apache
LDAP API Error "does not contain a URL" java.naming.provider.url property does not contain a URL
ISSUE TYPE
- Bug Report
COMPONENT NAME
Management server, API
CLOUDSTACK VERSION
18.01
CONFIGURATION
Advanced networking, LDAP integration
OS / ENVIRONMENT
Ubuntu 22
SUMMARY
running code under API get error message
searchLdap query="username"
STEPS TO REPRODUCE
-
Add LDAP information
-
Global Settings > Access > LDAP ( Using Microsoft AD )
-
Global Settings > LDAP configuration
-
Run command for API
searchLdap query="username"
EXPECTED RESULTS
return search query information
ACTUAL RESULTS
2023-12-08 16:26:19,911 DEBUG [o.a.c.a.StaticRoleBasedAPIAccessChecker] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) RoleService is enabled. We will use it instead of StaticRoleBasedAPIAccessChecker.
2023-12-08 16:26:19,912 DEBUG [o.a.c.r.ApiRateLimitServiceImpl] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) API rate limiting is disabled. We will not use ApiRateLimitService.
2023-12-08 16:26:19,919 DEBUG [o.a.c.l.LdapContextFactory] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) initializing ldap with provider url:
2023-12-08 16:26:19,919 DEBUG [o.a.c.l.LdapManagerImpl] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) ldap Exception:
javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:110)
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.apache.cloudstack.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:62)
at org.apache.cloudstack.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:51)
at org.apache.cloudstack.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:45)
at org.apache.cloudstack.ldap.LdapManagerImpl.searchUsers(LdapManagerImpl.java:359)
at org.apache.cloudstack.api.command.LdapUserSearchCmd.execute(LdapUserSearchCmd.java:76)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163)
at com.cloud.api.ApiServer.queueCommand(ApiServer.java:782)
at com.cloud.api.ApiServer.handleRequest(ApiServer.java:603)
at com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:347)
at com.cloud.api.ApiServlet$1.run(ApiServlet.java:154)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:151)
at com.cloud.api.ApiServlet.doGet(ApiServlet.java:105)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1450)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:772)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:516)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
at java.base/java.lang.Thread.run(Thread.java:829)
2023-12-08 16:26:19,919 DEBUG [o.a.c.a.c.LdapUserSearchCmd] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) No users matching: username
2023-12-08 16:26:19,921 DEBUG [c.c.a.ApiServlet] (qtp989447607-19:ctx-4b97cae5 ctx-1bbaaae5) (logid:36242760) ===END=== 152.71.155.35 -- GET command=searchLdap&query=username&response=json&sessionkey=fFIHT3UmAgiUVAxks-t25wAvJlE
2023-12-08 16:26:21,467 DEBUG [c.c.a.m.AgentManagerImpl] (AgentManager-Handler-3:null) (logid:) SeqA 21-89: Processing Seq 21-89: { Cmd , MgmtId: -1, via: 21, Ver: v1, Flags: 11, [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"158","_loadInfo":"{
@tamoorahmedntu this is the exception you get when you have no ldap configured. It looks like you have an ommision in your ldap configured in cloudstack. Please check the values for
"ldap.basedn"
"ldap.bind.principal"
"ldap.group.object"
"ldap.nested.groups.enable"
"ldap.provider"
"ldap.read.timeout"
"ldap.request.page.size"
"ldap.search.group.principle"
"ldap.user.object"
"user.authenticators.order"
and list your ldap configurations?
Hello, Thank you for this helpful information, please see below; This is the Config: Is this what you require or do you have an API which I can use
@tamoorahmedntu the ldap configuration you have configured is domain specific. If you add a configuration without domain, the search command should work.
NOTE the searchLdap API is only meant for manual import not for autoimport or autosync configurations.
@tamoorahmedntu the ldap configuration you have configured is domain specific. If you add a configuration without domain, the search command should work.
NOTE the searchLdap API is only meant for manual import not for autoimport or autosync configurations.
I'm really sorry but are you talking about the top pic or bottom ?
text would be easier ;) I am talking about the picture describing the ldap configurations , the top one.
that said, I will have to trust the basedn and bind principal as I cannot read those in the bottom picture. The error indicates nothing about that however. The global settings are global and only used as defaults for a domain as configured in the ldapconfiguration.
Unfortunately that still does not work maybe I'm doing something wrong. Configuration > LDAP configuration
host = my server name port = my port Domain = left alone
Is this correct?
yes that is correct. Does it give the same error?
yes
2024-01-03 09:49:39,411 DEBUG [o.a.c.l.LdapManagerImpl] (qtp989447607-19:ctx-541c510b ctx-e0ab4db8) (logid:a0cf2671) ldap Exception: javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:110) at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.apache.cloudstack.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:62) at org.apache.cloudstack.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:51) at org.apache.cloudstack.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:45) at org.apache.cloudstack.ldap.LdapManagerImpl.searchUsers(LdapManagerImpl.java:359) at org.apache.cloudstack.api.command.LdapUserSearchCmd.execute(LdapUserSearchCmd.java:76) at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163) at com.cloud.api.ApiServer.queueCommand(ApiServer.java:782) at com.cloud.api.ApiServer.handleRequest(ApiServer.java:603) at com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:347) at com.cloud.api.ApiServlet$1.run(ApiServlet.java:154) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52) at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:151) at com.cloud.api.ApiServlet.doGet(ApiServlet.java:105) at javax.servlet.http.HttpServlet.service(HttpServlet.java:645) at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1450) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:772) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:516) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) at java.base/java.lang.Thread.run(Thread.java:829) 2024-01-03 09:49:39,412 DEBUG [o.a.c.a.c.LdapUserSearchCmd] (qtp989447607-19:ctx-541c510b ctx-e0ab4db8) (logid:a0cf2671) No users matching: username
ok that will require some debugging than. No idea what else could be wrong.
can you import users?
to make sure I do it properly, could you confirm how to do this
i would use importLdapUsers
yes, and also you can use the UI to import users, It would show available users from ldap if the configuration is correct.
yes, and also you can use the UI to import users, It would show available users from ldap if the configuration is correct.
i get the same error when doing through API but i don't see ldap button which should appear (to my knowledge )
@JoaoJandre I am not sure if this is a bug or environmental yet. If it is a bug sure.
@tamoorahmedntu , I tried to reproduce using https://www.forumsys.com/2022/05/10/online-ldap-test-server/ as the ldapserver. my configuration seems to work:
my ldap configuration:
and connection:
The only thing I can think of next is that you don't use a standard port (3268) and cloudstack cannt handle that. Can you test with ports 389 and 636 to see if those work, please?
Sorry for late reply. Unfortunately I can't Change port of Ldap, I was looking into other ways.
From: dahn @.> Sent: Friday, June 21, 2024 12:47:46 pm To: apache/cloudstack @.> Cc: Ahmed, Tamoor @.>; Mention @.> Subject: Re: [apache/cloudstack] LDAP API Error "does not contain a URL" java.naming.provider.url property does not contain a URL (Issue #8336)
@tamoorahmedntuhttps://github.com/tamoorahmedntu do you have any progress / furhter information?
— Reply to this email directly, view it on GitHubhttps://github.com/apache/cloudstack/issues/8336#issuecomment-2182598561, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANH2J2UXHRVXJAAKA5UNF4DZIQHF5AVCNFSM6AAAAABJIIH4LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBSGU4TQNJWGE. You are receiving this because you were mentioned.Message ID: @.***>
DISCLAIMER: This email is intended solely for the addressee. It may contain private and confidential information. If you are not the intended addressee, please take no action based on it nor show a copy to anyone. In this case, please reply to this email to highlight the error. Opinions and information in this email that do not relate to the official business of Nottingham Trent University shall be understood as neither given nor endorsed by the University. Nottingham Trent University has taken steps to ensure that this email and any attachments are virus-free, but we do advise that the recipient should check that the email and its attachments are actually virus free. This is in keeping with good computing practice.
@tamoorahmedntu you could run a test server against your LDAP and against https://www.forumsys.com/2022/05/10/online-ldap-test-server/ and see if there is a difference in results?