You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2016/01/25 17:23:39 UTC

[jira] [Updated] (KNOX-629) Misleading output for system-user-auth-test when userSearchBase used

     [ https://issues.apache.org/jira/browse/KNOX-629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Larry McCay updated KNOX-629:
-----------------------------
    Summary: Misleading output for system-user-auth-test when userSearchBase used  (was: Misleading otuput for system-user-auth-test when userSearchBase used)

> Misleading output for system-user-auth-test when userSearchBase used
> --------------------------------------------------------------------
>
>                 Key: KNOX-629
>                 URL: https://issues.apache.org/jira/browse/KNOX-629
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: KnoxCLI
>    Affects Versions: 0.7.0
>            Reporter: Kevin Minder
>             Fix For: Future
>
>
> See the output below.  The use of searchBase and userSearchBase are interchangeable but the diagnostics don't take that into account.
> {code}
> bin/knoxcli.sh system-user-auth-test --cluster admin
> Warn: main.ldapRealm.searchBase is not present in topology
> main.ldapRealm.userSearchAttributeName or main.ldapRealm.userObjectClass or main.ldapRealm.searchBase was found in the topology
> If any one of the above params is present, all must be present.
> Topology warnings present. SystemUser may not bind.
> System LDAP Bind successful.
> {code}
> for this correct topology
> {code}
> <topology>
>   <gateway>
>     <provider>
>       <role>authentication</role>
>       <name>ShiroProvider</name>
>       <enabled>true</enabled>
>       <param name="main.ldapRealm" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm"/>
>       <param name="main.ldapContextFactory" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory"/>
>       <param name="main.ldapRealm.contextFactory" value="$ldapContextFactory"/>
>       <param name="main.ldapRealm.contextFactory.url" value="ldap://ad-nano.qe.hortonworks.com:389"/>
>       <param name="main.ldapRealm.contextFactory.authenticationMechanism" value="simple"/>
>       <param name="main.ldapRealm.contextFactory.systemUsername" value="CN=Kevin Minder,CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
>       <param name="main.ldapRealm.contextFactory.systemPassword" value="p@ssw0rd"/>
>       <param name="main.ldapRealm.userSearchBase" value="CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
>       <param name="main.ldapRealm.userSearchAttributeName" value="sAMAccountName"/>
>       <param name="main.ldapRealm.userObjectClass" value="person"/>
>       <param name="urls./**" value="authcBasic"/>
>     </provider>
>   </gateway>
>   <service>
>     <role>KNOX</role>
>   </service>
> </topology>
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)