Closed as not planned
Description
Issue submitter TODO list
- I've looked up my issue in FAQ
- I've searched for an already existing issues here
- I've tried running
main-labeled docker image and the issue still persists there - I'm running a supported version of the application which is listed here
Describe the bug (actual behavior)
Hello!
I try to use RBAC with LDAP provider
Expected behavior
No response
Your installation details
My kafka-ui:
kafbat/kafka-ui:v1.2.0
auth:
type: LDAP
spring:
ldap:
urls: ldap://192.168.1.16:389
base: "cn={0},DC=gulliver-ul,DC=local"
admin-user: "CN=ldap,OU=Service Accounts,OU=Users,OU=ULN,OU=Gulliver,OU=GC,DC=gulliver-ul,DC=local"
admin-password: "password"
user-filter-search-base: "DC=gulliver-ul,DC=local"
user-filter-search-filter: "(&(objectCategory=user)(sAMAccountName={0})(|(memberof=CN=kafka_users,OU=Groups,OU=ULN,OU=Gulliver,OU=GC,DC=gulliver-ul,DC=local)))"
group-filter-search-base: "DC=gulliver-ul,DC=local"
oauth2:
ldap:
activeDirectory: false
aсtiveDirectory:
domain: gulliver-ul.local
kafka:
clusters:
- bootstrapServers: kafka:9092
kafkaConnect:
- address: http://kafka.local:8083
name: kafka-connect
name: kafka
properties: {}
readOnly: false
schemaRegistry: http://kafka.local:8081
rbac:
roles:
- name: "kafka_users"
clusters:
- kafka
subjects:
- provider: ldap
type: group
value: "kafka_users"
permissions:
- resource: applicationconfig
actions: all
- resource: clusterconfig
actions: all
- resource: topic
value: ".*"
actions: all
- resource: consumer
value: ".*"
actions: all
- resource: schema
value: ".*"
actions: all
- resource: connect
value: ".*"
actions: all
- resource: ksql
actions: all
- resource: acl
actions: [ view ]
webclient: {}
Steps to reproduce
But I can not login. Without RBAC I can login successfully
Screenshots
No response
Logs
17:01:46,212 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServerOperations: [38e74c98, L:/172.19.0.5:8080 - R:/10.0.102.30:64687] New http connection, requesting read
2025-05-21 17:01:46,212 DEBUG [reactor-http-epoll-4] r.n.t.TransportConfig: [38e74c98, L:/172.19.0.5:8080 - R:/10.0.102.30:64687] Initialized pipeline DefaultChannelPipeline{(reactor.left.httpCodec = io.netty.handler.codec.http.HttpServerCodec), (reactor.left.httpTrafficHandler = reactor.netty.http.server.HttpTrafficHandler), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
2025-05-21 17:01:46,218 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServerOperations: [38e74c98, L:/172.19.0.5:8080 - R:/10.0.102.30:64687] Increasing pending responses count: 1
2025-05-21 17:01:46,219 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServer: [38e74c98-1, L:/172.19.0.5:8080 - R:/10.0.102.30:64687] Handler is being applied: org.springframework.http.server.reactive.ReactorHttpHandlerAdapter@4455ec2e
2025-05-21 17:01:46,229 DEBUG [reactor-http-epoll-4] o.s.w.s.a.HttpWebHandlerAdapter: [38e74c98-1] HTTP POST "/login"
2025-05-21 17:01:46,249 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher: Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/login', method=POST}
2025-05-21 17:01:46,251 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.PathPatternParserServerWebExchangeMatcher: Checking match of request : '/login'; against '/login'
2025-05-21 17:01:46,251 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher: matched
2025-05-21 17:01:46,252 DEBUG [reactor-http-epoll-4] r.n.c.FluxReceive: [38e74c98-1, L:/172.19.0.5:8080 - R:/10.0.102.30:64687] [terminated=false, cancelled=false, pending=0, error=null]: subscribing inbound receiver
2025-05-21 17:01:46,253 DEBUG [reactor-http-epoll-4] o.s.h.c.FormHttpMessageReader: [38e74c98-1] Read form fields [username, password] (content masked)
2025-05-21 17:01:46,283 DEBUG [boundedElastic-1] o.s.s.l.a.BindAuthenticator: Failed to bind with any user DNs [cn=a.arapov,DC=gulliver-ul,DC=local]
2025-05-21 17:01:46,290 DEBUG [boundedElastic-1] o.s.l.c.s.AbstractContextSource: Got Ldap context on server 'ldap://192.168.1.16:389'
2025-05-21 17:01:46,312 DEBUG [boundedElastic-1] o.s.s.l.SpringSecurityLdapTemplate: Found DN: CN=Арапов Алексей Анатольевич,OU=Users,OU=Outlaw,DC=gulliver-ul,DC=local
2025-05-21 17:01:46,314 DEBUG [boundedElastic-1] o.s.s.l.s.FilterBasedLdapUserSearch: Found user 'a.arapov', with FilterBasedLdapUserSearch [searchFilter=(&(objectCategory=user)(sAMAccountName={0})(|(memberof=CN=kafka_users,OU=Groups,OU=ULN,OU=Gulliver,OU=GC,DC=gulliver-ul,DC=local))); searchBase=DC=gulliver-ul,DC=local; scope=subtree; searchTimeLimit=0; derefLinkFlag=false ]
2025-05-21 17:01:46,321 DEBUG [boundedElastic-1] o.s.l.c.s.AbstractContextSource: Got Ldap context on server 'ldap://192.168.1.16:389'
2025-05-21 17:01:46,322 DEBUG [boundedElastic-1] o.s.s.l.a.BindAuthenticator: Bound CN=Арапов Алексей Анатольевич,OU=Users,OU=Outlaw,DC=gulliver-ul,DC=local
2025-05-21 17:01:46,324 DEBUG [boundedElastic-1] o.s.l.c.LdapTemplate: The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2025-05-21 17:01:46,333 DEBUG [boundedElastic-1] o.s.l.c.s.AbstractContextSource: Got Ldap context on server 'ldap://192.168.1.16:389'
2025-05-21 17:01:46,333 DEBUG [boundedElastic-1] o.s.l.c.LdapTemplate: Executing search with base [DC=gulliver-ul,DC=local] and filter [(member=CN=Арапов Алексей Анатольевич,OU=Users,OU=Outlaw,DC=gulliver-ul,DC=local)]
2025-05-21 17:01:46,383 DEBUG [boundedElastic-1] o.s.b.a.w.r.e.AbstractErrorWebExceptionHandler: [38e74c98-1] Resolved [PartialResultException: Unprocessed Continuation Reference(s)] for HTTP POST /login
2025-05-21 17:01:46,384 ERROR [boundedElastic-1] o.s.b.a.w.r.e.AbstractErrorWebExceptionHandler: [38e74c98-1] 500 Server Error for HTTP POST "/login"
2025-05-21 17:01:46,324 DEBUG [boundedElastic-1] o.s.l.c.LdapTemplate: The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
Additional context
No response