问题
I'm trying to connect Hyperledger Fabric CA to an Openldap. The Openldap is set up in local, with a single organisation
dc=fabric-ca,dc=example,dc=com
And a single user, cn=admin,dc=.../
I have set up a Fabric-CA with following server config :
ldap:
enabled: true
url: ldap://cn=admin,dc=fabric-ca,dc=example,dc=com:000000@☺localhost:389/dc=fabric-ca,dc=example,dc=com
userfilter: (dn:%s)
tls:
enabled: false
attribute:
names: ["dn"]
Converters and maps are irrelevant (so far). The admin exist in OpenLDAP, I checked.
When I start the following enroll command :
fabric-ca-client enroll -u http://cn=admin,dc=fabric-ca,dc=example,dc=com@localhost:7054
I get the following error :
20 - Authorization failure
The CA debug log gave me these informations :
Received request for /enroll
ca.Config: "followed by the CA server config file"
Getting user 'cn=admin,dc=fabric-ca,dc=example,dc=com'
Searching for user 'cn=admin,dc=fabric-ca,dc=example,dc=com' using cached connection
127.0.0.1:45768 POST /enroll 401 23 "Failed to get user: User 'cn=admin,dc=fabric-ca,dc=example,dc=com' does not exist in LDAP directory"
Please, this issue is infuriating. Thanks for your time.
回答1:
While performing enrollment process, you should pass user name only, but you passed distinguished name instead of that. Except that password should be sent, so your enrollment command should looks like:
fabric-ca-client enroll -u http://admin:mypassword@localhost:7054
Except that, i think that userfilter should looks like that: (cn=%s)
since you used cn
as admin prefix
来源:https://stackoverflow.com/questions/51825618/hyperledger-fabric-ca-connect-to-ldap-admin-does-not-exist