Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-666

Quay config app set LDAPS with customized certificate was failed to save configurations

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • quay-v3.3.1
    • quay-v3.3.0
    • quay
    • Qui-Gon [Quay 184]
    • 0

    Description

      Description:
      This is an issue found when set LDAPS with Quay Config app, now for the tartget LDAP server it was using self singed cert, it will not be trusted by client side; On Quay config app upload the TLS cert of the LDAP server, the results is that it was failed to save configurations.
      refer to the screenshots of the Quay config-app.

      Steps:
      1. Open Quay config app
      2. Go to "Internal Authentication" section, choose LDAP and upload Custom SSL Certificates of LDAP server
      3. In the "LDAP URI: ", give "ldaps://quayldap.qe.gcp.devcluster.openshift.com"
      4. Give other reuqired configurations inlcuding Base DN, User Relative DN, Administrator DN and Administrator DN password
      5. At the section "Custom TLS Certificate", upload the self signed cert of target LDAP server
      6. Click "Save Configurations"

      Expected Results:
      Quay config app can save the configurations successfully.

      Acutal Results:
      Quay config app can't save configurations.

      Quay Config app POD logs:
      2020-04-30 09:36:45,752 [41] [DEBUG] [data.users.externalldap] TLS Fallback enabled in LDAP
      gunicorn-config stdout | 2020-04-30 09:36:45,752 [41] [DEBUG] [data.users.externalldap] TLS Fallback enabled in LDAP
      2020-04-30 09:36:45,890 [41] [ERROR] [util.config.validator] Validation exception
      Traceback (most recent call last):
      File "/quay-registry/util/config/validator.py", line 87, in validate_service_for_config
      VALIDATORS[service](validator_context)
      File "/quay-registry/util/config/validators/validate_ldap.py", line 56, in validate
      raise ConfigValidationException(values.get("desc", "Unknown error"))
      ConfigValidationException: Can't contact LDAP server
      gunicorn-config stdout | 2020-04-30 09:36:45,890 [41] [ERROR] [util.config.validator] Validation exception
      Traceback (most recent call last):
      File "/quay-registry/util/config/validator.py", line 87, in validate_service_for_config
      VALIDATORS[service](validator_context)
      File "/quay-registry/util/config/validators/validate_ldap.py", line 56, in validate
      raise ConfigValidationException(values.get("desc", "Unknown error"))
      ConfigValidationException: Can't contact LDAP server

      Attachments

        1. Apache LDAP Client.png
          Apache LDAP Client.png
          729 kB
        2. quayconfig-app-logs
          235 kB
        3. Quay config LDAP.png
          Quay config LDAP.png
          247 kB
        4. Save configurations.png
          Save configurations.png
          278 kB
        5. upload LDAP server cert.png
          upload LDAP server cert.png
          256 kB
        6. Upload LDAP TLS Cert.png
          Upload LDAP TLS Cert.png
          236 kB

        Issue Links

          blocks

          Task - Represents a small unit of work that is not end-user facing. PROJQUAY-774 Release v3.3.1

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              tomckay@redhat.com Thomas Mckay
              lzha1981 luffy zhang
              luffy zhang luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: