1

I've been trying to set up a rundeck server but run into several issues when the authentication provided either doesn't provide full access to projects and when I've tried to modify the config files, it then fails to authenticate as shown below.

HTTP ERROR: 500

Problem accessing /user/j_security_check. Reason:

java.io.IOException: Configuration Error:
No such file or directory

My jaas-loginmodule.conf looks like this:

com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
    debug="true"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    providerUrl="ldaps://sb2sys3.derivatives.com"
    bindDn="uid=svldap,cn=users,cn=accounts,dc=derivatives,dc=com"
    bindPassword="T0wR0pe!"
    authenticationMethod="simple"
    forceBindingLoginUseRootContextForRoles="true"
    forceBindingLogin="true"
    userBaseDn="cn=users,cn=accounts,dc=derivatives,dc=com"
    userRdnAttribute="uid"
    userIdAttribute="uid"
    userPasswordAttribute="userPassword"
    userObjectClass="inetOrgPerson"
    roleBaseDn="cn=groups,cn=accounts,dc=derivatives,dc=com"
    roleNameAttribute="cn"
    roleMemberAttribute="member"
    roleObjectClass="groupOfNames"
    cacheDurationMillis="300000"
    supplementalRoles="user"
    reportStatistics="true";

org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
    debug="true"
    file="/etc/rundeck/realm.properties";
};

I've also editted the realm.properties file to have a user with the role admin, which is also changed in the web.xml.

The current admin.aclpolicy looks like this:

description: Admin, all access.
context:
  project: '.*' # all projects
for:
  resource:
    - allow: '*' # allow read/create all kinds
  adhoc:
    - allow: '*' # allow read/running/killing adhoc jobs
  job:
    - allow: '*' # allow read/write/delete/run/kill of all jobs
  node:
    - allow: '*' # allow read/run for all nodes
by:
  group: admin

---

description: Admin, all access.
context:
  application: 'rundeck'
for:
  resource:
    - allow: '*' # allow create of projects
  project:
    - allow: '*' # allow view/admin of all projects
  project_acl:
    - allow: '*' # allow admin of all project-level ACL policies
  storage:
    - allow: '*' # allow read/create/update/delete for all /keys/* storage content
by:
  group: admin
user9631824
  • 11
  • 2
  • Check rundeck logs "tail -f /var/log/rundeck/*.log" and try accessing it from browser. Make sure you have all conf and .aclpolicy files as default. It will work. – Leo Prince May 18 '18 at 05:14

1 Answers1

1

The error you are receiving appears to be related to the JAAS_CONF variable.

I managed to reproduce the exact 500 error on a rpm installation with CentOS7.

By commenting out the JAAS_CONF variable from /etc/rundeck/profile and ,if you have set it, /etc/sysconfig/rundeckd or /etc/default/rundeckd, the error shows empty java.io.IOException with “Configuration Error: No such file or directory” so it may be a possibility that a mistype in those files may be affecting the authentication.

I would advise you to perform a complete check in those files in order to verify that everything is in order.

Hope it helps

Eduardo Carrasco
  • 159
  • 2