3:55 a.m.
Hi,
Keycloak 6.0.1, LDAP federation is working, users can logon and are
updated automatically regularly from ldap:
2019-07-02 17:39:49,761 INFO
[org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users from
LDAP to local store: realm: our_realm, federation provider: our_realm-ad, last sync time:
Mon Jul 01 17:39:43 CEST > 2019-07-02 17:39:50,067 INFO
[org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users
finished: 3 imported users, 22 updated users
In keycloak, the configured ldap uri is ldap://localhost:389, where a
haproxy instance is listening that talks ldaps to our DCs.
The 'problem': in the keycloak GUI, the buttons 'Test authentication'
and 'Test connection' do not work:
"Error! Error when trying to connect to LDAP. See server.log for details."
But nothing logged in server.log, and haproxy does not even log a
connection attempt at all.
Anyone else seeing this..?
MJ
5:52 a.m.
Hi,
Off list, someone asked me to check if ldap://127.0.0.1:389 would work
better than ldap://localhost:389, but it doesn't.
But I am now also trying to fill in actual remote ldap servers, and they
also don't work. Again nothing at all logged in server.log
Do the test buttons work for others here?
MJ
On 7/3/19 10:55 AM, mj wrote:
Hi,
Keycloak 6.0.1, LDAP federation is working, users can logon and are
updated automatically regularly from ldap:
> 2019-07-02 17:39:49,761 INFO [org.keycloak.storage.ldap.LDAPStorageProviderFactory]
(Timer-2) Sync changed users from LDAP to local store: realm: our_realm, federation
provider: our_realm-ad, last sync time: Mon Jul 01 17:39:43 CEST > 2019-07-02
17:39:50,067 INFO [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync
changed users finished: 3 imported users, 22 updated users
In keycloak, the configured ldap uri is ldap://localhost:389, where a
haproxy instance is listening that talks ldaps to our DCs.
The 'problem': in the keycloak GUI, the buttons 'Test authentication'
and 'Test connection' do not work:
"Error! Error when trying to connect to LDAP. See server.log for details."
But nothing logged in server.log, and haproxy does not even log a
connection attempt at all.
Anyone else seeing this..?
MJ
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:50 a.m.
Le Jeudi, Juillet 04, 2019 12:52 CEST, mj <lists(a)merit.unu.edu> a écrit:
Hi,
Off list, someone asked me to check if ldap://127.0.0.1:389 would work
better than ldap://localhost:389, but it doesn't.
But I am now also trying to fill in actual remote ldap servers, and they
also don't work. Again nothing at all logged in server.log
Do the test buttons work for others here?
Hello,
It works for me with keycloak 6.0.1.
The button sends a request to
https://<keycloak>/auth/admin/realms/<realm>/testLDAPConnection, can you try
examining the response you have with this request (in the browser dev tools for instance)
?
Regards,
Cédric Couralet
MJ
>
> On 7/3/19 10:55 AM, mj wrote:
> > Hi,
> >
> > Keycloak 6.0.1, LDAP federation is working, users can logon and are
> > updated automatically regularly from ldap:
> >
> >> 2019-07-02 17:39:49,761 INFO
[org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users from
LDAP to local store: realm: our_realm, federation provider: our_realm-ad, last sync time:
Mon Jul 01 17:39:43 CEST > 2019-07-02 17:39:50,067 INFO
[org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users
finished: 3 imported users, 22 updated users
> >
> > In keycloak, the configured ldap uri is ldap://localhost:389, where a
> > haproxy instance is listening that talks ldaps to our DCs.
> >
> > The 'problem': in the keycloak GUI, the buttons 'Test
authentication'
> > and 'Test connection' do not work:
> >
> > "Error! Error when trying to connect to LDAP. See server.log for
details."
> >
> > But nothing logged in server.log, and haproxy does not even log a
> > connection attempt at all.
> >
> > Anyone else seeing this..?
> >
> MJ
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
2:52 a.m.
Hi Cédric,
I edited the request for our installation, and the browser dev tools said:
Error loading this URI: Could not load the source for
https://<keycloak>/auth/admin/realms/OUR_REALM/testLDAPConnection.
[Exception... "Component returned failure code: 0x80470002 (NS_BASE_STREAM_CLOSED)
[nsIInputStream.available]" nsresult: "0x80470002 (NS_BASE_STREAM_CLOSED)"
location: "JS frame :: resource://devtools/shared/DevToolsUtils.js :: onResponse ::
line 555" data: no]
Stack: onResponse@resource://devtools/shared/DevToolsUtils.js:555:34
onStopRequest@resource://gre/modules/NetUtil.jsm:123:17
Line: 555, column: 0
Does the above mean anything to you..?
We appreciated your response, many thanks!
MJ
On 7/4/19 1:50 PM, cedric(a)couralet.eu wrote:
Le Jeudi, Juillet 04, 2019 12:52 CEST, mj <lists(a)merit.unu.edu>
a écrit:
> Hi,
>
> Off list, someone asked me to check if ldap://127.0.0.1:389 would work
> better than ldap://localhost:389, but it doesn't.
>
> But I am now also trying to fill in actual remote ldap servers, and they
> also don't work. Again nothing at all logged in server.log
>
> Do the test buttons work for others here?
Hello,
It works for me with keycloak 6.0.1.
The button sends a request to
https://<keycloak>/auth/admin/realms/<realm>/testLDAPConnection, can you try
examining the response you have with this request (in the browser dev tools for instance)
?
Regards,
Cédric Couralet
> MJ
>
> On 7/3/19 10:55 AM, mj wrote:
>> Hi,
>>
>> Keycloak 6.0.1, LDAP federation is working, users can logon and are
>> updated automatically regularly from ldap:
>>
>>> 2019-07-02 17:39:49,761 INFO
[org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users from
LDAP to local store: realm: our_realm, federation provider: our_realm-ad, last sync time:
Mon Jul 01 17:39:43 CEST > 2019-07-02 17:39:50,067 INFO
[org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users
finished: 3 imported users, 22 updated users
>>
>> In keycloak, the configured ldap uri is ldap://localhost:389, where a
>> haproxy instance is listening that talks ldaps to our DCs.
>>
>> The 'problem': in the keycloak GUI, the buttons 'Test
authentication'
>> and 'Test connection' do not work:
>>
>> "Error! Error when trying to connect to LDAP. See server.log for
details."
>>
>> But nothing logged in server.log, and haproxy does not even log a
>> connection attempt at all.
>>
>> Anyone else seeing this..?
>>
>> MJ
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
2:56 a.m.
Hi, sorry for the stupid question, but did you change the hostname for the keycloak server
(instead of <keycloak>) ?
That log would mean your browser can't connect to you keycloak, this would be really
strange considering you access the admin interface.
Also that request needs some context (auth,...) so it is easier to click on the button
with the developpers tools opened and see what is the response.
Cédric
Le Vendredi, Juillet 05, 2019 09:52 CEST, mj <lists(a)merit.unu.edu> a écrit:
Hi Cédric,
I edited the request for our installation, and the browser dev tools said:
> Error loading this URI: Could not load the source for
https://<keycloak>/auth/admin/realms/OUR_REALM/testLDAPConnection.
> [Exception... "Component returned failure code: 0x80470002
(NS_BASE_STREAM_CLOSED) [nsIInputStream.available]" nsresult: "0x80470002
(NS_BASE_STREAM_CLOSED)" location: "JS frame ::
resource://devtools/shared/DevToolsUtils.js :: onResponse :: line 555" data: no]
> Stack: onResponse@resource://devtools/shared/DevToolsUtils.js:555:34
> onStopRequest@resource://gre/modules/NetUtil.jsm:123:17
> Line: 555, column: 0
Does the above mean anything to you..?
We appreciated your response, many thanks!
MJ
On 7/4/19 1:50 PM, cedric(a)couralet.eu wrote:
> Le Jeudi, Juillet 04, 2019 12:52 CEST, mj <lists(a)merit.unu.edu> a écrit:
>
>> Hi,
>>
>> Off list, someone asked me to check if ldap://127.0.0.1:389 would work
>> better than ldap://localhost:389, but it doesn't.
>>
>> But I am now also trying to fill in actual remote ldap servers, and they
>> also don't work. Again nothing at all logged in server.log
>>
>> Do the test buttons work for others here?
>
> Hello,
>
> It works for me with keycloak 6.0.1.
> The button sends a request to
https://<keycloak>/auth/admin/realms/<realm>/testLDAPConnection, can you try
examining the response you have with this request (in the browser dev tools for instance)
?
>
> Regards,
> Cédric Couralet
>
>
>
>> MJ
>
>
>
>>
>> On 7/3/19 10:55 AM, mj wrote:
>>> Hi,
>>>
>>> Keycloak 6.0.1, LDAP federation is working, users can logon and are
>>> updated automatically regularly from ldap:
>>>
>>>> 2019-07-02 17:39:49,761 INFO
[org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users from
LDAP to local store: realm: our_realm, federation provider: our_realm-ad, last sync time:
Mon Jul 01 17:39:43 CEST > 2019-07-02 17:39:50,067 INFO
[org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users
finished: 3 imported users, 22 updated users
>>>
>>> In keycloak, the configured ldap uri is ldap://localhost:389, where a
>>> haproxy instance is listening that talks ldaps to our DCs.
>>>
>>> The 'problem': in the keycloak GUI, the buttons 'Test
authentication'
>>> and 'Test connection' do not work:
>>>
>>> "Error! Error when trying to connect to LDAP. See server.log for
details."
>>>
>>> But nothing logged in server.log, and haproxy does not even log a
>>> connection attempt at all.
>>>
>>> Anyone else seeing this..?
>>>
>>> MJ
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
3:07 a.m.
Hi,
On 7/5/19 9:56 AM, cedric(a)couralet.eu wrote:
Hi, sorry for the stupid question, but did you change the hostname
for the keycloak server (instead of <keycloak>) ?
Haha, yes, I did change it
of course :-)
Ok, so, did it straight from the admin console, with dev tools open.
That gives more info:
XML Parsing Error: no root element found
Location:
https://<realkeycloakurl>/auth/admin/realms/OUR_REALM/testLDAPConnection?action=testConnection&bindCredential=**********&bindDn=cn%3Dsearch_etc******&componentId=e7159941-88ee-4cd3-9b61-936896ed580c&connectionTimeout=&connectionUrl=ldap:%2F%2Flocalhost:389&useTruststoreSpi=never
Line Number 1, Column 1:
Obviously also the bindDN is obfuscated, and actually is how we
configured it.
So, XML parsing error..?
Thanks again!
MJ
8:56 a.m.
New subject: [solved] Re: ldap federation working | test connection / authentication buttons failing
Hi all,
Just wanted to let you know the solution for my issue:
I used custom themes. Appearantly themes do a bit more than 'just some
formatting' because with the default 6.0.1 themes, the buttons started
working again.
So, now I recreated my themes, based on the default 6.0.1 themes, and
everything works again now.
I hope posting this here will help someone with a similar issue in the
future. :-)
Thanks for making keycloak as great as it it is! :-)
MJ
1999
days inactive
2005
days old
6 comments
3 participants
participants (3)
-
cedric@couralet.eu -
lists -
mj