User Authentication Issues

Symptom Troubleshooting/Resolution
The message 403 Forbidden appears when trying to revoke a user. Verify that the revoke command is being executed as a Platform Administrator.

The Tenant Key Pair API command returns a key error, as follows:

  • Command: http://<ip_address>:8080/api/v1/tenant/"+<tnt_id>+"?<private_key>
  • Output : {"private_key":"undefined"}
This is normal behavior if the Site Admin tenant (<tnt_id>=1) is used in the command. This tenant does not have any virtual nodes/containers and therefore has no defined SSH key to return.
Unable to log in to a container using LDAP/AD credentials.

Validate the LDAP/AD credentials by executing the ldapsearch command from the Controller:

LDAPTLS_REQCERT=never ldapsearch -ZZ -x -h <ad_ldap_server_name> -p <port> -D <bind_dn> -w <bind_password> -b <subtree_dn> -s sub <filters_go_here>

For example:

LDAPTLS_REQCERT=never ldapsearch -ZZ -x -h 10.3.29.11 -p 389 -b 'dc=bluedata,dc=net' -s sub '(cn=john)

If that succeeds, then verify that the user is included in the membership defined in the ldap_access_filter property defined in /etc/ssd/ssd.conf in the container by logging in to the container as user HPE and then executing the command sudo bash.
When a user that has special characters in their Distinguised Name, for example cn=Test1 (test1), cn=Users,... attempts to log into a KubeDirector Notebook, the Notebook (JupyterHub) returns the error: 500: Internal Server Error. Change the configuration of the JupyterHub LDAP Authenticator Plugin to set LDAPAuthenticator.escape_userdn = True.

With this configuration change, when authenticating in LDAP, the following special characters in userdn are escaped: \ ,*,(, and )