[英]Rundeck Yaml file formatting issue and issue with logging into Rundeck with AD user
我正在尝试通过遵循指南https://vinusumi.wordpress.com/2017/12/28/setup-active-directory-authentication-for-rundeck/来允许域用户登录我的rundeck实例。 但是,我遇到了两个问题。
由于某些原因,我无法使用添加到“ rundeck_admins”组的用户登录rundeck。 我确认凭据是正确的,并且我相信根据我的AD设置,添加到“ jaas-activedirectory.conf”中的信息在语法上是正确且准确的。 根据“ /var/log/rundeck/service.log”,它表示以下内容:
2018-12-13 20:13:29.689 DEBUG --- [tp1465511423-25] ailsUsernamePasswordAuthenticationFilter : Updated SecurityContextHolder to contain null Authentication 2018-12-13 20:13:29.689 DEBUG --- [tp1465511423-25] ailsUsernamePasswordAuthenticationFilter : Delegating to authentication failure handler grails.plugin.springsecurity.web.authentication.AjaxAwareAuthenticationFailureHandler@51aaa9d4
我在弄清楚用于“ rundeck_users”组的yaml文件的正确语法时遇到麻烦
description: "Ops Engineers can launch jobs but not edit them" context: project: * for: resource: - equals: kind: 'node' allow: [read,update,refresh] - equals: kind: 'job' allow: [read,run,kill] - equals: kind: 'adhoc' allow: [read,run,kill] - equals: kind: 'event' allow: [read,create] job: - match: name: '.*' allow: [read,run,kill] adhoc: - match: name: '.*' allow: [read,run,kill] node: - match: nodename: '.*' allow: [read,run,refresh] by: group: - rundeck_users --- context: application: rundeck description: "Ops Engineers can launch jobs but not edit them" for: project: - match: name: '*' allow: [read] system: - match: name: '.*' allow: [read] by: group: - rundeck_users
1.-确保已读取身份验证。 当rundeck启动时<..> 2018-12-14 01:52:57.186 INFO --- [main] rundeckapp.BootStrap:禁用RSS源2018-12-14 01:52:57.187 INFO --- [main] rundeckapp .BootStrap:使用jaas认证<<<<<<<<< <..>
2.-例如,使用http://www.yamllint.com/验证yaml内容正确
3.-使用现有的/有效的aclpolicy,并使用您的组进行测试,并检查acl策略是否引起了问题。
希望能帮助到你
创建具有以下内容的AD配置文件:
AD {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://<ip>:389 ldap://<ip>:389"
bindDn="CN=authUser,CN=Users,DC=your,DC=domain,DC=com"
bindPassword="<authUserPassword>"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="CN=Users,DC=your,DC=domain,DC=com"
userRdnAttribute="sAMAccountName"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="person"
roleBaseDn="CN=Users,DC=your,DC=domain,DC=com"
roleNameAttribute="sAMAccountName"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
reportStatistics="true";
};
用以下几行创建文件/ etc / sysconfig / rundeckd。
请注意,LOGIN_MODULE值应与文件中设置的值相同。
export JAAS_CONF=/path/to/file/jaas-AD.conf
export LOGIN_MODULE=AD
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.