"Unauthorized" responses from VMware Cloud Director (VCD) REST login API endpoint
Article ID: 406470
Updated On:
Products
VMware Cloud Director
Issue/Introduction
- Sending LDAP authentication requests to REST endpoint
/cloudapi/1.0.0/sessions/providersometimes fails - This may be inconsistent, failing even though it has just succeeded with same details
- The following errors show in the VCD logs when receiving 401 response:
ERROR | pool-jetty-### | LdapProviderImpl | Error logging into LDAP. | requestId=########,request=POST https://<VCD_FQDN>/cloudapi/1.0.0/sessions,requestTime=####,remoteAddress=#.#.#.#:#,userAgent=<USER_STRING> ...,accept=application/json;version 39.0javax.naming.CommunicationException: simple bind failed: <LDAP_FQDN>:636 [Root exception is java.net.SocketException: Connection reset]at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)[....]Caused by: java.net.SocketException: Connection reset-
DEBUG | pool-jetty-### | SecurityServiceImpl | Cannot authenticate user | requestId=########,request=POST https://<VCD_FQDN>/cloudapi/1.0.0/sessions,requestTime=####,remoteAddress=#.#.#.#:##,userAgent=<USER_STRING> ...,accept=application/json;version 39.0com.vmware.ssdc.backendbase.ldap.UninitializedLdapContextException: LDAP context not initialized. Error connecting to LDAP.at com.vmware.ssdc.backendbase.ldap.LdapProviderImpl.search(LdapProviderImpl.java:1044)
-
This only occurs for LDAP login and not for local VCD users such as administrator@system
Environment
- VMware Cloud Director 10.6.x
Cause
- There is a connection issue with the LDAP endpoint: an active directory domain controller or equivalent
- Inconsistency may be seen where there is an issue with the load balancer or only one/some of the LDAP servers behind it
Resolution
- Please investigate the LDAP system to see where the connection is dropped
- As a workaround, you can use a VCD local user for your integrations and this should not face the same 401 errors
Feedback
Yes
No
Powered by
