Error 401 Unauthorized error when using LDAP authentication

[mkj-git]

I have this sample LDAP in Apache Directory LDAP server

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Organization
dc: example

dn: ou=users,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups

dn: uid=admin,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
cn: Admin User
sn: User
uid: admin
mail: [email protected]
userPassword: admin123
title: Administrator
description: Admin role user

dn: uid=internal_user,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
cn: Internal User
sn: User
uid: internal_user
mail: [email protected]
userPassword: internalpass
title: Internal Employee
description: Internal user role

dn: cn=admins,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: admins
member: uid=admin,ou=users,dc=example,dc=com

dn: cn=internal,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: internal
member: uid=internal_user,ou=users,dc=example,dc=com

Here is my LDAP config inside "auto/_common/common.runtime.properties" file:

druid.auth.authenticatorChain=["ldap"]

druid.auth.authenticator.ldap.type=basic
druid.auth.authenticator.ldap.enableCacheNotifications=true

druid.auth.authenticator.ldap.credentialsValidator.type=ldap
druid.auth.authenticator.ldap.credentialsValidator.url=ldap://localhost:10389
druid.auth.authenticator.ldap.credentialsValidator.bindUser=uid=admin,ou=users,dc=example,dc=com
druid.auth.authenticator.ldap.credentialsValidator.bindPassword=admin123
druid.auth.authenticator.ldap.credentialsValidator.baseDn=dc=example,dc=com
druid.auth.authenticator.ldap.credentialsValidator.userSearch=(&(mail=%s)(objectClass=inetOrgPerson))
druid.auth.authenticator.ldap.credentialsValidator.userAttribute=mail

druid.auth.authenticator.ldap.authorizerName=ldapauth

druid.escalator.type=basic
druid.escalator.internalClientUsername=uid=internal_user,ou=users,dc=example,dc=com
druid.escalator.internalClientPassword=internalpass
druid.escalator.authorizerName=ldapauth

druid.auth.authorizers=["ldapauth"]

druid.auth.authorizer.ldapauth.type=basic
druid.auth.authorizer.ldapauth.initialAdminUser=internal@example.com
druid.auth.authorizer.ldapauth.initialAdminRole=admin
druid.auth.authorizer.ldapauth.roleProvider.type=ldap

I am getting this error when starting Druid

2024-09-14T05:57:52,825 WARN [main] org.apache.druid.java.util.common.RetryUtils - Retrying (1 of 9) in 774ms.
com.fasterxml.jackson.core.JsonParseException: Input does not start with Smile format header (first byte = 0x3c) and parser has REQUIRE_HEADER enabled: can not parse
 at [Source: (byte[])"<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 401 Unauthorized</title>
</head>
<body><h2>HTTP ERROR 401 Unauthorized</h2>
<table>
<tr><th>URI:</th><td>/druid-ext/basic-security/authentication/db/ldap/cachedSerializedUserMap</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>Unauthorized</td></tr>
<tr><th>SERVLET:</th><td>default</td></tr>
</table>

</body>
</html>
"; line: -1, column: 0]

[github-actions[bot]]

This issue has been marked as stale due to 280 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the [email protected] list. Thank you for your contributions.

[github-actions[bot]]

This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.