Hyperledger Fabric-ca connect to LDAP : admin does not exist
Question
I'm trying to connect Hyperledger Fabric CA to an Openldap. The Openldap is set up in local, with a single organisation
dc=fabric-ca,dc=example,dc=com
And a single user, cn=admin,dc=.../
I have set up a Fabric-CA with following server config :
ldap:
enabled: true
url: ldap://cn=admin,dc=fabric-ca,dc=example,dc=com:000000@☺localhost:389/dc=fabric-ca,dc=example,dc=com
userfilter: (dn:%s)
tls:
enabled: false
attribute:
names: ["dn"]
Converters and maps are irrelevant (so far). The admin exist in OpenLDAP, I checked.
When I start the following enroll command :
fabric-ca-client enroll -u http://cn=admin,dc=fabric-ca,dc=example,dc=com@localhost:7054
I get the following error :
20 - Authorization failure
The CA debug log gave me these informations :
Received request for /enroll
ca.Config: "followed by the CA server config file"
Getting user 'cn=admin,dc=fabric-ca,dc=example,dc=com'
Searching for user 'cn=admin,dc=fabric-ca,dc=example,dc=com' using cached connection
127.0.0.1:45768 POST /enroll 401 23 "Failed to get user: User 'cn=admin,dc=fabric-ca,dc=example,dc=com' does not exist in LDAP directory"
Please, this issue is infuriating. Thanks for your time.
1 answers
solution1
0 2018-08-27 21:44:38
While performing enrollment process, you should pass user name only, but you passed distinguished name instead of that. Except that password should be sent, so your enrollment command should looks like:
fabric-ca-client enroll -u http://admin:mypassword@localhost:7054
Except that, i think that userfilter should looks like that: (cn=%s) since you used cn as admin prefix
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.