我已按照 https://docs.rundeck.com/docs/administration/security/authentication.html#case-insensitive-username 上的说明从我的 OpenLDAP 服务器进行身份验证。 rundeck版本是rundeck-5.4.0.20240618-1.noarch
在 LDAP 中,我有一个 ou=Group,dc=mydomain,dc=com,其中我定义了 groupOfNames 类的对象。
/etc/rundeck/jaas-ldap.conf 是:
ldap {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://ldap.mydomain.com:389"
bindDn="cn=binduser,dc=mydomain,dc=com"
bindPassword="MyBindPassword"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="ou=people,dc=mydomain,dc=com"
userRdnAttribute="cn"
userIdAttribute="cn"
userPasswordAttribute="userPassword"
userObjectClass="person"
userLastNameAttribute="sn"
userFirstNameAttribute="givenName"
userEmailAttribute="mail"
roleBaseDn="ou=group,dc=mydomain,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="groupOfNames"
cacheDurationMillis="300000"
reportStatistics="true"
timeoutRead="10000"
timeoutConnect="20000"
nestedGroups="false";
};
尝试登录时,我收到消息:
[2024-07-24T15:28:39,748] INFO jaas.JettyCachingLdapLoginModule - Login attempts: 1, Hits: 0, Ratio: 0%.
[2024-07-24T15:28:39,753] DEBUG jaas.JettyCachingLdapLoginModule - Found user?: true
[2024-07-24T15:28:39,753] DEBUG jaas.JettyCachingLdapLoginModule - Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: ou=people,dc=mydomain,dc=com
[2024-07-24T15:28:39,754] DEBUG jaas.JettyCachingLdapLoginModule - Found user?: true
[2024-07-24T15:28:39,755] DEBUG jaas.JettyCachingLdapLoginModule - user cred is present: true
[2024-07-24T15:28:39,770] WARN jaas.JettyCachingLdapLoginModule - JettyCachingLdapLoginModule: User 'hussain' has no role membership; role query configuration may be incorrect
您的 LDAP 中是否可能有嵌套组? 如果是这样,请尝试在 jaas 文件中将nestedGroups 参数编辑为“true”。