You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kylin.apache.org by "jiatao.tao (JIRA)" <ji...@apache.org> on 2018/02/08 07:43:00 UTC
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an
ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356600#comment-16356600 ]
jiatao.tao edited comment on KYLIN-3197 at 2/8/18 7:42 AM:
-----------------------------------------------------------
Hi [~xingpeng1],
I run the latest Kylin code. The user in LDAP is jenny, and I use JENNY and jenny, even if jeNNY, all can login.
!image-2018-02-08-15-33-07-277.png|width=881,height=101!
!image-2018-02-08-15-35-03-902.png|width=881,height=93!
!image-2018-02-08-15-33-54-480.png|width=885,height=100!
!image-2018-02-08-15-32-25-030.png!
[http://kylin.apache.org/docs21/howto/howto_ldap_and_sso.html]
This is our LDAP document and you can confirm your configuration about LDAP.
was (Author: aron.tao):
Hi [~xingpeng1],
I run the latest Kylin code. The user in LDAP is jenny, and I use JENNY and jenny, even if jeNNY, all can login.
!image-2018-02-08-15-33-07-277.png|width=881,height=101!
!image-2018-02-08-15-35-03-902.png|width=881,height=93!
!image-2018-02-08-15-33-54-480.png|width=885,height=100!
!image-2018-02-08-15-32-25-030.png!
> When ldap is opened, I use an ignored case user to login, the page does not respond.
> ------------------------------------------------------------------------------------
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
> Affects Versions: v2.3.0
> Reporter: Peng Xing
> Assignee: Peng Xing
> Priority: Major
> Labels: patch
> Fix For: v2.3.0
>
> Attachments: 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use '{color:#ff0000}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff0000}WKH{color}' to login in, the page does not respond.
> I analyze the backgroud code, and find the function of 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, String)' has problem.
> When userDn is "uid={color:#ff0000}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and username is "{color:#ff0000}WKH{color}", then authorities will be empty Set by the follow code:
> {code:java}
> Set<GrantedAuthority> authorities = super.getGroupMembershipRoles(userDn, username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)