Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP user issue with LdapAuth: LDAPError [ProtocolError]: unsupported extended operation #135

Open
manuparra opened this issue Nov 2, 2022 · 2 comments
Open

LDAP user issue with LdapAuth: LDAPError [ProtocolError]: unsupported extended operation #135

manuparra opened this issue Nov 2, 2022 · 2 comments
Assignees
@daikema

Comments

@manuparra
Copy link

Hi!
I'm adding LDAP Auth to Carta Controller, and I have the next config.json:

...
"authProviders": {
        "ldap": {
            "publicKeyLocation": "/etc/carta/carta_public.pem",
            "privateKeyLocation": "/etc/carta/carta_private.pem",
            "issuer": "localhost",
            "ldapOptions": {
                "url":"ldap://192.168.100.25:389",
                "searchBase":"ou=Users,dc=openstack,dc=org",
                "bindDN":"cn=admin,dc=openstack,dc=org",
                "bindCredentials":"<redacted>"
                }
        }
    },
...

When I use carta-controller --verbose --user mparratest I have the next:

LdapAuth:  LDAPError [ProtocolError]: unsupported extended operation
    at messageCallback (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/client/client.js:1220:45)
    at Parser.onMessage (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/client/client.js:888:14)
    at Parser.emit (node:events:390:28)
    at Parser.write (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/messages/parser.js:107:8)
    at Socket.onData (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/client/client.js:875:22)
    at Socket.emit (node:events:390:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:199:23) {
  lde_message: 'unsupported extended operation',
  lde_dn: null
}
LdapAuth:  LDAPError [ProtocolError]: unsupported extended operation
    at messageCallback (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/client/client.js:1220:45)
    at Parser.onMessage (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/client/client.js:888:14)
    at Parser.emit (node:events:390:28)
    at Parser.write (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/messages/parser.js:107:8)
    at Socket.onData (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/client/client.js:875:22)
    at Socket.emit (node:events:390:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:199:23) {
  lde_message: 'unsupported extended operation',
  lde_dn: null
}
LDAPError [ProtocolError]: unsupported extended operation
    at messageCallback (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/client/client.js:1220:45)
    at Parser.onMessage (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/client/client.js:888:14)
    at Parser.emit (node:events:390:28)
    at Parser.write (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/messages/parser.js:107:8)
    at Socket.onData (/usr/local/lib/node_modules/carta-controller/node_modules/ldapjs/lib/client/client.js:875:22)
    at Socket.emit (node:events:390:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:199:23) {
  lde_message: 'unsupported extended operation',
  lde_dn: null
}

When I log with an user not in the LDAP directory or with a bad password I see:

no such user: "mparratest1"

But when I try to log with an user with a correct password, it is not showing logs, and the UI says "Invalid username/password combination".

Any ideas to test?
Thank you in advance.
@veggiesaurus
Copy link
Collaborator

@daikema any chance you can look into this?

@daikema
Copy link
Contributor

daikema commented Apr 18, 2023

Poking around a little bit and looking at the config file excerpt, I suspect that this is due to TLS issues when trying to connect to the LDAP server in question (running on port 389, I'd guess it's trying to do starttls).

Seeing as you're addressing it by IP, I doubt that's configured on the server side either and this is the sort of info that I'd generally recommend not sending unencrypted over the network. @manuparra is TLS something you'd be able to get configured there? (Just Google for something like openldap setup starttls, or replace openldap with whatever other LDAP server you might be using. This does assume that you have admin rights to the LDAP server though).

Would have to dig a bit further to confirm that that's the specific issue, but at the moment, searching around it seems it's typically issues related to TLS that seem to result in that message getting displayed)

@daikema daikema mentioned this issue Apr 19, 2023
Closed
@kswang1029 kswang1029 added this to CARTA Dec 6, 2023
@kswang1029 kswang1029 moved this to Icebox in CARTA Dec 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@daikema daikema

Labels
None yet
Projects
No open projects
CARTA
Status: Icebox
Milestone
No milestone
Development

No branches or pull requests
3 participants
@veggiesaurus @daikema @manuparra