Release Automation

Expand all | Collapse all

LDAP Integration of CA Release Automation is not working.

Jump to Best Answer
  • 1.  LDAP Integration of CA Release Automation is not working.

    Posted 07-02-2015 03:43 AM

    To start with, I would like to mention that I already referred the following link:

    https://communities.ca.com/docs/DOC-231149026

     

    I gave the following entries in distributed.properties file:

    use.general.ldap.authentication=true

    use.general.ldap.url=ldap://ipaddress:389/ou=devops,o=techmahindra

    use.general.ldap.user.fqdn=uid=admin,o=techmahindra

    use.general.ldap.user.password=xxxxx

     

    Still, LDAP authentication is not working. Getting the following error during login using the web interface:

    Your login attempt was unsuccessful, try again.

      Reason: Bad credentials.

     

    Had verified the following:

    * The username and password entered was correct.

    * Request is hitting the LDAP server.

    (Could confirm this because if I give incorrect values for fqdn and password, I get the following error that is different from the above error:

    Your login attempt was unsuccessful, try again.

      Reason: Failed to log in to the LDAP server. Please verify that your user name and password are correct..)

     

    Not sure why authentication is not happening. Appreciate your inputs.



  • 2.  Re: LDAP Integration of CA Release Automation is not working.
    Best Answer

    Broadcom Employee
    Posted 07-02-2015 10:16 AM

    Hi, just wanted to chime in that there was a very recent documentation update for LDAP integration to add a missing step: Enable LDAP Integration - CA Release Automation - 5.5.1 - CA Wiki. Perhaps this was your issue. See Step 4. There is another XML file that you need to update that was not reflected in the previous doc (or the communities doc).

     

    I hope this helps. Let me know!

     

    Thanks,

    Archer



  • 3.  Re: LDAP Integration of CA Release Automation is not working.

    Posted 07-02-2015 10:55 AM

    Simple, it is bad credentials.

    Check if you can use this same credentials to individual add users via Import from LDAP.

    If you can then make sure the id has proper access. You have to have elevated privilege not just user account. It has to be able to read groups, users and other information related to users and groups.



  • 4.  Re: LDAP Integration of CA Release Automation is not working.

    Posted 07-02-2015 10:42 AM

    Archer – is that XML file needed for all LDAP?  Or just non-Active Directory?



  • 5.  Re: LDAP Integration of CA Release Automation is not working.

    Posted 07-03-2015 04:24 AM

    Great, works fine.

    -------------------------------

     

    And, there is one more hurdle that I am facing now. Presently, the situation is like any member registered in the LDAP server can login into CA Release Automation application. In order to constrain the access only to the members of a particular group (cn=cara-users,ou=groups,ou=devops,o=techmahindra in my case), I had implemented the memberOf attribute (overlay) in my OpenLDAP server. And, in order to use the memberOf attribute (overlay), I gave the following in the applicationContext-acegi-security.xml file:

     

        <b:bean id="ldapAuthProvider"

              class="com.nolio.platform.server.dataservices.services.auth.providers.NolioLdapAuthenticationProvider">

            <b:constructor-arg>

                <b:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">

                    <b:constructor-arg ref="ldapSecurityContextSource"/>

                    <b:property name="userDnPatterns">

                        <b:list>

                            <b:value>uid={0},ou=devops,o=techmahindra</b:value>

                            <b:value>memberOf=cn=cara-users,ou=groups,ou=devops,o=techmahindra</b:value>

                        </b:list>

                    </b:property>

                </b:bean>

            </b:constructor-arg>

     

    This is not working for me - that is, even if the user is not a member of cn=cara-users,ou=groups,ou=devops,o=techmahindra,login is possible.

     

    I also tried the following:

     

        <b:bean id="ldapAuthProvider"

              class="com.nolio.platform.server.dataservices.services.auth.providers.NolioLdapAuthenticationProvider">

            <b:constructor-arg>

                <b:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">

                    <b:constructor-arg ref="ldapSecurityContextSource"/>

                    <b:property name="userDnPatterns">

                        <b:list>

                            <b:value>(&(uid={0},ou=devops,o=techmahindra)(memberOf=cn=cara-users,ou=groups,ou=devops,o=techmahindra))</b:value>

                        </b:list>

                    </b:property>

                </b:bean>

            </b:constructor-arg>

     

    The application crashes in this scenario.

     

     

    Hence, I am not sure what needs to be done here. Your inputs are much appreciated.



  • 6.  Re: LDAP Integration of CA Release Automation is not working.

    Broadcom Employee
    Posted 07-02-2015 10:44 AM

    I believe it's non-AD only.

     

    Thanks,

    Archer