" is, and listen to whichever is appropriate.

Actions
Copy link
 #20

Updated by Jonathan CLARKE almost 9 years ago

  • Status changed from New to In progress
  • Assignee set to Jonathan CLARKE
Actions
Copy link
 #21

Updated by Jonathan CLARKE almost 9 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/822
Actions
Copy link
 #22

Updated by Jonathan CLARKE almost 9 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions
Copy link
 #24

Updated by Vincent MEMBRÉ almost 9 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.17, 3.0.12 and 3.1.5 which were released today.

Actions
Copy link

Also available in: Atom PDF