You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2016/01/25 17:23:39 UTC
[jira] [Updated] (KNOX-629) Misleading output for
system-user-auth-test when userSearchBase used
[ https://issues.apache.org/jira/browse/KNOX-629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Larry McCay updated KNOX-629:
-----------------------------
Summary: Misleading output for system-user-auth-test when userSearchBase used (was: Misleading otuput for system-user-auth-test when userSearchBase used)
> Misleading output for system-user-auth-test when userSearchBase used
> --------------------------------------------------------------------
>
> Key: KNOX-629
> URL: https://issues.apache.org/jira/browse/KNOX-629
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxCLI
> Affects Versions: 0.7.0
> Reporter: Kevin Minder
> Fix For: Future
>
>
> See the output below. The use of searchBase and userSearchBase are interchangeable but the diagnostics don't take that into account.
> {code}
> bin/knoxcli.sh system-user-auth-test --cluster admin
> Warn: main.ldapRealm.searchBase is not present in topology
> main.ldapRealm.userSearchAttributeName or main.ldapRealm.userObjectClass or main.ldapRealm.searchBase was found in the topology
> If any one of the above params is present, all must be present.
> Topology warnings present. SystemUser may not bind.
> System LDAP Bind successful.
> {code}
> for this correct topology
> {code}
> <topology>
> <gateway>
> <provider>
> <role>authentication</role>
> <name>ShiroProvider</name>
> <enabled>true</enabled>
> <param name="main.ldapRealm" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm"/>
> <param name="main.ldapContextFactory" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory"/>
> <param name="main.ldapRealm.contextFactory" value="$ldapContextFactory"/>
> <param name="main.ldapRealm.contextFactory.url" value="ldap://ad-nano.qe.hortonworks.com:389"/>
> <param name="main.ldapRealm.contextFactory.authenticationMechanism" value="simple"/>
> <param name="main.ldapRealm.contextFactory.systemUsername" value="CN=Kevin Minder,CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
> <param name="main.ldapRealm.contextFactory.systemPassword" value="p@ssw0rd"/>
> <param name="main.ldapRealm.userSearchBase" value="CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
> <param name="main.ldapRealm.userSearchAttributeName" value="sAMAccountName"/>
> <param name="main.ldapRealm.userObjectClass" value="person"/>
> <param name="urls./**" value="authcBasic"/>
> </provider>
> </gateway>
> <service>
> <role>KNOX</role>
> </service>
> </topology>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)