Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UI - LDAP Auth Method TLS Certificate Input #7187

Closed
jmariondev opened this issue Jul 24, 2019 · 8 comments
Closed

UI - LDAP Auth Method TLS Certificate Input #7187

jmariondev opened this issue Jul 24, 2019 · 8 comments
Labels
bug Used to indicate a potential bug ecosystem ticketed ui

Comments

@jmariondev
Copy link

Describe the bug
The form to configure an LDAP auth method has a field that takes a PEM-encoded cert, but does not support multi-line input. This causes the error "failed to decode PEM block in the certificate" as it seems to strip newlines from the input.

To Reproduce
Steps to reproduce the behavior:

  1. Enable an LDAP auth method
  2. Attempt to set a certificate for the method in the UI (eg /ui/vault/settings/auth/configure/ldap/configuration)

Expected behavior
The form input used to be multi-line (or file selection?), which allowed multi-line input. This allowed the certificate data to save properly.

Environment:

  • Vault Server Version (retrieve with vault status): 1.1.3+prem
  • Vault CLI Version (retrieve with vault version): Vault v1.1.3 ('9bc820f700f83a7c4bcab54c5323735a581b34eb')
  • Server Operating System/Architecture: CentOS 7 amd64
@meirish meirish added the ui label Jul 25, 2019
@meirish meirish mentioned this issue Jul 25, 2019
Closed
@ankushkumar11
Copy link

Even, I got the same error while i was trying to configure LDAP using UI. Then, I tried vault cli. vault write auth/ldap/config and it worked for me.

@meirish meirish mentioned this issue Aug 5, 2019
Merged
@chrishoffman chrishoffman added the bug Used to indicate a potential bug label Aug 19, 2019
@horpek
Copy link

horpek commented Sep 4, 2019

I try to configure ldap via API (with ansible) and I hit the same issue too. Glad to learn if anyone has successfully done it and how.

@ndobbs
Copy link

ndobbs commented Nov 6, 2019
edited
Loading

I just ran into this issue as well, using the CLI worked for me.

image

@rbigeard
Copy link

Hitting this problem with Vault 1.3.x but not Vault 1.2.x. Could there be a regression?

I have tried the CLI, the Json payload method and the UI, same "failed to decode PEM block in the certificate" error.

The CLI method (vault write auth/ldap/config) worked fine with 1.2.x

@rbigeard
Copy link

I managed to make it work and it looks like the order or parameters when passed to the cli matters.

@PG-TwinsFan
Copy link

I managed to make it work and it looks like the order or parameters when passed to the cli matters.

can you share what order you used via the CLI to get this to work? Seeing the same thing.

@rbigeard
Copy link

@PG-TwinsFan

(redacted for security reasons)

vault write auth/ldap/config
url=xxxx
userattr=xxxx
userdn=xxxx
groupdn=xxxx
groupattr="cn"
groupfilter=xxxx
groupattr="memberOf"
binddn=xxxx
bindpass=xxxx
certificate=@pemfile
insecure_tls=true
starttls=false

@Monkeychip Monkeychip mentioned this issue Mar 16, 2020
Merged
@Monkeychip
Copy link
Contributor

@jmariondev thank you for the ticket. This will be fixed in 1.4. See the PR for details..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to indicate a potential bug ecosystem ticketed ui
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests