I am running RabbitMQ version 3.7.6 in a Docker container. The management plugin is enabled.
I receive the following error when logging in to the management UI:
I am using the following rabbitmq.conf:
default_user = admin
default_pass = redacted
default_user_tags.administrator = true
default_user_tags.management = true
The confusing part is that it appears user admin does indeed have management enabled. The following is shown during boot up:
Creating user 'admin'
Setting user tags for user 'admin' to [management,administrator]
Setting permissions for 'admin' in '/' to '.*', '.*', '.*'
As requested, here is the output of list_users:
$ rabbitmqctl list_users
Listing users ...
admin [management, administrator]
Why am I unable to log in to the management console on an account that appears to have the management tag enabled?
Please see my response here:
https://groups.google.com/d/msg/rabbitmq-users/Gm2L4Yyu8jQ/RRL8QRlGAwAJ
Based on the configuration file you provide in that message thread, you are creating a user named "admin" (including the quotes).
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
Related
After installing patch 10.3.6.0.200114, Weblogic console could not log in, indicating "WebLogic Server has rejected this user name or password. Please try again. " However, the service can be accessed normally
There is a bug in this PSU which prevent web app like the admin console to authenticate users. Oracle published a patch to correct this issue : SU Patch [EIL8]: 10.3.6.0.200114WLSPSU Overlay: CANNOT LOGIN TO CONSOLE, BUT CAN LOGIN TO EM WITH THE SAME USER
Download it from MOS and patch your WebLogic server installation.
I am doing LDAP with websphere setup. I did all the priamary setps in the DN am using OU=Users, O= O=IN.
for the federated repository in websphere for PersonAccount i gave the same DN name and in filters i used (objectclass=user). But in the manage user, no user is getting listed.
Turn on the following trace: com.ibm.ws.wim.*=all.
Restart your server. Go to admin console and click Manage Users.
Look in the logs for "JNDI_CALL search"
You will see the filter being used, eg. (&(objectClass=inetorgperson)(uid=*)) and the baseDn being searched on. Verify these are correct by comparing to your ldif of a user you expect to see or by using the ldapsearch utility. It is probably not correct, so take action to fix the filter.
I am unable to create project in open shift. I created a project previously and deleted it. Looks like a project exists but unable to access or delete it. Seems like i am stuck. Also logging into the console https://console.preview.openshift.com/console/ doesn't show any existing projects.
I ran the following oc commands from the terminal.
Any suggestions on how to resolve this issue?
Thanks
XX:~ XX$ oc new-project test
Error from server: projectrequests "test" is forbidden: user XX cannot create more than 1 project(s).
XX:~ XX$ oc delete project test
Error from server: User "XX" cannot delete projects in project "test"
XX:~ XX$ oc status
Error from server: User "XX" cannot get projects in project "default"
XX:~ XX$ oc get projects
You need to give privileges/policies to your user which will allow the actions you want to perform.
If you are just in a proof-of-concept environment I would recommend the make your user cluster-admin in the whole cluster. This will give all the possible privileges to your user. Of course this in't recommended for every user in a 'real' environment.
First you need to authenticate with the 'default admin' which is created after the installation. This default admin-user isn't working with the normal user/password authentication. It's using a client certificate.
oc login -u system:admin --config=/etc/origin/master/admin.kubeconfig
Now you will see a list of the available projects (default, openshift management, etc). Now you're able to give cluster-roles to other users.
Make your user cluster-admin over the whole cluster
oadm policy add-cluster-role-to-user cluster-admin (youruser)
Now you have the cluster-admin privileges inside the whole cluster. You are also able to give privileges for some user in a specific project and not in the whole cluster. Than you have to use:
oadm policy add-role-to-user <role> <username> (in the current project)
This will give the role to a user, but only inside the project from where you've performed this command.
For more information about the avaiable cluster roles and policies I will point to the official documentation.
I raised a defect with Openshift Team as pointed out in the Support Link.
https://docs.openshift.com/online/getting_started/devpreview_faq.html#devpreview-faq-support
Here is the response i received from Support Team.
It seems that you have issued a bug and followed up for this already:
https://bugzilla.redhat.com/show_bug.cgi?id=1368862
After the cause is investigated, our operations team will sure clean up the project manually for you to allow you continue working with the developer preview
Latest update:
The project has now been cleaned up and you should be able to create a new project.
I am able to create Project in Openshift now.
I would like to use CF release of rabbit-mq and provide more BOSH release/deployment defined broker users ( for sake of tracing issues)
Is there a way to provide so ?
Currently i'm using stock release
https://github.com/pivotal-cf/cf-rabbitmq-release
and in deployment i declare single user ?
properties:
rabbitmq-server:
plugins:
- rabbitmq_management
administrators:
broker:
username: foo #user to read and send events
password: bar
Regards
You can see by looking at the spec for the rabbitmq-server that only 2 accounts are identified as valid properties. broker and management
rabbitmq-server.administrators.broker.username:
description: "RabbitMQ admin username for broker"
rabbitmq-server.administrators.broker.password:
description: "RabbitMQ admin password for broker"
rabbitmq-server.administrators.management.username:
description: "RabbitMQ admin username for operator"
rabbitmq-server.administrators.management.password:
description: "RabbitMQ admin password for operator"
https://github.com/pivotal-cf/cf-rabbitmq-release/blob/623a0bfac64ec6820175d3589ba6233435bf912f/jobs/rabbitmq-server/spec#L37
If you know rabbit internals and want to cut your own bosh release you could modify the init-script and create additional administrator users for your use case. The script already uses the same function for operator and broker accounts, and looks like a straightforward pattern to follow. https://github.com/pivotal-cf/cf-rabbitmq-release/blob/623a0bfac64ec6820175d3589ba6233435bf912f/jobs/rabbitmq-server/templates/rabbitmq-server.init.bash#L77
But when you say "tracing issues" I wonder if the operator account is indeed what you're looking for. If so just add that to the job details.
properties:
rabbitmq-server:
plugins:
- rabbitmq_management
administrators:
broker:
username: foo
password: bar
management: #operator account details
username: foo
password: bar
We've been trying without much success to enable LDAP user authentication for the Worklight Application Center. We've carefully followed the instructions here:
http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.help.doc%2Fwl_home.html
First, we created the LDAP repository in the WAS console and added it to the federated repositories config:
http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fappcenter%2Fc_ac_was8_ldap.html
Then we configured the LDAP authentication for users and groups following:
http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.help.doc%2Fwl_home.html
Finally we enabled ACL management with LDAP as suggested by:
http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.help.doc%2Fwl_home.html
After the server restart these are the results:
Worklight Console: Works OK.
Application Center: Shows a ?????? in the user space with the following error in every screen related to users: FWLAC0401W: No user appears to be logged, check the Application Center security configuration.
Worklight WAS Console: We are locked out. The LDAP users do not work, the initial worklight/worklight user does not work. The only way to get in is changing the security.xml for the instance to get back in and rollback the security changes.
What are we doing wrong?
Is there a more "tutorial like" documentation to accomplish these tasks, we might be making some mistakes following the infocenter.
About the application center effect: Technically, the message means that the Web Security Context does not contain a principal (i.e. a user name). In general, Application Center must be configured so that the login screen appears (is this the case for you?).
I know two possible reasons:
Application Security is disabled in WAS. Open the WAS console and select Security > Global Security. Ensure that "Enable Application Security" is checked. Ensure also that "Enable Administrative Security" is checked.
The appcenteradmin role is mapped to special subject "Everyone". Both the appcenteradmin role and the appcenteruser role cannot be mapped to this special subject, because it simply disables the authentication and hence the security context does not know anymore which user is logged in. Look in Applications > Application Types > WebSphere Enterprise Applications > AppCenter > Security Role to user/group mapping. Here you can see how the roles are mapped and you can change it.
Since you also have a problem with the Worklight WAS console, I would guess that your situation is 1., since 2. is local to the Application center and does not affect the WAS console.