Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

 

question

bensmail avatar image
bensmail asked Erick Ramirez answered

WARN: Unauthorized while calling LoginController: User has no matching OpsCenter role defined in LDAP. (MainThread)

Hello, I'm getting connection Error when I configure Opscenter with LDAP:

Failed to log in: User bensmaisa has no matching OpsCenter role defined in LDAP.

my login is part of the folder Adminops in AD

The configuration on opcenterd.conf:

[ldap]
server_host = XX.XX.XX.XX
server_port = 389
hostname_verification = true
uri_scheme = ldap
search_dn = CN=opsDSE,OU=Services,OU=Accounts,OU=Paris,OU=Office,DC=DC1,DC=DC2,DC=lk,DC=dvm
search_password = xxxxxxxxxxxxxx
user_search_base = OU=Users,OU=Accounts,OU=Paris,OU=Office,DC=DC1,DC=DC2,DC=lk,DC=dvm
user_search_filter = (sAMAccountName={0})
admin_group_name = Adminops
group_search_type = memberof_search
group_name_attribute = cn
user_memberof_attribute = memberof
user_memberof_stores_dn = True

on the opscenterd.log:

2022-04-03 12:59:35,731Z [opscenterd] DEBUG: Getting <20, org.apache.directory.ldap.client.api.future.SearchFuture> (NioProcessor-4)
2022-04-03 12:59:35,731Z [opscenterd] DEBUG: Search successful : MessageType : SEARCH_RESULT_DONE
Message ID : 20
 Search Result Done
 Ldap Result
 Result code : (SUCCESS) success
 Matched Dn : ''
 Diagnostic message : ''
 (NioProcessor-4)
2022-04-03 12:59:35,731Z [opscenterd] DEBUG: Removing <20, org.apache.directory.ldap.client.api.future.SearchFuture> (NioProcessor-4)
2022-04-03 12:59:35,731Z [opscenterd] DEBUG: Closing SearchCursorImpl org.apache.directory.ldap.client.api.SearchCursorImpl@29341e81 (PoolThread-twisted.internet.reactor-1)
2022-04-03 12:59:35,731Z [opscenterd] DEBUG: Closing SearchCursorImpl org.apache.directory.ldap.client.api.SearchCursorImpl@29341e81 (PoolThread-twisted.internet.reactor-1)
2022-04-03 12:59:35,732Z [opscenterd] DEBUG: Closing SearchCursorImpl org.apache.directory.ldap.client.api.SearchCursorImpl@64684fb4 (PoolThread-twisted.internet.reactor-1)
2022-04-03 12:59:35,732Z [opscenterd] DEBUG: Closing SearchCursorImpl org.apache.directory.ldap.client.api.SearchCursorImpl@64684fb4 (PoolThread-twisted.internet.reactor-1)
2022-04-03 12:59:35,732Z [opscenterd] DEBUG: Sending Unbind request
MessageType : UNBIND_REQUEST
Message ID : 21
 UnBind Requestorg.apache.directory.api.ldap.model.message.UnbindRequestImpl@423fe80d (PoolThread-twisted.internet.reactor-1)
2022-04-03 12:59:35,733Z [opscenterd] DEBUG: Encoded message
 MessageType : UNBIND_REQUEST
Message ID : 21
 UnBind Requestorg.apache.directory.api.ldap.model.message.UnbindRequestImpl@423fe80d
 : 0x30 0x05 0x02 0x01 0x15 0x42 0x00 (PoolThread-twisted.internet.reactor-1)
2022-04-03 12:59:35,733Z [opscenterd] DEBUG: Unbind successful (PoolThread-twisted.internet.reactor-1)
2022-04-03 12:59:35,733Z [opscenterd] DEBUG: received a NoD, closing everything (NioProcessor-4)
2022-04-03 12:59:35,740Z [opscenterd] WARN: Unauthorized while calling LoginController: User bensmaisa has no matching OpsCenter role defined in LDAP. (MainThread)

Any help

Regards

Salah Bensmail

opscenter
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered

There's a good chance the problem is that OpsCenter is unable to do LDAP lookups so it can't retrieve the group membership of the user.

You'll need support assistance for this which I can't provide in a Q&A forum so please log a ticket with DataStax Support. Cheers!

Share
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.