Announcement

Migration of this forum

Dear users of this forum,

we are pleased to inform you that we will be updating the software behind this forum in the near future.

Existing posts, users and categories will remain untouched.

Important:

  • Each user will need to reset their password.
  • Please select "I forgot my password".
  • Enter the email address you used to register in this forum.
  • You will receive an email with a link to set a new password.
  • Please choose a new (secure) password and confirm the process.

We will keep you informed in the pinned thread.

Kind regards,
Your ReportServer Team

Migration des Forums

Liebe Nutzer dieses Forums,

wir freuen uns, euch mitteilen zu können, dass wir in naher Zukunft die Software hinter diesem Forum aktualisieren werden.

Existierende Beiträge, Nutzer und Kategorien bleiben weiterhin bestehen!

Wichtig:

  • Jeder Nutzer muss sein Passwort neu vergeben.
  • Wählt dazu einfach "Ich habe mein Passwort vergessen".
  • Gebt die E-Mail-Adresse ein, mit der ihr registriert seid.
  • Ihr erhaltet eine E-Mail mit einem Link zur Passwortvergabe.
  • Bitte wählt ein neues (sicheres) Passwort und bestätigt den Vorgang.

Wir halten euch im angepinnten Beitrag auf dem Laufenden!

Mit vielen Grüßen
Euer ReportServer Team

Pages: 1

#1 2022-11-24 00:54:49

ReportEnabler
Member
Registered: 2022-11-15

ldap users cannot authenticate

We used exec -c ldapimport.groovy to import our ldap users. Which seemed to work (they are listed below /external in the user tree)

But the cannot login. They receive
Error: Login attempt failed

We notice that in the apache-tomcat/logs/reportserver log file there is:

### PAM Configuration ###
Static PAM configuration: net.datenwerke.rs.authenticator.service.pam.UserPasswordPAMAuthoritative
Finalized PAM configuration: class net.datenwerke.rs.authenticator.service.pam.UserPasswordPAMAuthoritative

We checked
C:\infofabrik\reportserverenterprise-4.3.0.6079-1\apache-tomcat\webapps\reportserver\WEB-INF\classes

and we find our setting of:
rs.authenticator.pams = net.datenwerke.rs.ldap.service.ldap.pam.LdapPAM:net.datenwerke.rs.authenticator.service.pam.UserPasswordPAM:net.datenwerke.rs.authenticator.service.pam.EveryoneIsRootPAM


It seems our PAM setting is being ignored.
Why is the setting being ignored?

thanks

Offline

#2 2022-11-24 10:49:49

IF_Eduardo
Administrator
Registered: 2016-11-01
Website

Re: ldap users cannot authenticate

Hi ReportEnabler,

in your logs you have:
Static PAM configuration: net.datenwerke.rs.authenticator.service.pam.UserPasswordPAMAuthoritative

while in your reportserver.properties you have:
rs.authenticator.pams = net.datenwerke.rs.ldap.service.ldap.pam.LdapPAM:net.datenwerke.rs.authenticator.service.pam.UserPasswordPAM:net.datenwerke.rs.authenticator.service.pam.EveryoneIsRootPAM

these entries do not match. I think you have a second reportserver.properties file with this different setting. Check especially in your external configuration directory for a second reportserver.properties file

Regards,
Eduardo

Offline

#3 2022-11-24 18:10:10

ReportEnabler
Member
Registered: 2022-11-15

Re: ldap users cannot authenticate

Hi Eduardo

There was a second file here (we have now renamed it):
C:\infofabrik\reportserverenterprise-4.3.0.6079-1\apps\reportserver\reportserver-conf\reportserver.properties
Is this from an earlier install attempt?

After a Tomcat restart the logs\reportserver-date file contains:

### PAM Configuration ###
Static PAM configuration: net.datenwerke.rs.ldap.service.ldap.pam.LdapPAM:net.datenwerke.rs.authenticator.service.pam.UserPasswordPAM
Finalized PAM configuration: class net.datenwerke.rs.ldap.service.ldap.pam.LdapPAM, class net.datenwerke.rs.authenticator.service.pam.UserPasswordPAM


24-Nov-2022 17:34:03.568 INFO [Thread-13] net.datenwerke.rs.search.service.search.SearchServiceImpl.rebuildIndex Rebuilding search index...
24-Nov-2022 17:34:07.943 INFO [Thread-13] net.datenwerke.gf.service.lateinit.LateInitStartup$1.run Startup completed
24-Nov-2022 17:34:10.890 INFO [ajp-nio-127.0.0.1-8009-exec-2] net.datenwerke.rs.passwordpolicy.service.BsiPasswordPolicyServiceImpl.getPolicy Password policy not active: Could not find config for security/passwordpolicy.cf


However ldap users still cannot login:
Error
Login attempt failed

We can't find any logged error explanations in the logs.

Offline

#4 2022-11-24 21:59:13

ReportEnabler
Member
Registered: 2022-11-15

Re: ldap users cannot authenticate

Update:
In the reportserver.properties file:

If rs.authenticator.pams = net.datenwerke.rs.ldap.service.ldap.pam.LdapPAM:net.datenwerke.rs.authenticator.service.pam.UserPasswordPAM:net.datenwerke.rs.authenticator.service.pam.EveryoneIsRootPAM

Then anyone could access the server without requiring a login at all, but everyone gets full Admin rights (as is expected).

If rs.authenticator.pams = net.datenwerke.rs.ldap.service.ldap.pam.LdapPAM:net.datenwerke.rs.authenticator.service.pam.UserPasswordPAM

Then ldap users could not login at all.

If rs.authenticator.pams = net.datenwerke.rs.ldap.service.ldap.pam.LdapPAM

Then ldap users can login and so can the admin user.

(in all of the above cases the permission existed for Report Server Access)

We can close the 'case' - thanks for your help.

Offline

#5 2022-11-25 15:23:05

IF_Eduardo
Administrator
Registered: 2016-11-01
Website

Re: ldap users cannot authenticate

Hi ReportEnabler,

yes, using rs.authenticator.pams = net.datenwerke.rs.ldap.service.ldap.pam.LdapPAM should work. If you need to allow local users as well, you can use the allowLocalUsers attribute: https://github.com/infofabrik/reportser … dap.cf#L57

Anyway, we raised ticket RS-6509 to check why this is not working with concatenated PAMS, as in
rs.authenticator.pams = net.datenwerke.rs.ldap.service.ldap.pam.LdapPAM:net.datenwerke.rs.authenticator.service.pam.UserPasswordPAM

Regards,
Eduardo

Offline

Pages: 1

Board footer

Powered by FluxBB