Project

General

Profile

Bug #4922

Rudder OpenLDAP Authentication sans ipv4 localhost

Added by Layne Breitkreutz almost 7 years ago. Updated about 5 years ago.

Status:
Released
Priority:
N/A
Category:
System integration
Target version:
Severity:
User visibility:
Effort required:
Priority:

Description

Rudder encounters issues when working with a server that has no ipv4 localhost assigned, attempting to connect to ldap results in errors unless "127.0.0.1" is specifically defined as the server the host (as opposed to localhost)

using localhost:

/opt/rudder/bin/ldapsearch -h localhost -p 389 -D "cn=manager,cn=rudder-configuration" -w 'ldap_password'  -b 'cn=rudder-configuration' -s onelevel
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

using 127.0.0.1:

root@rudder:/# /opt/rudder/bin/ldapsearch -h 127.0.0.1 -p 389 -D "cn=manager,cn=rudder-configuration" -w 'ldap_password'  -b 'cn=rudder-configuration' -s onelevel
# extended LDIF
#
# LDAPv3
# base <cn=rudder-configuration> with scope oneLevel
# filter: (objectclass=*)
# requesting: ALL
#

# Nodes, rudder-configuration
dn: ou=Nodes,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Nodes
description: Branch that stores all the Nodes

# Rudder, rudder-configuration
dn: ou=Rudder,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Rudder
description: Branch that stores all Rudder specific data

# Inventories, rudder-configuration
dn: ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Inventories
description: Inventory information

# Application Properties, rudder-configuration
dn: ou=Application Properties,cn=rudder-configuration
ou: Application Properties
objectClass: organizationalUnit
objectClass: top

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4

#1

Updated by François ARMAND almost 7 years ago

  • Category set to System integration
  • Target version set to 140

This bug was encoutered on an openvz host.
OpenVZ seems to rewrite /etc/hosts and only set ipv6 information.

So, we should either adapt Rudder parts to be able to work on ipv6-only host, or better check context to abort early on a problematic configuration (that bug was a little to long to understand).

#2

Updated by Layne Breitkreutz almost 7 years ago

clarification: issue is having ::1 ALSO defined as localhost

#3

Updated by Matthieu CERDA over 6 years ago

  • Target version changed from 140 to 3.0.0~beta1
#4

Updated by Jonathan CLARKE over 6 years ago

  • Target version changed from 3.0.0~beta1 to 3.0.0~beta2
#5

Updated by François ARMAND about 6 years ago

  • Target version changed from 3.0.0~beta2 to 3.0.0~rc1
#6

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 3.0.0~rc1 to 3.0.0
#7

Updated by François ARMAND about 6 years ago

  • Target version changed from 3.0.0 to 2.11.6

OpenVZ is correctly supported in Rudder 2.11. This ticket should be requalified on that version.

#8

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 2.11.6 to 2.11.7
#9

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 2.11.7 to 2.11.8
#10

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 2.11.8 to 2.11.9
#11

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 2.11.9 to 2.11.10
#12

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 2.11.10 to 2.11.11
#13

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 2.11.11 to 2.11.12
#14

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 2.11.12 to 2.11.13
#15

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 2.11.13 to 2.11.14
#16

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 2.11.14 to 2.11.15
#17

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 2.11.15 to 2.11.16
#18

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 2.11.16 to 2.11.17
#19

Updated by Jonathan CLARKE over 5 years ago

This particular bug can be easily solved by asking OpenLDAP to listen on "localhost" instead of "127.0.0.1". This way, OpenLDAP will figure out for itself which IP address "localhost" is, and listen to whichever is appropriate.

#20

Updated by Jonathan CLARKE over 5 years ago

  • Status changed from New to In progress
  • Assignee set to Jonathan CLARKE
#21

Updated by Jonathan CLARKE over 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/822
#22

Updated by Jonathan CLARKE over 5 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
#24

Updated by Vincent MEMBRÉ about 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.17, 3.0.12 and 3.1.5 which were released today.

Also available in: Atom PDF