Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

universal_password must be specified at install #490

Open
techietav opened this issue Aug 2, 2023 · 0 comments
Open

universal_password must be specified at install #490

techietav opened this issue Aug 2, 2023 · 0 comments
Assignees
@jandusek4

Comments

@techietav
Copy link

techietav commented Aug 2, 2023
edited
Loading

Installing CP4BA only selecting ODM and the optional tools.
Install failing at gitea section where it attempts to sync LDAP users and fails to authenticate with the LDAP service.

TASK [gitea : Sync LDAP Users] *************************************************
Wednesday 21 June 2023  12:20:07 +0000 (0:01:20.759)       0:08:27.103 ******** 
fatal: [localhost]: FAILED! => {"cache_control": "no-store, no-transform", "changed": false, "connection": "close", "content_length": "146", "content_type": "application/json;charset=utf-8", "date": "Wed, 21 Jun 2023 12:20:14 GMT", "elapsed": 6, "json": {"message": "token is required", "url": "https://gitea.pluto-01-f7d2a3e582d10670c7df1a3b36d5b194-0000.eu-de.containers.appdomain.cloud/api/swagger"}, "msg": "Status code was 401 and not [204]: HTTP Error 401: Unauthorized", "redirected": false, "set_cookie": "10e73728790f636df27fadfad33f18b0=ca831b395a91565b3e753f9e92f91e56; path=/; HttpOnly; Secure; SameSite=None", "status": 401, "url": "https://gitea.pluto-01-f7d2a3e582d10670c7df1a3b36d5b194-0000.eu-de.containers.appdomain.cloud/api/v1/admin/cron/sync_external_users", "x_content_type_options": "nosniff", "x_frame_options": "SAMEORIGIN"}

Link to slack thread on the issue and fix

We tested that the LDAP service was available and logged in using the cpadmin DN and the generated universal_password found in the logs. Proving LDAP and the credentials were valid. Example password __omit_place_holder__dc91d9ecca04b38c3cfa2a1873f305495e4eaae1

With increased logging -vvvvvv we then saw that the password being used for Basic Auth was null.

Specifying a strong password on the cmd line resolved this issue.
./cp-deploy.sh env apply --skip-infra --accept-all-licenses -v -e universal_password=

Conclusion is that something in that code section is not accepting the universal_password when auto generated, perhaps due to length as it is over 60 chars and it then reverts to using null causing the issue authenticating to LDAP.
Is the universal_password being generated incorrectly with omit_place_holder that then makes it too long?
@jandusek4 jandusek4 self-assigned this Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jandusek4 jandusek4

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@techietav @jandusek4