You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@kylin.apache.org by "java_program@aliyun.com" <ja...@aliyun.com> on 2017/02/10 09:52:59 UTC
Kylin login with LDAP (LDAP: error code 32 - No Such Object)
hi:
i am trying to use ldap authentication on kylin server(1.6.0-cdh5.7.0),when i login with right username and password,there are errors in the kylin.log
2017-02-10 17:44:40,426 ERROR [http-bio-7070-exec-2] security.KylinAuthenticationProvider:96 : Failed to auth user: hadoop
org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=people,dc=openldap,dc=jw,dc=cn'
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:191)
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
at org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:90)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=people,dc=openldap,dc=jw,dc=cn'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:174)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:810)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:793)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:116)
at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:90)
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
... 39 more
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=people,dc=openldap,dc=jw,dc=cn'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3161)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:297)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:210)
at org.springframework.security.ldap.SpringSecurityLdapTemplate$3.executeWithContext(SpringSecurityLdapTemplate.java:198)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:807)
... 44 more
2017-02-10 17:44:40,427 INFO [http-bio-7070-exec-2] security.KylinAuthenticationProvider:77 : authentication.getName():hadoop
2017-02-10 17:44:40,428 INFO [http-bio-7070-exec-2] security.KylinAuthenticationProvider:78 : authentication.getCredentials():apU)u%7lk,-7o
2017-02-10 17:44:40,428 INFO [http-bio-7070-exec-2] security.KylinAuthenticationProvider:89 : authenticationProvider.getClass().getName():org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2017-02-10 17:44:40,429 ERROR [http-bio-7070-exec-2] security.KylinAuthenticationProvider:96 : Failed to auth user: hadoop
org.springframework.security.authentication.InternalAuthenticationServiceException: Empty filter; nested exception is javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name '/'
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:191)
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
at org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:90)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.ldap.InvalidSearchFilterException: Empty filter; nested exception is javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name '/'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:135)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:810)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:793)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:116)
at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:90)
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
... 39 more
Caused by: javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name '/'
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:57)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:546)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:297)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:210)
at org.springframework.security.ldap.SpringSecurityLdapTemplate$3.executeWithContext(SpringSecurityLdapTemplate.java:198)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:807)
... 44 more
ldap configuration shows below
database bdb
suffix "dc=openldap,dc=jw,dc=cn"
checkpoint 1024 15
rootdn "cn=Manager,dc=openldap,dc=jw,dc=cn"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw T5Ut6m4Z15Iszzz
ldap tree shows in eclipse view
kylin.properties:
kylin.security.profile=ldap
### SECURITY ###
# Default roles and admin roles in LDAP, for ldap and saml
acl.defaultRole=ROLE_ANALYST,ROLE_MODELER
acl.adminRole=ROLE_ADMIN
# LDAP authentication configuration
#ldap.server=ldap://ldap_server:389
ldap.server=ldap://10.10.16.3:389/dc=openldap,dc=jw,dc=cn
ldap.username=cn=Manager,dc=openldap,dc=jw,dc=cn
ldap.password=vlQiP78zbqKgsWycEFIEeA==
# LDAP user account directory;
ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
ldap.user.searchPattern=(uid={0})
ldap.user.groupSearchBase=
i am using user 'hadoop' in 'ou=people,dc=openldap,dc=jw,dc=cn' with the right password.
i also config kylin.properties in some other ways shows below, but i did not work well
1、
# LDAP authentication configuration
#ldap.server=ldap://ldap_server:389
ldap.server=ldap://10.10.16.3:389
ldap.username=cn=Manager,dc=openldap,dc=jw,dc=cn
ldap.password=vlQiP78zbqKgsWycEFIEeA==
# LDAP user account directory;
ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
ldap.user.searchPattern=(uid={0})
ldap.user.groupSearchBase=
2、
# LDAP authentication configuration
#ldap.server=ldap://ldap_server:389
ldap.server=ldap://10.10.16.3:389
ldap.username=Manager
ldap.password=vlQiP78zbqKgsWycEFIEeA==
# LDAP user account directory;
ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
ldap.user.searchPattern=(uid={0})
ldap.user.groupSearchBase=
did i config wrong in kylin.properties?
java_program@aliyun.com
Re: Kylin login with LDAP (LDAP: error code 32 - No Such Object)
Posted by ShaoFeng Shi <sh...@apache.org>.
in kylin.properteis you defines "ou=people,dc=openldap,dc=jw,dc=cn"
but from the screen shot I see it is "ou=People" (P is uppercase); please
try the exact value as LDAP defines.
2017-02-10 18:07 GMT+08:00 Hoang Le Trung <ho...@orenj.com>:
> You can refer my configure here
>
> http://mail-archives.apache.org/mod_mbox/kylin-user/201702.mbox/browser
>
>
>
>
>
> *From:* java_program@aliyun.com [mailto:java_program@aliyun.com]
> *Sent:* Friday, February 10, 2017 4:53 PM
> *To:* user
> *Subject:* Kylin login with LDAP (LDAP: error code 32 - No Such Object)
>
>
>
> hi:
>
> i am trying to use ldap authentication on kylin
> server(1.6.0-cdh5.7.0),when i login with right username and password,there
> are errors in the kylin.log
>
>
>
> 2017-02-10 17:44:40,426 ERROR [http-bio-7070-exec-2] security.
> KylinAuthenticationProvider:96 : Failed to auth user: hadoop
> org.springframework.security.authentication.InternalAuthenticationServiceE
> xception: [LDAP: error code 32 - No Such Object]; nested
> exception is javax.naming.NameNotFoundException: [LDAP:
> error code 32 - No Such Object]; remaining name 'ou=
> people,dc=openldap,dc=jw,dc=cn'
> at org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.
> java:191)
> at org.springframework.security.ldap.authentication.
> AbstractLdapAuthenticationProvider.authenticate(
> AbstractLdapAuthenticationProvider.java:61)
> at org.apache.kylin.rest.security.KylinAuthenticationProvider.
> authenticate(KylinAuthenticationProvider.java:90)
> at org.springframework.security.authentication.
> ProviderManager.authenticate(ProviderManager.java:156)
> at org.springframework.security.authentication.
> ProviderManager.authenticate(ProviderManager.java:174)
> at org.springframework.security.web.authentication.
> www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.authentication.ui.
> DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilt
> er.java:91)
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.authentication.
> AbstractAuthenticationProcessingFilter.doFilter(
> AbstractAuthenticationProcessingFilter.java:183)
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.authentication.
> logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.context.SecurityContextPersistenceFilt
> er.doFilter(SecurityContextPersistenceFilter.java:87)
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.FilterChainProxy.
> doFilterInternal(FilterChainProxy.java:192)
> at org.springframework.security.web.FilterChainProxy.
> doFilter(FilterChainProxy.java:160)
> at org.springframework.web.filter.DelegatingFilterProxy.
> invokeDelegate(DelegatingFilterProxy.java:343)
> at org.springframework.web.filter.DelegatingFilterProxy.
> doFilter(DelegatingFilterProxy.java:260)
> at org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at com.thetransactioncompany.cors.CORSFilter.doFilter(
> CORSFilter.java:209)
> at com.thetransactioncompany.cors.CORSFilter.doFilter(
> CORSFilter.java:244)
> at org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:220)
> at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:122)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
> AuthenticatorBase.java:505)
> at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:169)
> at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:103)
> at org.apache.catalina.valves.AccessLogValve.invoke(
> AccessLogValve.java:956)
> at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:116)
> at org.apache.catalina.connector.CoyoteAdapter.
> service(CoyoteAdapter.java:436)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(
> AbstractHttp11Processor.java:1078)
> at org.apache.coyote.AbstractProtocol$
> AbstractConnectionHandler.process(AbstractProtocol.java:625)
> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.
> run(JIoEndpoint.java:316)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at org.apache.tomcat.util.threads.TaskThread$
> WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.springframework.ldap.NameNotFoundException: [LDAP:
> error code 32 - No Such Object]; nested exception is javax.naming.
> NameNotFoundException: [LDAP: error code 32 - No Such
> Object]; remaining name 'ou=people,dc=openldap,dc=jw,dc=cn'
> at org.springframework.ldap.support.LdapUtils.
> convertLdapException(LdapUtils.java:174)
> at org.springframework.ldap.core.LdapTemplate.
> executeWithContext(LdapTemplate.java:810)
> at org.springframework.ldap.core.LdapTemplate.
> executeReadOnly(LdapTemplate.java:793)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate.
> searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
> at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.
> searchForUser(FilterBasedLdapUserSearch.java:116)
> at org.springframework.security.ldap.authentication.
> BindAuthenticator.authenticate(BindAuthenticator.java:90)
> at org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.
> java:178)
> ... 39 more
> Caused by: javax.naming.NameNotFoundException: [LDAP:
> error code 32 - No Such Object]; remaining name 'ou=
> people,dc=openldap,dc=jw,dc=cn'
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3161)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.
> java:3082)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.
> java:2888)
> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(
> ComponentDirContext.java:418)
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(
> PartialCompositeDirContext.java:396)
> at javax.naming.directory.InitialDirContext.search(
> InitialDirContext.java:297)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate.
> searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:210)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate$3.
> executeWithContext(SpringSecurityLdapTemplate.java:198)
> at org.springframework.ldap.core.LdapTemplate.
> executeWithContext(LdapTemplate.java:807)
> ... 44 more
> 2017-02-10 17:44:40,427 INFO [http-bio-7070-exec-2] security.
> KylinAuthenticationProvider:77 : authentication.getName():hadoop
> 2017-02-10 17:44:40,428 INFO [http-bio-7070-exec-2] security.
> KylinAuthenticationProvider:78 : authentication.
> getCredentials():apU)u%7lk,-7o
> 2017-02-10 17:44:40,428 INFO [http-bio-7070-exec-2] security.
> KylinAuthenticationProvider:89 : authenticationProvider.
> getClass().getName():org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider
> 2017-02-10 17:44:40,429 ERROR [http-bio-7070-exec-2] security.
> KylinAuthenticationProvider:96 : Failed to auth user: hadoop
> org.springframework.security.authentication.InternalAuthenticationServiceE
> xception: Empty filter; nested exception is javax.naming.directory.
> InvalidSearchFilterException: Empty filter; remaining name '/'
> at org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.
> java:191)
> at org.springframework.security.ldap.authentication.
> AbstractLdapAuthenticationProvider.authenticate(
> AbstractLdapAuthenticationProvider.java:61)
> at org.apache.kylin.rest.security.KylinAuthenticationProvider.
> authenticate(KylinAuthenticationProvider.java:90)
> at org.springframework.security.authentication.
> ProviderManager.authenticate(ProviderManager.java:156)
> at org.springframework.security.authentication.
> ProviderManager.authenticate(ProviderManager.java:174)
> at org.springframework.security.web.authentication.
> www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.authentication.ui.
> DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilt
> er.java:91)
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.authentication.
> AbstractAuthenticationProcessingFilter.doFilter(
> AbstractAuthenticationProcessingFilter.java:183)
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.authentication.
> logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.context.SecurityContextPersistenceFilt
> er.doFilter(SecurityContextPersistenceFilter.java:87)
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.FilterChainProxy.
> doFilterInternal(FilterChainProxy.java:192)
> at org.springframework.security.web.FilterChainProxy.
> doFilter(FilterChainProxy.java:160)
> at org.springframework.web.filter.DelegatingFilterProxy.
> invokeDelegate(DelegatingFilterProxy.java:343)
> at org.springframework.web.filter.DelegatingFilterProxy.
> doFilter(DelegatingFilterProxy.java:260)
> at org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at com.thetransactioncompany.cors.CORSFilter.doFilter(
> CORSFilter.java:209)
> at com.thetransactioncompany.cors.CORSFilter.doFilter(
> CORSFilter.java:244)
> at org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:220)
> at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:122)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
> AuthenticatorBase.java:505)
> at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:169)
> at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:103)
> at org.apache.catalina.valves.AccessLogValve.invoke(
> AccessLogValve.java:956)
> at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:116)
> at org.apache.catalina.connector.CoyoteAdapter.
> service(CoyoteAdapter.java:436)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(
> AbstractHttp11Processor.java:1078)
> at org.apache.coyote.AbstractProtocol$
> AbstractConnectionHandler.process(AbstractProtocol.java:625)
> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.
> run(JIoEndpoint.java:316)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at org.apache.tomcat.util.threads.TaskThread$
> WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.springframework.ldap.InvalidSearchFilterException:
> Empty filter; nested exception is javax.naming.directory.
> InvalidSearchFilterException: Empty filter; remaining name '/'
> at org.springframework.ldap.support.LdapUtils.
> convertLdapException(LdapUtils.java:135)
> at org.springframework.ldap.core.LdapTemplate.
> executeWithContext(LdapTemplate.java:810)
> at org.springframework.ldap.core.LdapTemplate.
> executeReadOnly(LdapTemplate.java:793)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate.
> searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
> at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.
> searchForUser(FilterBasedLdapUserSearch.java:116)
> at org.springframework.security.ldap.authentication.
> BindAuthenticator.authenticate(BindAuthenticator.java:90)
> at org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.
> java:178)
> ... 39 more
> Caused by: javax.naming.directory.InvalidSearchFilterException:
> Empty filter; remaining name '/'
> at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:57)
> at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:546)
> at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(
> ComponentDirContext.java:418)
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(
> PartialCompositeDirContext.java:396)
> at javax.naming.directory.InitialDirContext.search(
> InitialDirContext.java:297)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate.
> searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:210)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate$3.
> executeWithContext(SpringSecurityLdapTemplate.java:198)
> at org.springframework.ldap.core.LdapTemplate.
> executeWithContext(LdapTemplate.java:807)
> ... 44 more
>
>
>
>
>
> *ldap configuration shows below *
>
>
>
> database bdb
> suffix "dc=openldap,dc=jw,dc=cn"
> checkpoint 1024 15
> rootdn "cn=Manager,dc=openldap,dc=jw,dc=cn"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw T5Ut6m4Z15Iszzz
>
>
>
> *ldap tree shows in eclipse view *
>
> [image: cid:image001.jpg@01D283BF.CD5026E0]
>
>
>
>
>
> *kylin.properties:*
>
>
>
> kylin.security.profile=ldap
>
> ### SECURITY ###
> # Default roles and admin roles in LDAP, for ldap and saml
> acl.defaultRole=ROLE_ANALYST,ROLE_MODELER
> acl.adminRole=ROLE_ADMIN
>
> # LDAP authentication configuration
> #ldap.server=ldap://ldap_server:389
> ldap.server=ldap://10.10.16.3:389/dc=openldap,dc=jw,dc=cn
> ldap.username=cn=Manager,dc=openldap,dc=jw,dc=cn
> ldap.password=vlQiP78zbqKgsWycEFIEeA==
>
> # LDAP user account directory;
> ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
> ldap.user.searchPattern=(uid={0})
> ldap.user.groupSearchBase=
>
>
>
>
>
>
>
> i am using user 'hadoop' in 'ou=people,dc=openldap,dc=jw,dc=cn' with the
> right password.
>
> i also config kylin.properties in some other ways shows below, but i did
> not work well
>
>
>
> 1、
>
> # LDAP authentication configuration
> #ldap.server=ldap://ldap_server:389
> ldap.server=ldap://10.10.16.3:389
> ldap.username=cn=Manager,dc=openldap,dc=jw,dc=cn
> ldap.password=vlQiP78zbqKgsWycEFIEeA==
>
> # LDAP user account directory;
> ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
> ldap.user.searchPattern=(uid={0})
> ldap.user.groupSearchBase=
>
>
>
> 2、
>
> # LDAP authentication configuration
> #ldap.server=ldap://ldap_server:389
> ldap.server=ldap://10.10.16.3:389
> ldap.username=Manager
> ldap.password=vlQiP78zbqKgsWycEFIEeA==
>
> # LDAP user account directory;
> ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
> ldap.user.searchPattern=(uid={0})
> ldap.user.groupSearchBase=
>
>
>
>
>
> did i config wrong in kylin.properties?
>
>
>
>
> ------------------------------
>
> java_program@aliyun.com
>
> ------------------------------
> This e-mail may contain confidential or privileged information. If you
> received this e-mail by mistake, please don't forward it to anyone else,
> please erase it from your device and let me know so I don't do it again.
>
--
Best regards,
Shaofeng Shi 史少锋
RE: Kylin login with LDAP (LDAP: error code 32 - No Such Object)
Posted by Hoang Le Trung <ho...@orenj.com>.
You can refer my configure here
http://mail-archives.apache.org/mod_mbox/kylin-user/201702.mbox/browser
From: java_program@aliyun.com [mailto:java_program@aliyun.com]
Sent: Friday, February 10, 2017 4:53 PM
To: user
Subject: Kylin login with LDAP (LDAP: error code 32 - No Such Object)
hi:
i am trying to use ldap authentication on kylin server(1.6.0-cdh5.7.0),when i login with right username and password,there are errors in the kylin.log
2017-02-10 17:44:40,426 ERROR [http-bio-7070-exec-2] security.KylinAuthenticationProvider:96 : Failed to auth user: hadoop
org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=people,dc=openldap,dc=jw,dc=cn'
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:191)
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
at org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:90)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=people,dc=openldap,dc=jw,dc=cn'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:174)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:810)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:793)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:116)
at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:90)
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
... 39 more
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=people,dc=openldap,dc=jw,dc=cn'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3161)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:297)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:210)
at org.springframework.security.ldap.SpringSecurityLdapTemplate$3.executeWithContext(SpringSecurityLdapTemplate.java:198)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:807)
... 44 more
2017-02-10 17:44:40,427 INFO [http-bio-7070-exec-2] security.KylinAuthenticationProvider:77 : authentication.getName():hadoop
2017-02-10 17:44:40,428 INFO [http-bio-7070-exec-2] security.KylinAuthenticationProvider:78 : authentication.getCredentials():apU)u%7lk,-7o
2017-02-10 17:44:40,428 INFO [http-bio-7070-exec-2] security.KylinAuthenticationProvider:89 : authenticationProvider.getClass().getName():org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2017-02-10 17:44:40,429 ERROR [http-bio-7070-exec-2] security.KylinAuthenticationProvider:96 : Failed to auth user: hadoop
org.springframework.security.authentication.InternalAuthenticationServiceException: Empty filter; nested exception is javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name '/'
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:191)
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
at org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:90)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.ldap.InvalidSearchFilterException: Empty filter; nested exception is javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name '/'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:135)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:810)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:793)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:116)
at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:90)
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
... 39 more
Caused by: javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name '/'
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:57)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:546)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:297)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:210)
at org.springframework.security.ldap.SpringSecurityLdapTemplate$3.executeWithContext(SpringSecurityLdapTemplate.java:198)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:807)
... 44 more
ldap configuration shows below
database bdb
suffix "dc=openldap,dc=jw,dc=cn"
checkpoint 1024 15
rootdn "cn=Manager,dc=openldap,dc=jw,dc=cn"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw T5Ut6m4Z15Iszzz
ldap tree shows in eclipse view
[cid:image001.jpg@01D283BF.CD5026E0]
kylin.properties:
kylin.security.profile=ldap
### SECURITY ###
# Default roles and admin roles in LDAP, for ldap and saml
acl.defaultRole=ROLE_ANALYST,ROLE_MODELER
acl.adminRole=ROLE_ADMIN
# LDAP authentication configuration
#ldap.server=ldap://ldap_server:389
ldap.server=ldap://10.10.16.3:389/dc=openldap,dc=jw,dc=cn
ldap.username=cn=Manager,dc=openldap,dc=jw,dc=cn
ldap.password=vlQiP78zbqKgsWycEFIEeA==
# LDAP user account directory;
ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
ldap.user.searchPattern=(uid={0})
ldap.user.groupSearchBase=
i am using user 'hadoop' in 'ou=people,dc=openldap,dc=jw,dc=cn' with the right password.
i also config kylin.properties in some other ways shows below, but i did not work well
1、
# LDAP authentication configuration
#ldap.server=ldap://ldap_server:389
ldap.server=ldap://10.10.16.3:389
ldap.username=cn=Manager,dc=openldap,dc=jw,dc=cn
ldap.password=vlQiP78zbqKgsWycEFIEeA==
# LDAP user account directory;
ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
ldap.user.searchPattern=(uid={0})
ldap.user.groupSearchBase=
2、
# LDAP authentication configuration
#ldap.server=ldap://ldap_server:389
ldap.server=ldap://10.10.16.3:389
ldap.username=Manager
ldap.password=vlQiP78zbqKgsWycEFIEeA==
# LDAP user account directory;
ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
ldap.user.searchPattern=(uid={0})
ldap.user.groupSearchBase=
did i config wrong in kylin.properties?
________________________________
java_program@aliyun.com<ma...@aliyun.com>
________________________________
This e-mail may contain confidential or privileged information. If you received this e-mail by mistake, please don't forward it to anyone else, please erase it from your device and let me know so I don't do it again.