Reputation: 7835
JMeter LDAP tests using GSSAPI/kerberos credentials
I would like to use JMeter to run some load testing against our OpenLDAP service authenticating using GSSAPI (i.e., Kerberos). How do I get JMeter to use a keytab with Kerberos credentials to do this? (Note: I tried following the directions here but they did not work for me: https://community.hortonworks.com/articles/141035/jmeter-kerberos-setup-for-hive-load-testing.html)
UPDATE
The command I use to start JMeter is
java.exe -XX:+HeapDumpOnOutOfMemoryError -Xms1g -Xmx1g
-XX:MaxMetaspaceSize=256m -XX:+UseG1GC -XX:MaxGCPauseMillis=100 -XX:G1ReservePercent=20 -Djava.security.egd=file:/dev/urandom
-Duser.language="en" -Duser.region="EN"
-Djava.security.debug=gssloginconfig,configfile,configparser,logincontext
-jar "D:\JMeter\bin\ApacheJMeter.jar"
-Dsun.security.krb5.debug=true
-Djava.security.krb5.conf="D:\JMeter\bin\krb5.conf"
-Djava.security.auth.login.config="D:\JMeter\bin\jaas.conf"
-Djavax.security.auth.useSubjectCredsOnly=false
The contents of D:\JMeter\bin\jaas.conf:
JMeter {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
useTicketCache=false
useKeyTab=true
keyTab="D:\JMeter\bin\ldap.keytab"
principal="service/[email protected]"
debug=true;
};
I have a single LDAP Request sampler. For that sampler I entered the LDAP server, port, and search base and filter. I run the test which "succeeds" but no information comes back.
I see no log messages in jmeter.log concerning the success or failure of authentication.
Upvotes: 0
Views: 661
Answers (1)
Reputation: 168162
Unfortunately your didn't work statement tells nothing to us. With regards to the referenced guide - it is fine for HortonWorks Docs, however it might be not applicable for your application setup as Kerberos has many faces, to wit:
- Your REALM will be different
- Your SPN will be different (it may or may not be present)
- Your keytab configuration will be different (again, Kerberos may or may not use keytabs for authentication)
- Your KDC will be different
- Your keytab generation algorithms may be different
So I would recommend the following:
- Reach out to your network administrators / developers / devops / whoever can have the knowledge about your Kerberos setup and collect as much information as you can
Enable debug logging for JMeter HTTP Authorization Manager by adding the next line to log4j2.xml file:
<Logger name="org.apache.jmeter.protocol.http.control" level="debug" />Enable debug logging for Java Kerberos implementation by adding the next line to system.properties file:
sun.security.krb5.debug=true- Restart JMeter to pick up the changes
- Re-run your test and look for underlying error cause in jmeter.log file and in STDOUT
- Fix the issue
- Repeat step 5 until you're happy with the result
There are hundreds of different reasons, it might be the case your setup is 100% fine, however your login doesn't succeed because you have different time on KDC and your JMeter machine and it needs syncing.
Upvotes: 0
Related Questions
- Executing Login API in which Authentication process happens with Active Directory
- JMeter Custom Authentication
- JMeter retrieve value of value
- How to authenticate in LDAP server using keytab
- LDAP authentication with JNDI
- Kerberos Authorization in JMeter
- Connecting to ldap using GSSAPI. Wrong service principal
- Kerberos authentication in jmeter
- is it possible to access user credential from a LDAP server while writing jmeter login sampler test
- LDAP Creating InitialLdapContext fails in Sub Realm / Cross Realm setup in Java using GSSAPI