-
-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth: AD auth broken >v0.6.2 #351
Comments
Hi, you're missing two essential properties:
Can you try it with the suggested properties? |
Further user feedback is requested. Please reply within 7 days or we might close the issue. |
I tried with those. Here is what I got:
I N-checked the password which is the one working in On a side note, I saw those environment variables in https://github.com/kafbat/kafka-ui/blob/main/documentation/compose/ui-ldap.yaml, but is there other documentation about them? |
Thanks for the additional feedback! We'll get back to your issue soon. |
As this issue is exclusively AD related and is not affecting LDAP, reproducing it becomes quite complicated, as we don't have any AD set up. Let's try to find the exact commit which breaks this for you. Could you try these two? Let me know if it works with the first one and doesn't with the latter. |
Further user feedback is requested. Please reply within 7 days or we might close the issue. |
Something is worth mentioning about the two supplemental headers you indicated to me:
Using them on our image compiled from I tested both:
with and without those extra headers, and authentication failed everytime. |
Thanks for the additional feedback! We'll get back to your issue soon. |
This makes little to no sense honestly. But having both not working makes no sense, even less does the fact that adding properties required to make AD work it make it worse in your case. As setting up AD for debugging purposes is virtually impossible, and adding the fact that this is the first time I'm receiving such a report, we'd need either a test AD server provided to understand which changes might've affected it (if any) and/or other user reports on this matter. I'm putting this on hold until we get at least one of those. Please let me know if there's anything else I could do here. |
It might simply come down to the fact that the two environment variables you indicated to me are improperly configured on my end. I wrote earlier what I thought they should contain, based on guess work from their name only. The only other mention which would serve the purpose of docs in the codebase I found was a Docker Compose definition, not very verbose in itself. What strikes me most is that they are breaking the Considering this issue is on hold, I will send that matter further in our backlog too. |
Issue submitter TODO list
main
-labeled docker image and the issue still persists thereDescribe the bug (actual behavior)
As hinted in #254 (comment), LDAP backend towards Active Directory in non-RBAC mode does not seem to work anymore.
The last version this is still effective with the used configuration is
provectus/kafka-ui
'sv0.6.2
.Expected behavior
LDAP authentication is said to be seperate from RBAC par #254 (comment), and as such should continue working whatever state of implementation RBAC is.
RBAC for Active Directory is considered not implemented as of yet.
Your installation details
Previous test made long ago with Docker image compiled from
provectus/kafka-ui
'sv0.7.1
Current test made with Docker image compiled from
kafbat/kafka-ui
'sv1.0.0
Steps to reproduce
Minimal set of environment variables to reproduce:
Screenshots
No response
Logs
Existing session from HTTP authentication is not resumed; those are the logs after filling up the Web auth form:
Additional context
Working logs (
v0.6.2
):The text was updated successfully, but these errors were encountered: