containx / marathon-ldap Goto Github PK
View Code? Open in Web Editor NEWLDAP / Active Directory Authentication and Authorization Plugin for Mesosphere Marathon
License: Other
marathon-ldap's People
Contributors
Stargazers
Watchers
Forkers
gondor oyenet jmuhbagir phpwutz jjqquu redwhitemiko coboosting moonkev raju-divakaran ahmet2mir xiaomin0322 mcriss ccaballe stephlag kylerisse jackyoh matn minyk mateens001 pronix zeapo eugenepaniot rabun788 criteo-forks dreambeam nhanct raghu999 morristech gandalf67200 zaizailong marcusdahlsteinmarathon-ldap's Issues
Unable to delete task under a group
I am using below configuration in plugin.json to restrict access to single marathon group named '/cdo' for particular group. Authentication is working fine and I can see only apps under this folder. But the problem is I am not able to scale/delete task under this marathon folder. Could you please help with this.
This issue is mainly for Kill & Scale operation.
"authorization": { "access": [ {"group":"r_marathon_mesos_auth","permissions":[{"allowed":"*","type":"app","path":"/cdo"},{"allowed":"*","type":"group","path":"/cdo"}]} ] }
Can you please help with the configuration how I can restrict LDAP group access to particular Marathon group and apps.
Thanks,
Sujith
plugin issue in binding
I have added my ldap server details in the json file as below
"url": "ldap://:",
"base": "dc=,dc=com",
"dn": "uid={username}",
"bindUser": "",
"bindPassword": "password for ldap bind",
But i have got the below error
[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090752, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580] (io.containx.marathon.plugin.auth.util.LDAPHelper:pool-5-thread-1)
[2017-08-10 14:42:44,392] ERROR LDAP error validating user: {} (io.containx.marathon.plugin.auth.LDAPAuthenticator:pool-5-thread-1)
com.google.common.cache.CacheLoader$InvalidCacheLoadException: CacheLoader returned null for key AuthKey{username=manokar}.
I can login with the user without ldap. Anything I am missing ?
Updating to Marathon(-ldap) 1.3 broke modal windows
Updated marathon and ldap, can no longer use the GUI for creating new applications or editing existing ones.
Short stacktrace:
Oct 07 14:07:48 host marathon[2197]: java.lang.IllegalArgumentException: Unknown Action: ViewResource
Oct 07 14:07:48 host marathon[2197]: at io.containx.marathon.plugin.auth.type.Action.byAction(Action.java:38)
Oct 07 14:07:48 host marathon[2197]: at io.containx.marathon.plugin.auth.LDAPAuthorizor.isAuthorized(LDAPAuthorizor.java:26)
Oct 07 14:07:48 host marathon[2197]: at mesosphere.marathon.core.event.impl.stream.HttpEventStreamServlet.isAuthorized$1(HttpEventStreamServlet.scala:78)
ldapReadConnectTimeout and ldapReadTimeout fields break the plugin
These two fields look to not be used, looks like this was prematurely pushed into master.
"ldapConnectTimeout": 3000,
"ldapReadTimeout": 3000
ex:
com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "ldapReadTimeout" (class io.containx.marathon.plugin.auth.type.LDAPConfig), not marked as ignorable (10 known properties: "base", "userSearch", "groupSearch", "bindUser", "dn", "url", "useSimpleAuthentication", "userSubTree", "bindPassword", "groupSubTree"])
OPENLDAP binding ok but object not found
My bad.
Problem solved.
Regards
Gandalf
ERROR LDAP error validating user
Hi,
I'm trying to get the plugin working with the OneLogin LDAP service, but I keep getting the error message "ERROR LDAP error validating user".
I'm using the 1.3 plugin with marathon 1.3.3.
Here is what I see in the logs:
https://gist.github.com/davidsayers/b98cb9d81460fa7c8f5d1a44b02703d5
Here is the config I am using:
https://gist.github.com/davidsayers/9673154d9b8a265f961faa7c014a278d
Hopefully you can point me in the right direction.
Thanks
David
Marathon 1.3.6 crashing with Marathon-LDAP 1.3
Hello,
when I enable Marathon-LDAP 1.3 on my Marathon (1.3.6-1.0.540.ubuntu1604) like this:
root@mesos-master1 /etc/marathon/conf # cat plugin_conf
/var/marathon/plugins/plugin-conf.json
root@mesos-master1 /etc/marathon/conf # cat plugin_dir
/var/marathon/plugins
root@mesos-master1 /etc/marathon/conf # ls /var/marathon/plugins
marathon-ldap.jar plugin-conf.json
root@mesos-master1 /etc/marathon/conf # cat /var/marathon/plugins/plugin-conf.json
"ldap": {
/*
* the url property specifies the server, port and SSL setting of your directory.
* Default port is 389 for plaintext or STARTTLS, and 636 for SSL. If you want
* SSL, specify the protocol as 'ldaps:' rather than 'ldap:'
*/
"url": "ldap://my.ldapserver.local:389",
/*
* base represents the domain your directory authenticates. A domain of
* example.com would normally be expressed in the form below, although note
* that there is not necessarily a direct correlation between domains that
* might be part of an email address or username and the baseDN of the
* directory server.
*/
"base": "dc=example,dc=com",
/*
* The dn property tells the plugin how to format a distinguished name for a user
* that you want to authenticate. The string {username} MUST exist in here and
* will be replaced by whatever the user submits as "username" in the login dialog.
*
* When the plugin calculates the DN to use to attempt authentication, it will
* take the interpolated value here, suffixed with the userSubTree (if defined)
* and the base property. For example, the settings here and a submitted username
* of 'fred' would cause a bind attempt using 'dn=uid=fred,ou=People,dc=example,dc=com'
*/
"dn": "uid={username}",
/*
* The userSearch string is used following successful bind in order to obtain the
* entire user record for the user logging in. Similar to the 'dn' property above,
* the supplied username will be substituted into the pattern below and the search
* will be performed as shown against a search context of 'base' or (if defined)
* the userSubTree section only.
*/
"userSearch": "(&(uid={username})(objectClass=inetOrgPerson))",
/* ---- the following properties are optional and can be left undefined ---- */
/*
* If you want to restrict the user searches and bind attempts to a particular
* org unit or other area of the LDAP directory, specify the sub tree here. The
* descriptions of earlier properties note where this definition may affect
* behaviour.
*/
"userSubTree": "ou=People",
/*
* If your group memberships are specified by using "memberOf" attributes on the
* user record, you don't need the following. However, if your groups are defined
* as separate entities and membership is denoted by having all the usernames
* inside the group, then you do. This is common for posixGroup type groups.
* Specify the 'groupSearch' property as a pattern to find all groups that the
* user is a member of.
*/
"groupSearch": "(&(memberUid={username})(objectClass=posixGroup))",
/*
* Similar to userSubTree but for the group entities
*/
"groupSubTree": "ou=Group"
}
then it crashes on startup (see crashlog.txt).
What's wrong?
Thanks
takt
Does not work with Marathon 1.3+
Hi,
plugin causes Marathon (v.1.3+) to stop working.
Including Marathon traceback:
Sep 21 11:47:45 m1 marathon[20095]: [2016-09-21 11:47:45,204] WARN Error for /v2/events (org.eclipse.jetty.servlet.ServletHandler:qtp416285645-43)
Sep 21 11:47:45 m1 marathon[20095]: java.lang.NoClassDefFoundError: Could not initialize class io.containx.marathon.plugin.auth.type.Action
Sep 21 11:47:45 m1 marathon[20095]: #011at io.containx.marathon.plugin.auth.LDAPAuthorizor.isAuthorized(LDAPAuthorizor.java:27)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.core.event.impl.stream.HttpEventStreamServlet.isAuthorized$1(HttpEventStreamServlet.scala:78)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.core.event.impl.stream.HttpEventStreamServlet.doGet(HttpEventStreamServlet.scala:81)
Sep 21 11:47:45 m1 marathon[20095]: #011at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
Sep 21 11:47:45 m1 marathon[20095]: #011at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.api.CacheDisablingFilter.doFilter(CacheDisablingFilter.scala:18)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.DebugModule$MetricsBehavior$$anonfun$invoke$1.apply(DebugConf.scala:75)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.metrics.Metrics.timed(Metrics.scala:27)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.DebugModule$MetricsBehavior.invoke(DebugConf.scala:74)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.api.CORSFilter.doFilter(CORSFilter.scala:46)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.DebugModule$MetricsBehavior$$anonfun$invoke$1.apply(DebugConf.scala:75)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.metrics.Metrics.timed(Metrics.scala:27)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.DebugModule$MetricsBehavior.invoke(DebugConf.scala:74)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.api.LimitConcurrentRequestsFilter.pass(LimitConcurrentRequestsFilter.scala:31)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.api.LimitConcurrentRequestsFilter$$anonfun$3$$anonfun$apply$2.apply(LimitConcurrentRequestsFilter.scala:15)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.api.LimitConcurrentRequestsFilter$$anonfun$3$$anonfun$apply$2.apply(LimitConcurrentRequestsFilter.scala:15)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.api.LimitConcurrentRequestsFilter.doFilter(LimitConcurrentRequestsFilter.scala:35)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)
Sep 21 11:47:45 m1 marathon[20095]: #011at mesosphere.marathon.api.LeaderProxyFilter.doFilter(LeaderProxyFilter.scala:101)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
Sep 21 11:47:45 m1 marathon[20095]: #011at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:240)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:437)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.server.Server.handle(Server.java:517)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:308)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:192)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
Sep 21 11:47:45 m1 marathon[20095]: #011at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
Sep 21 11:47:45 m1 marathon[20095]: #011at java.lang.Thread.run(Thread.java:745)
Change Permissions Without Restart
Is there any way to set group or app permissions without manually adding an entry to the plugin-conf.json and then restarting marathon?
Multiple election participants have the same ID: xx.xx.xx.xx:8080. This is not allowed
Hey @gondor
I am getting below error
[2018-10-12 12:29:02,006] INFO Leadership ended with failure; exiting (mesosphere.marathon.core.election.ElectionServiceImpl:marathon-akka.actor.default-dispatcher-11)
java.lang.IllegalStateException: Multiple election participants have the same ID: xx.xx.xx.xx:8080. This is not allowed.
at mesosphere.marathon.core.election.CuratorElectionStream$CuratorEventEmitter.emitLeader(CuratorElectionStream.scala:157)
at mesosphere.marathon.core.election.CuratorElectionStream$CuratorEventEmitter.$anonfun$longPollLeaderChange$1(CuratorElectionStream.scala:117)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
[2018-10-12 12:29:02,006] INFO Closing leader latch (mesosphere.marathon.core.election.CuratorElectionStream$:pool-1-thread-1)
[2018-10-12 12:29:02,011] INFO Leader latch closed (mesosphere.marathon.core.election.CuratorElectionStream$:pool-1-thread-1)
[2018-10-12 12:29:02,051] INFO Shutting down services (mesosphere.marathon.MarathonApp:shutdownHook3)
plugin doesnt work with marathon 1.4.3
following the install procedure - it seems doesnt work - log output:
May 19 18:28:24 server03 marathon[25120]: [2017-05-19 18:28:24,113] INFO Loading plugins implementing 'mesosphere.marathon.plugin.auth.Authenticator' from these urls: [] (mesosphere.marathon.core.plugin.impl.PluginManagerImpl:main)
May 19 18:28:24 server03 marathon[25120]: [2017-05-19 18:28:24,120] INFO Found 0 plugins. (mesosphere.marathon.core.plugin.impl.PluginManagerImpl:main)
May 19 18:28:24 server03 marathon[25120]: [2017-05-19 18:28:24,122] INFO Loading plugins implementing 'mesosphere.marathon.plugin.auth.Authorizer' from these urls: [] (mesosphere.marathon.core.plugin.impl.PluginManagerImpl:main)
May 19 18:28:24 server03 marathon[25120]: [2017-05-19 18:28:24,122] INFO Found 0 plugins. (mesosphere.marathon.core.plugin.impl.PluginManagerImpl:main)
May 19 18:28:24 server03 marathon[25120]: [2017-05-19 18:28:24,142] INFO Started status update processor (mesosphere.marathon.core.task.update.impl.TaskStatusUpdateProcessorImpl$$EnhancerByGuice$$86c07231:main)
Question on how to debug
Hi, I was wondering how I would go about turning debug to INFO? I have tried to set logging_level for Marathon. Pointing me to some doc would be great!
I am trying to get to outputs like:
LOGGER.info("LDAP trying to connect as {} on {}", dn, config.getUrl());
Active Directory - NamingException/error validating during authentication
Hi all, I see there is someone getting a similar error to me above, but the latest fix does not seem to apply to me. I'm not super LDAP experienced and I am having a hell of a time configuring this to work with my Windows Server 2012 Active Directory. Would really appreciate an assist.
- Marathon-ldap jar 1.3
- Mesos version 1.1.0-2.0.107.centos701406
- Marathon version 1.3.7-1.0.565.el7
My AD user looks as follows:
PS AD:\cn=users,dc=domain,dc=com> Get-ADUser -Filter {Name -like "Matt Richter"}
DistinguishedName : CN=Matt Richter,CN=Users,DC=domain,DC=com
Enabled : True
GivenName : Matt
Name : Matt Richter
ObjectClass : user
ObjectGUID : 65b42d5e-f330-4a3b-9bb9-976536affdb3
SamAccountName : MRichter
SID : S-1-5-21-4183530585-134636266-2064867791-2498
Surname : Richter
UserPrincipalName : [email protected]
He is in a security group that I want to use to determine access:
PS AD:\cn=users,dc=domain,dc=com> Get-ADGroup -SearchBase "OU=Security Groups,DC=domain,DC=com" -filter {Name -like "InfrastructureGroup"}
DistinguishedName : CN=InfrastructureGroup,OU=Security Groups,DC=domain,DC=com
GroupCategory : Security
GroupScope : Global
Name : InfrastructureGroup
ObjectClass : group
ObjectGUID : 2e13cf87-1282-459b-957f-9062f6b7f2ad
SamAccountName : InfrastructureGroup
SID : S-1-5-21-4183530585-134636266-2064867791-13614
I've tried several permutations, but here's what I currently have for plugin_conf.json.
{
"plugins": {
"authorization": {
"plugin": "mesosphere.marathon.plugin.auth.Authorizer",
"implementation": "io.containx.marathon.plugin.auth.LDAPAuthorizor"
},
"authentication": {
"plugin": "mesosphere.marathon.plugin.auth.Authenticator",
"implementation": "io.containx.marathon.plugin.auth.LDAPAuthenticator",
"configuration": {
"ldap": {
"url": "ldap://$ldapserver:389",
"base": "DC=domain,DC=com",
"dn": "CN={username},CN=Users,DC=domain,DC=com",
"bindUser": "CN=$ldapbinduser,CN=Users,DC=domain,DC=com",
"bindPassword": "$ldapbindpass",
"userSearch": "(&(sAMAccountName={username})(objectClass=user))",
"userSubTree": "CN=Users",
"groupSearch": "(&(sAMAccountName={username})(objectClass=group))",
"groupSubTree": "OU=Security Groups"
},
"authorization": {
"access": [
{
"group": "InfrastructureGroup",
"permissions": [
{
"allowed": "*",
"type" : "app"
},
{
"allowed": "*",
"type" : "group"
}
]
}
]
}
}
}
}
}
I deploy and restart marathon, then log into the UI via chrome, and I get prompted for my username/password. The prompt just re-appears after entering my correct creds and I get the following in the logs:
Jan 31 07:29:22 server.domain.com marathon[5373]: [2017-01-31 07:29:22,202] ERROR LDAP NamingException during authentication: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 52e, v2580
Jan 31 07:29:22 server.domain.com marathon[5373]: [2017-01-31 07:29:22,202] ERROR LDAP error validating user: {} (io.containx.marathon.plugin.auth.LDAPAuthenticator:pool-3-thread-1)
Jan 31 07:29:22 server.domain.com marathon[5373]: com.google.common.cache.CacheLoader$InvalidCacheLoadException: CacheLoader returned null for key AuthKey{username=mrichter}.
Jan 31 07:29:22 server.domain.com marathon[5373]: at com.google.common.cache.LocalCache$Segment.getAndRecordStats(LocalCache.java:2354)
Jan 31 07:29:22 server.domain.com marathon[5373]: at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2324)
Jan 31 07:29:22 server.domain.com marathon[5373]: at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2286)
Jan 31 07:29:22 server.domain.com marathon[5373]: at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2201)
Jan 31 07:29:22 server.domain.com marathon[5373]: at com.google.common.cache.LocalCache.get(LocalCache.java:3953)
Jan 31 07:29:22 server.domain.com marathon[5373]: at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3957)
Jan 31 07:29:22 server.domain.com marathon[5373]: at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4875)
Jan 31 07:29:22 server.domain.com marathon[5373]: at io.containx.marathon.plugin.auth.LDAPAuthenticator.doAuth(LDAPAuthenticator.java:78)
Jan 31 07:29:22 server.domain.com marathon[5373]: at io.containx.marathon.plugin.auth.LDAPAuthenticator.lambda$authenticate$4(LDAPAuthenticator.java:60)
Jan 31 07:29:22 server.domain.com marathon[5373]: at akka.dispatch.Futures$$anonfun$future$1.apply(Future.scala:97)
Jan 31 07:29:22 server.domain.com marathon[5373]: at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24)
Jan 31 07:29:22 server.domain.com marathon[5373]: at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24)
Jan 31 07:29:22 server.domain.com marathon[5373]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
Jan 31 07:29:22 server.domain.com marathon[5373]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
Jan 31 07:29:22 server.domain.com marathon[5373]: at java.lang.Thread.run(Thread.java:745)
Would really appreciate some help! Thanks!
How to config multiple marathons with LDAP plugin?
Hi. Actually, this issue is for @vixns . vixns's repo does not open the issue system, so I post at here.
We're running multiple marathons on DC/OS. So, an user is view only at one marathon(all groups/apps), but that user needs to deploy in other marathon(all groups/apps). Is this possible with LDAP permission feature?
Thank you.
Broken password validation
Since merge of #23, master branch of this repository allows anyone to authenticate as any (existing) user in ldap.
To reproduce:
- configure bindUser and bindPassword (bindUser must not contain
{username}but be a real username) - try to connect to marathon using an existing user from ldap (and a random password)
=> you are authenticated as the target user
This issue was introduced by a778d9d which remove step where user password is validated (by always using bind credentials).
Plugin failure after Upgrading to Marathon 1.4.0
According to Marathon Release notes. Looks like there is a breaking Plugin API change in this version. We currently heavily rely on this plugin for authorization.
https://github.com/mesosphere/marathon/releases/tag/v1.4.0
Currently I use the latest version of ldap plugin.
I think the main think it broke is /v2/tasks endpoint
curl -X GET "http://xxx:xxx@localhost:8080/v2/tasks"
{"tasks":[]}
But i have n number tasks running. If i disable the Plugin feature in Marathon and query /v2/tasks endpoint, i do see the running tasks.
@gondor Is there a plan / timeline to add support for Marathon 1.4+
Sample configuration for Active Directory
Hi,
Could you provide some sample configuration for AD? I find it difficult to configure your plugin against AD server.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.