Empty password not allowed by client

Hello,

I just upgraded the ondemand packages for our cluster. After restarting the ondemand service, nobody can log into the portal, they get the following message:

Internal Server Error

Login error: ldap: initial bind for user “dc=engr,dc=oregonstate,dc=edu”
failed: LDAP Result Code 206 “Empty password not allowed by the client”:
ldap: empty password not allowed by the client

A similar message also appears in /var/log/messages.

When I downgrade the ondemand-dex package from 2.32.0 back to 2.27.0 and restart the ondemand-dex service, authentication works again. Any ideas what may be going wrong with the 2.32 version?

Thanks,

Rob

Hi.

Thanks for your post. Can you please paste the LDAP section of your ood_portal.yml? Please ensure you “xxxx” out the actual password.

Thanks,
-gerald

Hi Gerald,

Thank you for your response. Here it is:

dex:
ssl: true
https_port: “5554”
connectors:
- type: ldap
id: ldap
name: LDAP
config:
host: ldap.engr.oregonstate.edu:636
insecureSkipVerify: false
bindDN: dc=engr,dc=oregonstate,dc=edu
#bindPW:
userSearch:
baseDN: ou=people,dc=engr,dc=oregonstate,dc=edu
filter: “(objectClass=posixAccount)”
username: uid
idAttr: uid
emailAttr: uid
nameAttr: gecos
preferredUsernameAttr: uid
groupSearch:
baseDN: ou=groups,dc=engr,dc=oregonstate,dc=edu
filter: “(objectClass=posixGroup)”
userMatchers:
- userAttr: DN
groupAttr: member
nameAttr: cn

Let me know if you need anything else.

Rob

That’s what i thought. Just wanted to confirm. You need to specify the bind password in your config.

You should use

slappasswd to generate the hashed password.

$ slappasswd
New password: <ENTER YOUR CURRENT BIND PASSWORD>
Re-enter new password: <RE-ENTER YOUR CURRENT BIND PASSWORD>
{SSHA}v2dxgXWusEKSbwzSk/BoqkIRzmxmpMPv

You will need to add the results of the above to your ood_portal.yml
{SSHA}v2dxgXWusEKSbwzSk/BoqkIRzmxmpMPv

Thanks Gerald,

I will give that a shot.

Rob

oh yes, and don’t forget to run the update script.

sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal