Skip to content
This repository has been archived by the owner on Dec 11, 2023. It is now read-only.

Error connection with kafka-plain-saslserver-2-ad (user pass null - denied) #5

Open
vasilievs opened this issue May 28, 2020 · 1 comment
Open

Error connection with kafka-plain-saslserver-2-ad (user pass null - denied) #5

vasilievs opened this issue May 28, 2020 · 1 comment

Comments

@vasilievs
Copy link

I configured jaas file (for zk and kafka):

cat /etc/kafka/kafka_server_jaas.conf
KafkaServer {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="igroup"
   password="itest"
   user_igroup="itest";
};

KafkaClient {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="igroup"
   password="itest";
};

Kafka config (/etc/kafka/server.config):

listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN

listener.name.sasl_plaintext.plain.sasl.server.callback.handler.class=no.nav.common.security.authentication.SimpleLDAPAuthentication
authorizer.class.name=no.nav.common.security.authorization.SimpleLDAPAuthorizer
super.users=User:igroup

add ldap file (your repo https://github.com/navikt/navkafka-docker-compose/blob/master/kafka/ldapconfig.yaml)

Errors after added config and restart kafka-server:

[2020-05-28 09:27:18,509] INFO [KafkaServer id=0] started (kafka.server.KafkaServer)
[2020-05-28 09:27:19,455] INFO file:/etc/kafka/ldapconfig.yaml read (no.nav.common.security.ldap.LDAPConfig)
[2020-05-28 09:27:19,455] INFO LDAPConfig for classpath is cached (no.nav.common.security.ldap.LDAPConfig)
[2020-05-28 09:27:19,455] INFO ldap configuration values: Config(host=vsi1, port=10389, connTimeout=10000, usrBaseDN=ou=ServiceAccounts,dc=test,dc=local, usrUid=cn, grpBaseDN=OU=kafka,OU=AccountGroupNotInRemedy,OU=Groups,OU=NAV,OU=BusinessUnits,DC=test,DC=local, grpUid=cn, grpAttrName=member, usrCacheExpire=6, grpCacheExpire=6) (no.nav.common.security.ldap.LDAPConfig)
[2020-05-28 09:27:19,500] INFO Bind and group caches are initialized (no.nav.common.security.ldap.LDAPCache)
[2020-05-28 09:27:19,768] INFO LDAP connection time 36 (no.nav.common.security.ldap.LDAPBase)
[2020-05-28 09:27:19,818] ERROR LDAP bind exception for cn=igroup,ou=applaccounts,ou=serviceaccounts,dc=test,dc=local - null (no.nav.common.security.ldap.LDAPAuthentication)
[2020-05-28 09:27:19,818] ERROR LDAP bind exception for cn=igroup,ou=serviceaccounts,dc=test,dc=local - null (no.nav.common.security.ldap.LDAPAuthentication)
[2020-05-28 09:27:19,824] ERROR Authentication End - authentication failed - user=igroup, status=denied (no.nav.common.security.authentication.SimpleLDAPAuthentication)
[2020-05-28 09:27:19,825] INFO [SocketServer brokerId=0] Failed authentication with /127.0.0.1 (Authentication failed: Invalid username or password) (org.apache.kafka.common.network.Selector)
[2020-05-28 09:27:20,127] INFO [Controller id=0, targetBrokerId=0] Failed authentication with localhost/127.0.0.1 (Authentication failed: Invalid username or password) (org.apache.kafka.common.network.Selector)
[2020-05-28 09:27:20,128] ERROR [Controller id=0, targetBrokerId=0] Connection to node 0 (localhost/127.0.0.1:9092) failed authentication due to: Authentication failed: Invalid username or password (org.apache.kafka.clients.NetworkClient)
[2020-05-28 09:27:20,255] INFO LDAP connection time 5 (no.nav.common.security.ldap.LDAPBase)
[2020-05-28 09:27:20,265] ERROR LDAP bind exception for cn=igroup,ou=applaccounts,ou=serviceaccounts,dc=test,dc=local - null (no.nav.common.security.ldap.LDAPAuthentication)
[2020-05-28 09:27:20,265] ERROR LDAP bind exception for cn=igroup,ou=serviceaccounts,dc=test,dc=local - null (no.nav.common.security.ldap.LDAPAuthentication)
[2020-05-28 09:27:20,267] ERROR Authentication End - authentication failed - user=igroup, status=denied (no.nav.common.security.authentication.SimpleLDAPAuthentication)
[2020-05-28 09:27:20,267] INFO [SocketServer brokerId=0] Failed authentication with /127.0.0.1 (Authentication failed: Invalid username or password) (org.apache.kafka.common.network.Selector)

Help me please with my mistakes :)
@vasilievs
Copy link
Author

why send multiple (List) accounts:

[2020-05-28 16:33:39,053] DEBUG Authentication Start - srvp02 (no.nav.common.security.authentication.SimpleLDAPAuthentication)
[2020-05-28 16:33:39,056] DEBUG Successfully connected to (vsi1,10389) (no.nav.common.security.ldap.LDAPBase)
[2020-05-28 16:33:39,056] DEBUG Trying bind for [cn=srvp02,ou=serviceaccounts,dc=test,dc=local, cn=srvp02,ou=applaccounts,ou=serviceaccounts,dc=test,dc=local] and given password (no.nav.common.security.ldap.LDAPAuthentication)
[2020-05-28 16:33:39,059] ERROR LDAP bind exception for cn=srvp02,ou=serviceaccounts,dc=test,dc=local - null (no.nav.common.security.ldap.LDAPAuthentication)
[2020-05-28 16:33:39,059] ERROR LDAP bind exception for cn=srvp02,ou=applaccounts,ou=serviceaccounts,dc=test,dc=local - null (no.nav.common.security.ldap.LDAPAuthentication)
[2020-05-28 16:33:39,059] DEBUG Closing ldap connection (no.nav.common.security.ldap.LDAPBase)
[2020-05-28 16:33:39,063] ERROR Authentication End - authentication failed for srvp02 (no.nav.common.security.authentication.SimpleLDAPAuthentication)

if user find LDAP here:

dn: ou=ApplAccounts,ou=ServiceAccounts,dc=test,dc=local
objectClass: organizationalUnit
ou: ApplAccounts

dn: cn=srvp02,ou=ApplAccounts,ou=ServiceAccounts,dc=test,dc=local
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
cn: srvp02
uid: srvp02
sn: P02
userPassword: dummy

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vasilievs