marathon-ldap icon indicating copy to clipboard operation
marathon-ldap copied to clipboard

Published 20 hours ago verified publisher icon ContainX

Marathon 1.3.6 crashing with Marathon-LDAP 1.3

Open taktv6 opened this issue 8 years ago • 1 comments

Hello,

when I enable Marathon-LDAP 1.3 on my Marathon (1.3.6-1.0.540.ubuntu1604) like this:

root@mesos-master1 /etc/marathon/conf # cat plugin_conf
/var/marathon/plugins/plugin-conf.json
root@mesos-master1 /etc/marathon/conf # cat plugin_dir 
/var/marathon/plugins
root@mesos-master1 /etc/marathon/conf # ls /var/marathon/plugins
marathon-ldap.jar  plugin-conf.json
root@mesos-master1 /etc/marathon/conf # cat /var/marathon/plugins/plugin-conf.json
"ldap": {
    /*
     * the url property specifies the server, port and SSL setting of your directory.
     * Default port is 389 for plaintext or STARTTLS, and 636 for SSL.  If you want 
     * SSL, specify the protocol as 'ldaps:' rather than 'ldap:'
     */
    "url": "ldap://my.ldapserver.local:389",

    /*
     * base represents the domain your directory authenticates.  A domain of
     * example.com would normally be expressed in the form below, although note
     * that there is not necessarily a direct correlation between domains that 
     * might be part of an email address or username and the baseDN of the 
     * directory server.
     */
    "base": "dc=example,dc=com",

    /*
     * The dn property tells the plugin how to format a distinguished name for a user
     * that you want to authenticate.  The string {username} MUST exist in here and 
     * will be replaced by whatever the user submits as "username" in the login dialog.
     *
     * When the plugin calculates the DN to use to attempt authentication, it will
     * take the interpolated value here, suffixed with the userSubTree (if defined)
     * and the base property.  For example, the settings here and a submitted username
     * of 'fred' would cause a bind attempt using 'dn=uid=fred,ou=People,dc=example,dc=com'
     */
    "dn": "uid={username}",

    /*
     * The userSearch string is used following successful bind in order to obtain the
     * entire user record for the user logging in.  Similar to the 'dn' property above,
     * the supplied username will be substituted into the pattern below and the search
     * will be performed as shown against a search context of 'base' or (if defined)
     * the userSubTree section only.
     */
    "userSearch": "(&(uid={username})(objectClass=inetOrgPerson))",

    /* ---- the following properties are optional and can be left undefined ---- */

    /*
     * If you want to restrict the user searches and bind attempts to a particular 
     * org unit or other area of the LDAP directory, specify the sub tree here.  The
     * descriptions of earlier properties note where this definition may affect
     * behaviour.
     */
    "userSubTree": "ou=People",

    /*
     * If your group memberships are specified by using "memberOf" attributes on the
     * user record, you don't need the following.  However, if your groups are defined 
     * as separate entities and membership is denoted by having all the usernames 
     * inside the group, then you do.  This is common for posixGroup type groups.
     * Specify the 'groupSearch' property as a pattern to find all groups that the 
     * user is a member of.
     */
    "groupSearch": "(&(memberUid={username})(objectClass=posixGroup))",

    /*
     * Similar to userSubTree but for the group entities
     */
    "groupSubTree": "ou=Group"
}

then it crashes on startup (see crashlog.txt). What's wrong?

Thanks takt

crashlog.txt

taktv6 avatar Dec 01 '16 01:12 taktv6

According to the crash log, there's a JsonParseException:

Nov 30 17:20:57 mesos-master1 marathon[26701]: [2016-11-30 17:20:57,460] ERROR Terminating due to uncaught exception in thread main:1 (mesosphere.marathon.Main$:main)
Nov 30 17:20:57 mesos-master1 marathon[26701]: com.google.inject.CreationException: Guice creation errors:
Nov 30 17:20:57 mesos-master1 marathon[26701]: 
Nov 30 17:20:57 mesos-master1 marathon[26701]: 1) Error injecting constructor, com.fasterxml.jackson.core.JsonParseException: Unexpected character (':' (code 58)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
Nov 30 17:20:57 mesos-master1 marathon[26701]:  at [Source: [B@67531e3a; line: 1, column: 8]

And indeed your /var/marathon/plugins/plugin-conf.json does not contain valid JSON. It's missing opening and closing braces, and the semantics seem off, too; see the example file at https://github.com/ContainX/marathon-ldap/blob/master/src/main/resources/io/containx/marathon/plugin/auth/plugin-conf.json

moertel avatar Jan 05 '17 09:01 moertel