使用Datastax 5.1版本的Cassandra,尝试将ldap与之集成。在dse.yaml和cassandra.yaml中添加了必需的参数,但是当我尝试对ldap用户进行身份验证时,它将不断失败,并出现以下错误。
[root@ip-11.11.11.11 ~]# cqlsh -u 123456
Password:
Connection error: ('Unable to connect to any servers', {'127.0.0.1': AuthenticationFailed('Failed to authenticate to 127.0.0.1: Error from server: code=0100 [Bad credentials] message="Failed to login. Please re-try."',)})
这是来自debug.log的消息。
ERROR [Native-Transport-Requests-1] 2019-06-06 05:34:50,842 DefaultLdapConnectionFactory.java:68 - unable to bind connection: PROTOCOL_ERROR: The server will disconnect!
TRACE [Native-Transport-Requests-1] 2019-06-06 05:34:50,843 LdapUtils.java:577 - [ldap-fetch-user] ERROR - failed to fetch username: 123456
org.apache.directory.api.ldap.model.exception.LdapOperationException: PROTOCOL_ERROR: The server will disconnect!
at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3986)
at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1373)
at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1293)
at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:130)
at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:114)
看起来它无法连接到ldap,无法与其绑定吗?
我能够使用ldapsearch连接到AD,并从cassandra节点获得用户的结果。还将证书导入密钥库,并在dse.yaml中提到它。有指针吗?
答案 0 :(得分:0)
成功使用正确的中间证书与AD绑定后,问题出在证书链上。