AD验证的Rundeck问题,它提供了无效的用户名和密码

时间:2019-11-07 15:47:26

标签: rundeck

突然间,我的阳台出现问题,每次尝试访问它时,都会显示用户名和密码无效。

这是service.log中的错误

2019-10-18 17:06:58.447:INFO:cdrjj.JettyCachingLdapLoginModule:qtp683347804-24: Login attempts: 1, Hits: 0, Ratio: 0%.
2019-10-18 17:06:58.468:INFO:cdrjj.JettyCachingLdapLoginModule:qtp683347804-24: Attempting authentication: CN=Lastname, Firstname,OU=Intern,OU=USERS,OU=City,OU=Country,DC=company,DC=lan
Oct 18, 2019 5:06:58 PM org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule debug
INFO: AbstractSharedLoginModule: login with sharedLoginState auth, try? false, use? true
Oct 18, 2019 5:06:58 PM org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule debug
INFO: JettyRolePropertyFileLoginModule: userInfo found for first.last? true
Oct 18, 2019 5:06:58 PM org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule debug
INFO: AbstractSharedLoginModule: using login result: true
Oct 18, 2019 5:06:58 PM org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule debug
INFO: role names: [first.last, ADMINGRP]
2019-10-18 17:06:58.553:WARN:oejj.JAASLoginService:qtp683347804-24:
javax.security.auth.login.LoginException: java.lang.NullPointerException: invalid null input(s)|?at java.util.Objects.requireNonNull(Objects.java:239)|?at javax.security.auth.Subject$SecureSet.add(Subject.java:1321)|?at java.util.Collections$SynchronizedCollection.add(Collections.java:2048)|?at org.eclipse.jetty.jaas.spi.AbstractLoginModule$JAASUserInfo.setJAASInfo(AbstractLoginModule.java:95)|?at org.eclipse.jetty.jaas.spi.AbstractLoginModule.commit(AbstractLoginModule.java:189)|?at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.commit(JettyCachingLdapLoginModule.java:895)|?at com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule.commit(JettyCombinedLdapLoginModule.java:182)|?at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)|?at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)|?at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)|?at java.lang.reflect.Method.invoke(Method.java:508)|?at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)|?at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)|?at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)|?at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)|?at java.security.AccessController.doPrivileged(AccessController.java:734)|?at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)|?at javax.security.auth.login.LoginContext.login(LoginContext.java:598)|?at org.eclipse.jetty.jaas.JAASLoginService.login(JAASLoginService.java:241)|?at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:52)|?at org.eclipse.jetty.security.authentication.FormAuthenticator.login(FormAuthenticator.java:192)|?at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:229)|?at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:499)|?at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213)|?at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1097)|?at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:448)|?at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175)|?at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1031)|?at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136)|?at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)|?at org.eclipse.jetty.server.Server.handle(Server.java:446)|?at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:271)|?at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:246)|?at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358)|?at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:601)|?at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:532)|?at java.lang.Thread.run(Thread.java:818)|
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:890)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
at java.security.AccessController.doPrivileged(AccessController.java:734)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)
at javax.security.auth.login.LoginContext.login(LoginContext.java:598)
at org.eclipse.jetty.jaas.JAASLoginService.login(JAASLoginService.java:241)
at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:52)
at org.eclipse.jetty.security.authentication.FormAuthenticator.login(FormAuthenticator.java:192)
at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:229)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:499)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1097)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:448)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1031)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:446)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:271)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:246)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:601)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:532)
at java.lang.Thread.run(Thread.java:818)

这是我的个人资料文件:

RDECK_INSTALL="${RDECK_INSTALL:-/var/lib/rundeck}"
RDECK_BASE="${RDECK_BASE:-/var/lib/rundeck}"
RDECK_CONFIG="${RDECK_CONFIG:-/etc/rundeck}"
RDECK_SERVER_BASE="${RDECK_SERVER_BASE:-$RDECK_BASE}"
RDECK_SERVER_CONFIG="${RDECK_SERVER_CONFIG:-$RDECK_CONFIG}"
RDECK_SERVER_DATA="${RDECK_SERVER_DATA:-$RDECK_BASE/data}"
RDECK_PROJECTS="${RDECK_PROJECTS:-$RDECK_BASE/projects}"
RUNDECK_TEMPDIR="${RUNDECK_TEMPDIR:-/tmp/rundeck}"
RUNDECK_WORKDIR="${RUNDECK_TEMPDIR:-$RDECK_BASE/work}"
RUNDECK_LOGDIR="${RUNDECK_LOGDIR:-$RDECK_BASE/logs}"
RDECK_JVM_SETTINGS="${RDECK_JVM_SETTINGS:- -Xmx1024m -Xms256m -XX:MaxPermSize=256m -server}"
RDECK_TRUSTSTORE_FILE="${RDECK_TRUSTSTORE_FILE:-$RDECK_CONFIG/ssl/truststore}"
RDECK_TRUSTSTORE_TYPE="${RDECK_TRUSTSTORE_TYPE:-jks}"
JAAS_CONF="${JAAS_CONF:-$RDECK_CONFIG/jaas-loginmodule.conf}"
LOGIN_MODULE="${LOGIN_MODULE:-RDpropertyfilelogin}"
RDECK_HTTP_PORT=${RDECK_HTTP_PORT:-4440}
RDECK_HTTPS_PORT=${RDECK_HTTPS_PORT:-4443}
if [ -z "$JAVA_CMD" ] && [ -n "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ] ; then
JAVA_CMD=$JAVA_HOME/bin/java
PATH=$PATH:$JAVA_HOME/bin
export JAVA_HOME
elif [ -z "$JAVA_CMD" ] ; then
JAVA_CMD=java
fi
for jar in $(find $RDECK_INSTALL/cli -name '.jar') ; do
CLI_CP=${CLI_CP:+$CLI_CP:}$jar
done
for jar in $(find $RDECK_INSTALL/bootstrap -name '.jar') ; do
BOOTSTRAP_CP=${BOOTSTRAP_CP:+$BOOTSTRAP_CP:}$jar
done
RDECK_JVM="-Djava.security.auth.login.config=/etc/rundeck/jaas-activedirectory.conf 
-Dloginmodule.name=multiauth 
-Drdeck.config=$RDECK_CONFIG 
-Drundeck.server.configDir=$RDECK_SERVER_CONFIG 
-Dserver.datastore.path=$RDECK_SERVER_DATA/rundeck 
-Drundeck.server.serverDir=$RDECK_INSTALL 
-Drdeck.projects=$RDECK_PROJECTS 
-Drdeck.runlogs=$RUNDECK_LOGDIR 
-Drundeck.config.location=$RDECK_CONFIG/rundeck-config.properties 
-Djava.io.tmpdir=$RUNDECK_TEMPDIR 
-Drundeck.server.workDir=$RUNDECK_WORKDIR 
-Dserver.http.port=$RDECK_HTTP_PORT"
if [ -n "$RUNDECK_WITH_SSL" ] ; then
RDECK_JVM="$RDECK_JVM -Drundeck.ssl.config=$RDECK_SERVER_CONFIG/ssl/ssl.properties -Dserver.https.port=${RDECK_HTTPS_PORT}"
RDECK_SSL_OPTS="${RDECK_SSL_OPTS:- -Djavax.net.ssl.trustStore=$RDECK_TRUSTSTORE_FILE -Djavax.net.ssl.trustStoreType=$RDECK_TRUSTSTORE_TYPE -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol}"
fi
unset JRE_HOME
umask 002
rundeckd="$JAVA_CMD $RDECK_JVM $RDECK_JVM_OPTS -cp $BOOTSTRAP_CP com.dtolabs.rundeck.RunServer $RDECK_BASE"

这是我的jaas-activedirectory.conf:

multiauth {
  com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule required
  debug="true"
  contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
  providerUrl="ldap://ldaphostname.example.lan:3268"
  bindDn="ebi_ad_d@example.lan"
  bindPassword="maskpassword"
  authenticationMethod="simple"
  forceBindingLogin="true"
  userBaseDn="DC=example,DC=lan"
  userRdnAttribute="sAMAccountName"
  userIdAttribute="sAMAccountName"
  userPasswordAttribute="unicodePwd"
  userObjectClass="user"
  roleBaseDn="OU=Rundeck,OU=GROUPS APPLICATION,OU=CITY,OU=COUNTRY,DC=example,DC=lan"
  roleNameAttribute="sAMAccountName"
  roleMemberAttribute="member"
  roleObjectClass="group"
  cacheDurationMillis="300000"
  supplementalRoles="user"
  reportStatistics="true"
  timeoutRead="10000"
  timeoutConnect="20000"
  nestedGroups="true"
  ignoreRoles="true"
  storePass="true";

  org.eclipse.jetty.jaas.spi.PropertyFileLoginModule sufficient
  debug="true"
  storePass="true"
  file="/etc/rundeck/realm.properties";


  org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
  debug="true"
  useFirstPass="true"
  file="/etc/rundeck/realm.properties"
  refreshInterval="60"
  caseInsensitive="true";
};

我的Rundeck详细信息 Rundeck版本:2.10

安装类型:rpm

操作系统名称/版本:RHE版本6

数据库类型/版本:h2

1 个答案:

答案 0 :(得分:0)

检查模块的顺序,我先用“足够”测试,然后用“必需”进行测试。

此外,在LDAP部分中检查您如何称呼用户(userBaseDn)和角色(roleBaseDn)。

确保使用-Drundeck.jaaslogin=true -Dloginmodule.conf.name=jaas-multiauth.conf and -Dloginmodule.name=multiauth参数启动Rundeck实例。