Hyperledger Fabric-ca connect to LDAP : admin does not exist

假如想象 提交于 2019-12-08 09:13:01

问题


I'm trying to connect Hyperledger Fabric CA to an Openldap. The Openldap is set up in local, with a single organisation

dc=fabric-ca,dc=example,dc=com

And a single user, cn=admin,dc=.../

I have set up a Fabric-CA with following server config :

ldap:
enabled: true
url: ldap://cn=admin,dc=fabric-ca,dc=example,dc=com:000000@☺localhost:389/dc=fabric-ca,dc=example,dc=com
userfilter: (dn:%s)
tls:
    enabled: false
attribute:
    names: ["dn"]

Converters and maps are irrelevant (so far). The admin exist in OpenLDAP, I checked.

When I start the following enroll command :

fabric-ca-client enroll -u http://cn=admin,dc=fabric-ca,dc=example,dc=com@localhost:7054

I get the following error :

20 - Authorization failure

The CA debug log gave me these informations :

Received request for /enroll
ca.Config: "followed by the CA server config file"
Getting user 'cn=admin,dc=fabric-ca,dc=example,dc=com'
Searching for user 'cn=admin,dc=fabric-ca,dc=example,dc=com' using cached connection
127.0.0.1:45768 POST /enroll 401 23 "Failed to get user: User 'cn=admin,dc=fabric-ca,dc=example,dc=com' does not exist in LDAP directory"

Please, this issue is infuriating. Thanks for your time.


回答1:


While performing enrollment process, you should pass user name only, but you passed distinguished name instead of that. Except that password should be sent, so your enrollment command should looks like:

fabric-ca-client enroll -u http://admin:mypassword@localhost:7054

Except that, i think that userfilter should looks like that: (cn=%s) since you used cn as admin prefix



来源:https://stackoverflow.com/questions/51825618/hyperledger-fabric-ca-connect-to-ldap-admin-does-not-exist

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!