Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Cloudbreak returns 403 after LDAP integration

Cloudbreak returns 403 after LDAP integration

New Contributor

I have Cloudbreak 2.5.0 (Cloudbreak Deployer: 2.5.0-45df4c3) running and integrated with LDAP. After login, the Autoscale and Cloudbreak status icons show a question mark and web page inspector throws a bunch of 403 errors.

Are there any additional LDAP config params that are needed for CB to work properly or the config shown in the official documentation is enough?

Part of CB log below:

/cbreak_uluwatu_1 | 2018-06-12T14:06:25.356Z ERROR [owner:6876c32c-5d40-463b-bb0a-123af42ab43e] [email: <USER_EMAIL>] client error: '{
/cbreak_uluwatu_1 |   "owner": null,
/cbreak_uluwatu_1 |   "message": "Unexpected token < in JSON at position 0",
/cbreak_uluwatu_1 |   "stack": "SyntaxError: Unexpected token < in JSON at position 0\n    at JSON.parse (<anonymous>)\n    at XMLHttpRequest.t.onreadystatechange [as __zone_symbol__ON_PROPERTYreadystatechange] (https://<CLOUDBREAK_HOST>/main.a1500dade0eebb9e55b8.bundle.js:1:4057722)\n    at XMLHttpRequest.x (https://<CLOUDBREAK_HOST>/polyfills.dc0a13a303f1e3c6ca42.bundle.js:1:28029)\n    at t.invokeTask (https://<CLOUDBREAK_HOST>/polyfills.dc0a13a303f1e3c6ca42.bundle.js:1:19357)\n    at Object.onInvokeTask (https://<CLOUDBREAK_HOST>/main.a1500dade0eebb9e55b8.bundle.js:1:364050)\n    at t.invokeTask (https://<CLOUDBREAK_HOST>/polyfills.dc0a13a303f1e3c6ca42.bundle.js:1:19278)\n    at e.runTask (https://<CLOUDBREAK_HOST>/polyfills.dc0a13a303f1e3c6ca42.bundle.js:1:14535)\n    at e.invokeTask [as invoke] (https://<CLOUDBREAK_HOST>/polyfills.dc0a13a303f1e3c6ca42.bundle.js:1:20447)\n    at k (https://<CLOUDBREAK_HOST>/polyfills.dc0a13a303f1e3c6ca42.bundle.js:1:31143)\n    at XMLHttpRequest._ (https://<CLOUDBREAK_HOST>/polyfills.dc0a13a303f1e3c6ca42.bundle.js:1:31373)",
/cbreak_uluwatu_1 |   "debugContext": {
/cbreak_uluwatu_1 |     "component": "",
/cbreak_uluwatu_1 |     "formGroups": {}
/cbreak_uluwatu_1 |   },
/cbreak_uluwatu_1 |   "url": "/clusters"
/cbreak_uluwatu_1 | }'
/cbreak_uluwatu_1 | 2018-06-12T14:06:25.357Z INFO [owner:6876c32c-5d40-463b-bb0a-123af42ab43e] [email: <USER_EMAIL>] [tracking: 5844b928-514d-41f0-9bac-ec22c075cf12] 54.40.192.193 - POST /errormessage HTTP/1.1 200 57.209 ms [-]
/cbreak_uluwatu_1 | 2018-06-12T14:06:25.361Z ERROR [owner:6876c32c-5d40-463b-bb0a-123af42ab43e] [email: <USER_EMAIL>] client error: '{
/cbreak_uluwatu_1 |   "owner": null,
/cbreak_uluwatu_1 |   "message": "[object Object]",
/cbreak_uluwatu_1 |   "stack": null,
/cbreak_uluwatu_1 |   "debugContext": {
/cbreak_uluwatu_1 |     "component": "",
/cbreak_uluwatu_1 |     "formGroups": {}
/cbreak_uluwatu_1 |   },
/cbreak_uluwatu_1 |   "url": "/clusters"
/cbreak_uluwatu_1 | }'
/cbreak_uluwatu_1 | 2018-06-12T14:06:25.677Z INFO [owner: ] [email: ] [tracking: -] 54.40.192.193 - GET /main.a1500dade0eebb9e55b8.bundle.js.map HTTP/1.1 200 1.643 ms [-]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.044Z ERROR [owner: ] [email: ]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.062Z ERROR [owner: ] [email: ]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.064Z ERROR [owner: ] [email: ]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.068Z ERROR [owner: ] [email: ]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.069Z ERROR [owner: ] [email: ]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.080Z ERROR [owner: ] [email: ]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.083Z ERROR [owner: ] [email: ]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.085Z ERROR [owner: ] [email: ]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.088Z ERROR [owner: ] [email: ]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.090Z ERROR [owner: ] [email: ]
/cbreak_uluwatu_1 | 2018-06-12T14:06:30.097Z ERROR [owner: ] [email: ]

Any help would be appreciated.

Thanks!

3 REPLIES 3

Re: Cloudbreak returns 403 after LDAP integration

Expert Contributor

Helo,

Did you run the following command as well with the right DN?

cbd util execute-ldap-mapping cn=Analysts,ou=Groups,dc=hortonworks,dc=local

For this to take effect you have to log out and log in again.

Re: Cloudbreak returns 403 after LDAP integration

New Contributor

Hi @khorvath,

Yes, I've executed LDAP mapping with the right DN and the issue persists.

Re: Cloudbreak returns 403 after LDAP integration

Expert Contributor

Can you check the identity server log if the user gets the right Oauth2 scopes? You should check the logs while you're logging in

docker logs -f cbreak_identity_1

and you should see something that it is looking for the User and Group you provided during the execute-ldap-mapping command. Also does your user part of that LDAP group you provided?