[英]Rundeck Yaml file formatting issue and issue with logging into Rundeck with AD user
I'm trying to allow domain users to log into my rundeck instance by following the guide https://vinusumi.wordpress.com/2017/12/28/setup-active-directory-authentication-for-rundeck/ . 我正在尝试通过遵循指南https://vinusumi.wordpress.com/2017/12/28/setup-active-directory-authentication-for-rundeck/来允许域用户登录我的rundeck实例。 However, I'm running into 2 issues.
但是,我遇到了两个问题。
For some reason, I'm unable to log into rundeck with a user thats added to the "rundeck_admins" group. 由于某些原因,我无法使用添加到“ rundeck_admins”组的用户登录rundeck。 I confirmed that the credentials are correct and I believe that the info I added to the "jaas-activedirectory.conf" is syntactically correct and accurate based on my AD settings.
我确认凭据是正确的,并且我相信根据我的AD设置,添加到“ jaas-activedirectory.conf”中的信息在语法上是正确且准确的。 According to the "/var/log/rundeck/service.log" it says the following:
根据“ /var/log/rundeck/service.log”,它表示以下内容:
2018-12-13 20:13:29.689 DEBUG --- [tp1465511423-25] ailsUsernamePasswordAuthenticationFilter : Updated SecurityContextHolder to contain null Authentication 2018-12-13 20:13:29.689 DEBUG --- [tp1465511423-25] ailsUsernamePasswordAuthenticationFilter : Delegating to authentication failure handler grails.plugin.springsecurity.web.authentication.AjaxAwareAuthenticationFailureHandler@51aaa9d4
I'm having trouble figuring out the proper syntax regarding the yaml file used for my "rundeck_users" group 我在弄清楚用于“ rundeck_users”组的yaml文件的正确语法时遇到麻烦
description: "Ops Engineers can launch jobs but not edit them" context: project: * for: resource: - equals: kind: 'node' allow: [read,update,refresh] - equals: kind: 'job' allow: [read,run,kill] - equals: kind: 'adhoc' allow: [read,run,kill] - equals: kind: 'event' allow: [read,create] job: - match: name: '.*' allow: [read,run,kill] adhoc: - match: name: '.*' allow: [read,run,kill] node: - match: nodename: '.*' allow: [read,run,refresh] by: group: - rundeck_users --- context: application: rundeck description: "Ops Engineers can launch jobs but not edit them" for: project: - match: name: '*' allow: [read] system: - match: name: '.*' allow: [read] by: group: - rundeck_users
1.- Make sure the authentication is being read. 1.-确保已读取身份验证。 When rundeck is starting <..> 2018-12-14 01:52:57.186 INFO --- [ main] rundeckapp.BootStrap : RSS feeds disabled 2018-12-14 01:52:57.187 INFO --- [ main] rundeckapp.BootStrap : Using jaas authentication <<<<<<<<< <..>
当rundeck启动时<..> 2018-12-14 01:52:57.186 INFO --- [main] rundeckapp.BootStrap:禁用RSS源2018-12-14 01:52:57.187 INFO --- [main] rundeckapp .BootStrap:使用jaas认证<<<<<<<<< <..>
2.- Verify the yaml content is correct for example using http://www.yamllint.com/ 2.-例如,使用http://www.yamllint.com/验证yaml内容正确
3.- Use an existing/working aclpolicy and use your group for testing purpose and check if the acl policy is causing the issue. 3.-使用现有的/有效的aclpolicy,并使用您的组进行测试,并检查acl策略是否引起了问题。
Hope it helps 希望能帮助到你
Create AD config file with the following content: 创建具有以下内容的AD配置文件:
AD {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://<ip>:389 ldap://<ip>:389"
bindDn="CN=authUser,CN=Users,DC=your,DC=domain,DC=com"
bindPassword="<authUserPassword>"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="CN=Users,DC=your,DC=domain,DC=com"
userRdnAttribute="sAMAccountName"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="person"
roleBaseDn="CN=Users,DC=your,DC=domain,DC=com"
roleNameAttribute="sAMAccountName"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
reportStatistics="true";
};
Create file /etc/sysconfig/rundeckd with the following lines. 用以下几行创建文件/ etc / sysconfig / rundeckd。
Note that LOGIN_MODULE value should be the same as what you set in your file. 请注意,LOGIN_MODULE值应与文件中设置的值相同。
export JAAS_CONF=/path/to/file/jaas-AD.conf
export LOGIN_MODULE=AD
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.