Empty password not allowed by client

robyelle · December 14, 2022, 6:27pm

Hello,

I just upgraded the ondemand packages for our cluster. After restarting the ondemand service, nobody can log into the portal, they get the following message:

Internal Server Error

Login error: ldap: initial bind for user “dc=engr,dc=oregonstate,dc=edu”
failed: LDAP Result Code 206 “Empty password not allowed by the client”:
ldap: empty password not allowed by the client

A similar message also appears in /var/log/messages.

When I downgrade the ondemand-dex package from 2.32.0 back to 2.27.0 and restart the ondemand-dex service, authentication works again. Any ideas what may be going wrong with the 2.32 version?

Thanks,

Rob

gbyrket · December 14, 2022, 7:03pm

Hi.

Thanks for your post. Can you please paste the LDAP section of your ood_portal.yml? Please ensure you “xxxx” out the actual password.

Thanks,
-gerald

robyelle · December 14, 2022, 7:32pm

Hi Gerald,

Thank you for your response. Here it is:

dex:
ssl: true
https_port: “5554”
connectors:
- type: ldap
id: ldap
name: LDAP
config:
host: ldap.engr.oregonstate.edu:636
insecureSkipVerify: false
bindDN: dc=engr,dc=oregonstate,dc=edu
#bindPW:
userSearch:
baseDN: ou=people,dc=engr,dc=oregonstate,dc=edu
filter: “(objectClass=posixAccount)”
username: uid
idAttr: uid
emailAttr: uid
nameAttr: gecos
preferredUsernameAttr: uid
groupSearch:
baseDN: ou=groups,dc=engr,dc=oregonstate,dc=edu
filter: “(objectClass=posixGroup)”
userMatchers:
- userAttr: DN
groupAttr: member
nameAttr: cn

Let me know if you need anything else.

Rob

gbyrket · December 14, 2022, 7:54pm

That’s what i thought. Just wanted to confirm. You need to specify the bind password in your config.

You should use

slappasswd to generate the hashed password.

$ slappasswd
New password: <ENTER YOUR CURRENT BIND PASSWORD>
Re-enter new password: <RE-ENTER YOUR CURRENT BIND PASSWORD>
{SSHA}v2dxgXWusEKSbwzSk/BoqkIRzmxmpMPv

You will need to add the results of the above to your ood_portal.yml
{SSHA}v2dxgXWusEKSbwzSk/BoqkIRzmxmpMPv

robyelle · December 14, 2022, 9:06pm

Thanks Gerald,

I will give that a shot.

Rob

gbyrket · December 14, 2022, 9:24pm

oh yes, and don’t forget to run the update script.

sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal

system · June 12, 2023, 9:25pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
DEX failed authentication message not what I expected Get Help question	3	662	February 28, 2024
Dex with LDAP giving internal server error Get Help	8	1876	September 17, 2022
Unable to get LDAP working in Dex Get Help	4	802	April 4, 2022
Dex with LDAP giving internal server error (round 2) Get Help	18	1603	November 7, 2022
Problem binding to LDAP with Dex: password too complex? Get Help	4	338	November 22, 2022

Empty password not allowed by client

Internal Server Error

Related topics