Products | Versions |
---|---|
TIBCO Streaming | 10.6 and later |
We have configured LDAP authentication for the TIBCO Artifact Management Server, but users are unable to login. The login attempt appears to hang, and no errors are seen in the AMS web UI.
2021-10-01 09:40:03.596 DEBUG (qtp1630986748-52) com.tibco.ep.ams.auth.AMSAuthenticationFilter:480 - Request: Request(GET //localhost:2185/ws/api/login?force=true)@49ce48a8, Authentication header: 'Basic am11bGNhaGVAdGliY28uY29tOkRAcmtvZnNwYWMz', Request host: '0:0:0:0:0:0:0:1' 2021-10-01 09:40:03.596 DEBUG (qtp1630986748-52) com.tibco.ep.ams.auth.AMSAuthenticationFilter:152 - HTTP Request - X-Forwarded-For: None 2021-10-01 09:40:03.596 DEBUG (qtp1630986748-52) com.tibco.ep.ams.auth.AMSAuthenticationFilter:164 - HTTP Request Host: 0:0:0:0:0:0:0:1In this case, the log does not report any errors, but logging stops at the above "HTTP Request Host" message. Consult with your LDAP administrator in this case, to determine the correct LDAP attribute that identifies LDAP users. Some common attributes used are 'cn' (the user's common name), 'uid' (user id), and 'mail' (the user's email address).
2021-10-01 09:51:41.148 DEBUG (qtp83721081-61) com.tibco.ep.ams.auth.AMSLdapContextFactory:77 - Getting LDAP context for user 'CN=User One,OU=Users,DC=example,DC=com' 2021-10-01 09:51:41.236 DEBUG (qtp83721081-61) com.tibco.ep.ams.auth.AMSActiveDirectoryRealm:100 - In queryForAuthenticationInfo, creating LDAP contents for username: 'user1@example.com' 2021-10-01 09:51:41.322 DEBUG (qtp83721081-61) com.tibco.ep.ams.auth.AMSActiveDirectoryRealm:175 - In getRoleNamesForUser, principalRoot: 'dc=example,dc=com', searchFilter: '(&(objectClass=*)(mail={0}))', searchArguments: [user1@example.com], searchScope: 'SUBTREE_SCOPE'Again, the AMS log does not report any errors, but logging stops at the 'In getRoleNamesForUser' step. This indicates that you should review your LDAP setting for roleRoot. Often, it can help to shorten the roleRoot value to the base DN for this ldap system. In the above example, the base DN is 'dc=example,dc=com'.
2021-10-01 09:24:41.539 DEBUG (qtp1558127130-52) com.tibco.ep.ams.auth.AMSAuthenticationFilter:480 - Request: Request(GET //localhost:2185/ws/api/login?force=true)@5da59665, Authentication header: 'Basic am11bGNhaGVAdGliY28uY29tOkRAcmtvZnNwYWMz', Request host: '0:0:0:0:0:0:0:1' 2021-10-01 09:24:41.539 DEBUG (qtp1558127130-52) com.tibco.ep.ams.auth.AMSAuthenticationFilter:152 - HTTP Request - X-Forwarded-For: None 2021-10-01 09:24:41.540 DEBUG (qtp1558127130-52) com.tibco.ep.ams.auth.AMSAuthenticationFilter:164 - HTTP Request Host: 0:0:0:0:0:0:0:1This case looks the same as above, where the selected principalSearch attribute is incorrect. Logging stops silently at the 'HTTP Request Host' line. Again, consult with your LDAP administrator as needed. Some common attributes used for roleAttribute are 'member', 'uniqueMember', and 'memberOf'.