Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-666

Quay config app set LDAPS with customized certificate was failed to save configurations

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • quay-v3.3.1
    • quay-v3.3.0
    • quay
    • Qui-Gon [Quay 184]

      Description:
      This is an issue found when set LDAPS with Quay Config app, now for the tartget LDAP server it was using self singed cert, it will not be trusted by client side; On Quay config app upload the TLS cert of the LDAP server, the results is that it was failed to save configurations.
      refer to the screenshots of the Quay config-app.

      Steps:
      1. Open Quay config app
      2. Go to "Internal Authentication" section, choose LDAP and upload Custom SSL Certificates of LDAP server
      3. In the "LDAP URI: ", give "ldaps://quayldap.qe.gcp.devcluster.openshift.com"
      4. Give other reuqired configurations inlcuding Base DN, User Relative DN, Administrator DN and Administrator DN password
      5. At the section "Custom TLS Certificate", upload the self signed cert of target LDAP server
      6. Click "Save Configurations"

      Expected Results:
      Quay config app can save the configurations successfully.

      Acutal Results:
      Quay config app can't save configurations.

      Quay Config app POD logs:
      2020-04-30 09:36:45,752 [41] [DEBUG] [data.users.externalldap] TLS Fallback enabled in LDAP
      gunicorn-config stdout | 2020-04-30 09:36:45,752 [41] [DEBUG] [data.users.externalldap] TLS Fallback enabled in LDAP
      2020-04-30 09:36:45,890 [41] [ERROR] [util.config.validator] Validation exception
      Traceback (most recent call last):
      File "/quay-registry/util/config/validator.py", line 87, in validate_service_for_config
      VALIDATORS[service](validator_context)
      File "/quay-registry/util/config/validators/validate_ldap.py", line 56, in validate
      raise ConfigValidationException(values.get("desc", "Unknown error"))
      ConfigValidationException: Can't contact LDAP server
      gunicorn-config stdout | 2020-04-30 09:36:45,890 [41] [ERROR] [util.config.validator] Validation exception
      Traceback (most recent call last):
      File "/quay-registry/util/config/validator.py", line 87, in validate_service_for_config
      VALIDATORS[service](validator_context)
      File "/quay-registry/util/config/validators/validate_ldap.py", line 56, in validate
      raise ConfigValidationException(values.get("desc", "Unknown error"))
      ConfigValidationException: Can't contact LDAP server

        1. Apache LDAP Client.png
          729 kB
          luffy zhang
        2. quayconfig-app-logs
          235 kB
          luffy zhang
        3. Quay config LDAP.png
          247 kB
          luffy zhang
        4. Save configurations.png
          278 kB
          luffy zhang
        5. upload LDAP server cert.png
          256 kB
          luffy zhang
        6. Upload LDAP TLS Cert.png
          236 kB
          luffy zhang

              tomckay@redhat.com Thomas Mckay (Inactive)
              lzha1981 luffy zhang
              luffy zhang luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: