What is Rundeck?
Rundeck is an open-source software Job scheduler and Run Book Automation system for automating routine processes across development and production environments. It combines task scheduling, multi-node command execution, workflow orchestration and logs everything that happens.
By default, Rundeck comes with the default local user accounts. Rundeck supports LDAP, Active Directory, PAM and Pre-Auth methods. In this tutorial, we will show you how to configure LDAP/AD based authentication.
Create A bind User and the Security Groups in Active Directory
Before integrating Rundeck with Active Directory, we need to create a bind User and two security groups called rundeck_administrators
and rundeck_users
. Finally, add the appropriate users into those groups before proceeding.
Create jaas-activedirectory.conf file
– Create a jaas-activedirectory.conf
file as below:
# vi /etc/rundeck/jaas-activedirectory.conf activedirectory { com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required debug="true" contextFactory="com.sun.jndi.ldap.LdapCtxFactory" providerUrl="ldap://IP_DOMAIN_CONTROLER:389" bindDn="CN=YOUR_BIND_USER,OU=Rundeck,OU=Application,DC=YALLALABS,DC=LOCAL" bindPassword="XXXXXXXXXXXXXXX" authenticationMethod="simple" forceBindingLogin="true" userBaseDn="DC=YALLALABS,DC=LOCAL" userRdnAttribute="sAMAccountName" userIdAttribute="sAMAccountName" userPasswordAttribute="unicodePwd" userObjectClass="user" roleBaseDn="OU=Rundeck,OU=Application,DC=YALLALABS,DC=LOCAL" roleNameAttribute="cn" roleMemberAttribute="member" roleObjectClass="group" cacheDurationMillis="300000" reportStatistics="true"; };
– providerUrl
: IP Address Or FQDN of your Domain Controller
– bindDn
: LDAP Bind User Distinguished Name
– bindPassword
: Password of the LDAP Bind User
– userBaseDn
: Distinguished name to use as a search base for finding users.
– roleBaseDn
: OU where the rundeck security groups are.
– Finally, change the ownership of the file and set up the correct permission:
# chown rundeck:rundeck /etc/rundeck/jaas-activedirectory.conf # chmod 640 /etc/rundeck/jaas-activedirectory.conf
Edit /etc/rundeck/profile
– We need add the path to the jaas-activedirectory.conf
file and setup the Dloginmodule.name
value to activedirectory
. Modify the /etc/rundeck/profile
as below:
# vi /etc/rundeck/profile ############## Before ##################### RDECK_JVM="-Djava.security.auth.login.config=$JAAS_CONF \ -Dloginmodule.name=$LOGIN_MODULE \ ############# After ####################### RDECK_JVM="-Djava.security.auth.login.config=/etc/rundeck/jaas-activedirectory.conf \ -Dloginmodule.name=activedirectory \
Create the /etc/rundeck/rundeck_administrators.aclpolicy File
– Let’s create an ACL policy file called rundeck_administrators.aclpolicy
for the rundeck_administrators
AD Security group that will have Admin Access in Rundeck
# vi /etc/rundeck/rundeck_administrators.aclpolicy description: Administrators, all access. context: project: '.*' # all projects for: resource: - equals: kind: job allow: [create] # allow create jobs - equals: kind: node allow: [read,create,update,refresh] # allow refresh node sources - equals: kind: event allow: [read,create] # allow read/create events adhoc: - allow: [read,run,runAs,kill,killAs] # allow running/killing adhoc jobs job: - allow: [create,read,update,delete,run,runAs,kill,killAs,toggle_schedule] # allow create/read/write/delete/run/kill of all jobs node: - allow: [read,run] # allow read/run for nodes by: group: rundeck_administrators --- description: Administrators, all access. context: application: 'rundeck' for: resource: - equals: kind: project allow: [create] # allow create of projects - equals: kind: system allow: [read,enable_executions,disable_executions,admin] # allow read of system info, enable/disable all executions - equals: kind: system_acl allow: [read,create,update,delete,admin] # allow modifying system ACL files - equals: kind: user allow: [admin] # allow modify user profiles project: - match: name: '.*' allow: [read,import,export,configure,delete,admin] # allow full access of all projects or use 'admin' project_acl: - match: name: '.*' allow: [read,create,update,delete,admin] # allow modifying project-specific ACL files storage: - allow: [read,create,update,delete] # allow access for /ssh-key/* storage content by: group: rundeck_administrators
– Change the ownership and set the correct permission of the rundeck_administrators.aclpolicy
as below:
chown rundeck:rundeck /etc/rundeck/rundeck_administrators.aclpolicy chmod 640 /etc/rundeck/rundeck_administrators.aclpolicy
Create the /etc/rundeck/rundeck_users.aclpolicy File
– We need to create an ACL policy file called rundeck_users.aclpolicy
for the rundeck_users
AD Security group that will have just read only Access in Rundeck
# vi /etc/rundeck/rundeck_users.aclpolicy description: Standard Users project level access control. context: project: '.*' # all projects for: resource: - equals: kind: job allow: [read] # allow read jobs - equals: kind: node allow: [read] # allow refresh node sources - equals: kind: event allow: [read] # allow read/read events adhoc: - allow: [read] # allow read adhoc jobs job: - allow: [read] # allow read of all jobs node: - allow: [read] # allow read for nodes by: group: rundeck_users --- description: A context: application: 'rundeck' for: resource: - equals: kind: project allow: [read] # allow read of projects - equals: kind: system allow: [read] # allow read executions - equals: kind: system_acl allow: [read] # allow reading system ACL files project: - match: name: '.*' allow: [read] # allow read access of all projects or use 'admin' project_acl: - match: name: '.*' allow: [read] # allow reading project-specific ACL files storage: - allow: [read] # allow read access for /ssh-key/* storage content by: group: rundeck_users
– Change the ownership and set the correct permission of the rundeck_users.aclpolicy
as below:
chown rundeck:rundeck /etc/rundeck/rundeck_users.aclpolicy chmod 640 /etc/rundeck/rundeck_users.aclpolicy
Edit the /var/lib/rundeck/exp/webapp/WEB-INF/web.xml file
– Create the new roles by editing the file /var/lib/rundeck/exp/webapp/WEB-INF/web.xml
# vi /var/lib/rundeck/exp/webapp/WEB-INF/web.xml <security-role> <role-name>rundeck_administrators</role-name> </security-role> <security-role> <role-name>rundeck_users</role-name> </security-role>
Restart Rundeck
– Finally restart the Rundeck daemon:
# systemctl restart rundeckd
Conclusion
You have successfully configured ACtive Directory authentication for Rundeck. You might want to check the following guides:
13 comments
Hello guy!!! I have a problem with the integration of RunDeck with my ActiveDirectory, I’m with Rundeck installed on a windows 2012 R2 server and I’ve followed everything that is documentation and even then the integration does not work, someone could give me strength if I have already done this integration with success? Below are my settings to take a look if there is something wrong !!!
Thank you.
———————————————————————————-
File: c:\RUNDECK\etc\jaas-activedirectory.conf
activedirectory {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required
debug = “true”
contextFactory = “com.sun.jndi.ldap.LdapCtxFactory”
providerUrl = “ldap://192.168.XX.XX:389″
bindDn =”CN=User,OU=Domain Admins,OU=Administrators,DC=Domain,DC=com,DC=br”
bindPassword = “XXXXXXXX”
authenticationMethod = “simple”
forceBindingLogin = “true”
userBaseDn =”OU=Users,DC=Domain,DC=com,DC=br”
userRdnAttribute = “sAMAccountName”
userIdAttribute = “sAMAccountName”
userPasswordAttribute = “unicodePwd”
userObjectClass = “user”
roleBaseDn = “OU=Users,DC=Domain,DC=com,DC=br”
roleNameAttribute = “cn”
roleMemberAttribute = “member”
roleObjectClass = “group”
cacheDurationMillis = “300000”
reportStatistics = “true”;
};
——————————————————————————-
File: File: c:\RUNDECK\etc\profile
RDECK_BASE=C:/RUNDECK
export RDECK_BASE
JAVA_HOME=C:/Java/jdk1.8.0_31/jre
export JAVA_HOME
PATH=$JAVA_HOME/bin:$RDECK_BASE/tools/bin:$PATH
export PATH
export JAVA_CMD=$JAVA_HOME/bin/java
if test -n “$JRE_HOME”
then
unset JRE_HOME
fi
LIBDIR=$RDECK_BASE/tools/lib
CLI_CP=
for i in `ls $LIBDIR/*.jar`
do
CLI_CP=${CLI_CP}:${i}
done
export CLI_CP
Dlogging.level.root=DEBUG
export RDECK_JVM=”-Djava.security.auth.login.config=/rundeck/etc/jaas-activedirectory.conf \
-Dloginmodule.name=activedirectory \
-Drdeck.config=$RDECK_CONFIG \
-Drundeck.server.configDir=$RDECK_SERVER_CONFIG \
-Dserver.datastore.path=$RDECK_SERVER_DATA/rundeck \
-Drundeck.server.serverDIR=$RDECK_INSTALL \
-Drdeck.projects=$RDECK_PROJECTS \
-Drdeck.runlogs=$RUNDECK_LOGDIR \
-Drundeck.config.locations=$RDECK_CONFIG/rundeck-config.properties \
-Djava.io.tmpdir=$RUNDECK_TEMPDIR \
-Drundeck.server.workDir=$RUNDECK_WORKDIR \
-Dserver.hhtp.port=$RDECK_HTTP_PORT”
#
# Set min/max heap size
#
export RDECK_JVM=”$RDECK_JVM -Xmx1024m -Xms256m -XX:MaxMetaspaceSize=256m -server”
export RDECK_SSL_OPTS=”-Djavax.net.ssl.trustStore=$RDECK_BASE/etc/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol”
umask 002
————————————————————————————————————
Hi marcos,
This guide was applied in rundeck server installed on Linux system not on windows system. What errors do you have on your logs?
Hi Lotfi!!
despite being in linux I think the configs should be similar, but finally the error I’m having now after some adjustments is this below, I’ve tested everything and nothing works … If you can give me a light I am very grateful.
rundeck.server.configDir=C:/RUNDECK/server/config, loginmodule.conf.name=jaas-loginmodule.conf, default.admin.name=admin, server.web.context=, logger.jobchanges.format=[%d{ISO8601}] %X{user} %X{change} [%X{id}] %X{project} “%X{groupPath}/%X{jobName}” (%X{method})%X{extraInfo}%n, logger.access.format=[%d{ISO8601}] “%X{method} %X{uri}” %X{remoteHost} %X{secure} %X{remoteUser} %X{authToken} %X{duration} %X{project} [%X{contentType}] (%X{userAgent})%n, default.encryption.password=ud8m7a6m5sbspm2, server.hostname=Zune, server.datastore.path=C:/RUNDECK/server/data/grailsdb, rundeck.launcher.jar.location=C:/RUNDECK/rundeck-3.0.23-20190619.war, logger.execevents.format=[%d{ISO8601}] %X{eventUser} %X{event} [%X{id}:%X{state}] %X{project} %X{user}/%X{abortedby} “%X{groupPath}/%X{jobName} %X{argString}”[%X{uuid}] %n, rundeck.config.name=rundeck-config.properties, logger.storage.format=[%d{ISO8601}] %X{action} %X{type} %X{path} %X{status} %X{metadata}%n, default.admin.password=admin, default.encryption.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC, rundeck.log.dir=C:/RUNDECK/server/logs, logger.options.format=[%d{ISO8601}] %X{httpStatusCode} %X{contentLength}B %X{durationTime}ms %X{lastModifiedDateTime} [%X{jobName}] %X{url} %X{contentSHA1}%n, server.http.port=4440, default.user.password=user, loginmodule.name=activedirectory, logger.apirequests.format=[%d{ISO8601}] %X{remoteHost} %X{secure} %X{remoteUser} %X{authToken} %X{duration} %X{project} “%X{method} %X{uri}” (%X{userAgent})%n, default.user.name=user}
VERBOSE: –skipinstall: Not extracting.
Configuring Spring Security Core …
… finished configuring Spring Security Core
2019-07-29 09:50:26.288 ERROR — [ main] g.b.c.GrailsApplicationPostProcessor : Error loading spring/resources.groovy file: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
java.lang.SecurityException: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
at sun.security.provider.ConfigFile$Spi.(ConfigFile.java:137)
at sun.security.provider.ConfigFile.(ConfigFile.java:102)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at java.lang.Class.newInstance(Class.java:438)
at javax.security.auth.login.Configuration$2.run(Configuration.java:255)
at javax.security.auth.login.Configuration$2.run(Configuration.java:247)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246)
at javax.security.auth.login.Configuration$getConfiguration.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:120)
at resources$_run_closure1$_closure53.doCall(resources.groovy:498)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:264)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at groovy.lang.Closure.call(Closure.java:418)
at grails.spring.BeanBuilder.invokeBeanDefiningMethod(BeanBuilder.java:708)
at grails.spring.BeanBuilder.invokeMethod(BeanBuilder.java:565)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeOnDelegationObjects(ClosureMetaClass.java:414)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:338)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:68)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:157)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:177)
at resources$_run_closure1.doCall(resources.groovy:497)
at resources$_run_closure1.doCall(resources.groovy)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:264)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at groovy.lang.Closure.call(Closure.java:418)
at groovy.lang.Closure.call(Closure.java:412)
at grails.spring.BeanBuilder.invokeBeanDefiningClosure(BeanBuilder.java:759)
at grails.spring.BeanBuilder.beans(BeanBuilder.java:588)
at org.grails.spring.RuntimeSpringConfigUtilities.reloadSpringResourcesConfig(RuntimeSpringConfigUtilities.java:103)
at grails.boot.config.GrailsApplicationPostProcessor.postProcessBeanDefinitionRegistry(GrailsApplicationPostProcessor.groovy:181)
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:272)
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:122)
at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:687)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:525)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at grails.boot.GrailsApp.run(GrailsApp.groovy:84)
at grails.boot.GrailsApp.run(GrailsApp.groovy:393)
at grails.boot.GrailsApp.run(GrailsApp.groovy:380)
at grails.boot.GrailsApp$run.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:136)
at rundeckapp.Application.main(Application.groovy:28)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.WarLauncher.main(WarLauncher.java:59)
Caused by: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572)
at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:454)
at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
at sun.security.provider.ConfigFile$Spi.(ConfigFile.java:135)
… 73 common frames omitted
2019-07-29 09:50:26.320 ERROR — [ main] o.s.boot.SpringApplication : Application startup failed
org.grails.core.exceptions.GrailsConfigurationException: Error loading spring/resources.groovy file: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
at grails.boot.config.GrailsApplicationPostProcessor.postProcessBeanDefinitionRegistry(GrailsApplicationPostProcessor.groovy:184)
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:272)
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:122)
at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:687)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:525)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at grails.boot.GrailsApp.run(GrailsApp.groovy:84)
at grails.boot.GrailsApp.run(GrailsApp.groovy:393)
at grails.boot.GrailsApp.run(GrailsApp.groovy:380)
at grails.boot.GrailsApp$run.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:136)
at rundeckapp.Application.main(Application.groovy:28)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.WarLauncher.main(WarLauncher.java:59)
Caused by: java.lang.SecurityException: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
at sun.security.provider.ConfigFile$Spi.(ConfigFile.java:137)
at sun.security.provider.ConfigFile.(ConfigFile.java:102)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at java.lang.Class.newInstance(Class.java:438)
at javax.security.auth.login.Configuration$2.run(Configuration.java:255)
at javax.security.auth.login.Configuration$2.run(Configuration.java:247)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246)
at javax.security.auth.login.Configuration$getConfiguration.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:120)
at resources$_run_closure1$_closure53.doCall(resources.groovy:498)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:264)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at groovy.lang.Closure.call(Closure.java:418)
at grails.spring.BeanBuilder.invokeBeanDefiningMethod(BeanBuilder.java:708)
at grails.spring.BeanBuilder.invokeMethod(BeanBuilder.java:565)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeOnDelegationObjects(ClosureMetaClass.java:414)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:338)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:68)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:157)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:177)
at resources$_run_closure1.doCall(resources.groovy:497)
at resources$_run_closure1.doCall(resources.groovy)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:264)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at groovy.lang.Closure.call(Closure.java:418)
at groovy.lang.Closure.call(Closure.java:412)
at grails.spring.BeanBuilder.invokeBeanDefiningClosure(BeanBuilder.java:759)
at grails.spring.BeanBuilder.beans(BeanBuilder.java:588)
at org.grails.spring.RuntimeSpringConfigUtilities.reloadSpringResourcesConfig(RuntimeSpringConfigUtilities.java:103)
at grails.boot.config.GrailsApplicationPostProcessor.postProcessBeanDefinitionRegistry(GrailsApplicationPostProcessor.groovy:181)
… 24 common frames omitted
Caused by: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572)
at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:454)
at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
at sun.security.provider.ConfigFile$Spi.(ConfigFile.java:135)
… 73 common frames omitted
Hi Marcos,
i guess that you have some syntax error in one of your configuration files.
Hi there, I’m not sure this works with the new version from what I understand the web.xml file has now been removed. I’m having real trouble getting AD integration working.
Have you managed to get it working on the latest version 3.1 I think
Hi kevek,
Ignore the step of configuration of the declaration of the new groups in web.xml file and it should works fine
Hi LOTFI,
I tried but still no joy, are you able to share with me your full “Profile” file please, I want to check that I have all the correct settings in there?
Thanks
Hi,
All the configuration files are in my github repository, take a look here:
https://github.com/faudeltn/Rundeck
Can I use a single Rundeck enviroment to manage 2 or more different Active Directory environments? I can’t really tell how this is done from the documentation.
Hi Marc,
Honestly we’ve never tried that. Did you hear the Rundeck Support about that ?
Thanks for this guide. Does the bind account go into of the rundeck groups, rundeck_administrators or rundeck_users?
thanks
no you can use a bind account with ready only access of your ldap organization
Thanks a lot Lotfi. Simple, clear and efficient explanations Good job.