Rundeck ldap 连接以 NullPointerException 结束
Rundeck ldap connection ends in NullPointerException
我目前正在将 rundeck v2.11.3 迁移到 v3.4.0(在 docker 容器中),我的方法是设置全新安装并移动所有内容之后。目前,我无法设置 LDAP 连接(由 Active Directory 运行 在 MS Windows Server 2016 上提供)。我在这里使用来自 DockerHub 的容器 rundeck/rundeck:3.4.0,我的 jaas-loginmodule.conf 看起来像这样:
rundeck {
com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule sufficient
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://10.16.0.4:389"
bindDn="CN=devldap,CN=Users,DC=mycompany,DC=de"
bindPassword="xxx"
authenticationMethod="simple"
forceBindingLogin="true"
forceBindingLoginUseRootContextForRoles="true"
userBaseDn="dc=mycompany,dc=de"
userRdnAttribute="userPrincipalName"
userIdAttribute="userPrincipalName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="ou=dev,ou=adgroups,dc=mycompany,dc=de"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
rolePrefix=""
cacheDurationMillis="600000"
reportStatistics="true"
;
org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
debug="true"
file="/home/rundeck/server/config/realm.properties";
};
尝试使用 ldap 用户登录时,出现以下错误堆栈:
java.lang.NullPointerException
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.getNextBatch(AbstractLdapNamingEnumeration.java:130)
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextAux(AbstractLdapNamingEnumeration.java:258)
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextImpl(AbstractLdapNamingEnumeration.java:249)
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.next(AbstractLdapNamingEnumeration.java:203)
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextElement(AbstractLdapNamingEnumeration.java:106)
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextElement(AbstractLdapNamingEnumeration.java:40)
at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.findUser(JettyCachingLdapLoginModule.java:905)
at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.bindingLogin(JettyCachingLdapLoginModule.java:833)
at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.authenticate(JettyCachingLdapLoginModule.java:738)
at com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule.login(JettyCombinedLdapLoginModule.java:161)
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
at java.base/javax.security.auth.login.LoginContext.run(LoginContext.java:665)
at java.base/javax.security.auth.login.LoginContext.run(LoginContext.java:663)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
at org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider.authenticate(AbstractJaasAuthenticationProvider.java:180)
at org.rundeck.security.RundeckJaasAuthenticationProvider.super$authenticate(RundeckJaasAuthenticationProvider.groovy)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:101)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1217)
at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:144)
at org.rundeck.security.RundeckJaasAuthenticationProvider.authenticate(RundeckJaasAuthenticationProvider.groovy:39)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter.attemptAuthentication(GrailsUsernamePasswordAuthenticationFilter.groovy:53)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.groovy:64)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.groovy:58)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:77)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:114)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:104)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:97)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:516)
at org.eclipse.jetty.server.HttpChannel.lambda$handle(HttpChannel.java:388)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:279)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:383)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:882)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1036)
at java.base/java.lang.Thread.run(Thread.java:834)
[2021-07-21T07:36:54,544] INFO web.requests "GET /user/error" 172.17.0.1 http form 2 ? [] (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36)
我想知道,是否有任何方法可以实际调试连接并查看是否存在配置错误(上面的配置取自现有的 rundeck 实例,它工作正常)或者 rundeck 中可能存在一些错误申请。
我发现与 example AD 配置有些不同(AD 配置的第一行调用另一个模块,还要检查 userRdnAttributte 和 userIdAttribute 值,最后,确保启动Rundeck 使用 OpenJDK 11).
无论如何,我使用以下多重身份验证配置测试成功:
multiauth {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://xxx.xxx.xxx.xxx:389"
bindDn="admin@example.local"
bindPassword="password"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="OU=Users,OU=company,DC=example,DC=local"
userRdnAttribute="sAMAccountName"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="OU=Roles,OU=company,DC=example,DC=local"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
//supplementalRoles="admin"
reportStatistics="true";
org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
debug="true"
file="/home/user/rundeck/server/config/realm.properties";
};
并以这种方式启动 rundeck:
#!/bin/bash
# rundeck information
version=rundeck-3.4.1-20210715.war
min=1024m
max=2048m
# run
java -Xms$min -Xmx$max -Drundeck.jaaslogin=true -Dloginmodule.conf.name=jaas-multiauth.conf -Dloginmodule.name=multiauth -jar $version
我目前正在将 rundeck v2.11.3 迁移到 v3.4.0(在 docker 容器中),我的方法是设置全新安装并移动所有内容之后。目前,我无法设置 LDAP 连接(由 Active Directory 运行 在 MS Windows Server 2016 上提供)。我在这里使用来自 DockerHub 的容器 rundeck/rundeck:3.4.0,我的 jaas-loginmodule.conf 看起来像这样:
rundeck {
com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule sufficient
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://10.16.0.4:389"
bindDn="CN=devldap,CN=Users,DC=mycompany,DC=de"
bindPassword="xxx"
authenticationMethod="simple"
forceBindingLogin="true"
forceBindingLoginUseRootContextForRoles="true"
userBaseDn="dc=mycompany,dc=de"
userRdnAttribute="userPrincipalName"
userIdAttribute="userPrincipalName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="ou=dev,ou=adgroups,dc=mycompany,dc=de"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
rolePrefix=""
cacheDurationMillis="600000"
reportStatistics="true"
;
org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
debug="true"
file="/home/rundeck/server/config/realm.properties";
};
尝试使用 ldap 用户登录时,出现以下错误堆栈:
java.lang.NullPointerException
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.getNextBatch(AbstractLdapNamingEnumeration.java:130)
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextAux(AbstractLdapNamingEnumeration.java:258)
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextImpl(AbstractLdapNamingEnumeration.java:249)
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.next(AbstractLdapNamingEnumeration.java:203)
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextElement(AbstractLdapNamingEnumeration.java:106)
at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextElement(AbstractLdapNamingEnumeration.java:40)
at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.findUser(JettyCachingLdapLoginModule.java:905)
at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.bindingLogin(JettyCachingLdapLoginModule.java:833)
at com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule.authenticate(JettyCachingLdapLoginModule.java:738)
at com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule.login(JettyCombinedLdapLoginModule.java:161)
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
at java.base/javax.security.auth.login.LoginContext.run(LoginContext.java:665)
at java.base/javax.security.auth.login.LoginContext.run(LoginContext.java:663)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
at org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider.authenticate(AbstractJaasAuthenticationProvider.java:180)
at org.rundeck.security.RundeckJaasAuthenticationProvider.super$authenticate(RundeckJaasAuthenticationProvider.groovy)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:101)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1217)
at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:144)
at org.rundeck.security.RundeckJaasAuthenticationProvider.authenticate(RundeckJaasAuthenticationProvider.groovy:39)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter.attemptAuthentication(GrailsUsernamePasswordAuthenticationFilter.groovy:53)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.groovy:64)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.groovy:58)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:77)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:114)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:104)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:97)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:516)
at org.eclipse.jetty.server.HttpChannel.lambda$handle(HttpChannel.java:388)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:279)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:383)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:882)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1036)
at java.base/java.lang.Thread.run(Thread.java:834)
[2021-07-21T07:36:54,544] INFO web.requests "GET /user/error" 172.17.0.1 http form 2 ? [] (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36)
我想知道,是否有任何方法可以实际调试连接并查看是否存在配置错误(上面的配置取自现有的 rundeck 实例,它工作正常)或者 rundeck 中可能存在一些错误申请。
我发现与 example AD 配置有些不同(AD 配置的第一行调用另一个模块,还要检查 userRdnAttributte 和 userIdAttribute 值,最后,确保启动Rundeck 使用 OpenJDK 11).
无论如何,我使用以下多重身份验证配置测试成功:
multiauth {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://xxx.xxx.xxx.xxx:389"
bindDn="admin@example.local"
bindPassword="password"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="OU=Users,OU=company,DC=example,DC=local"
userRdnAttribute="sAMAccountName"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="OU=Roles,OU=company,DC=example,DC=local"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
//supplementalRoles="admin"
reportStatistics="true";
org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
debug="true"
file="/home/user/rundeck/server/config/realm.properties";
};
并以这种方式启动 rundeck:
#!/bin/bash
# rundeck information
version=rundeck-3.4.1-20210715.war
min=1024m
max=2048m
# run
java -Xms$min -Xmx$max -Drundeck.jaaslogin=true -Dloginmodule.conf.name=jaas-multiauth.conf -Dloginmodule.name=multiauth -jar $version