You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/10/03 04:22:33 UTC
[jira] [Commented] (KNOX-437) KnoxLdapContextFactory should be
configured by default in all topology files and docs
[ https://issues.apache.org/jira/browse/KNOX-437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14157597#comment-14157597 ]
ASF subversion and git services commented on KNOX-437:
------------------------------------------------------
Commit 974312ead08db421ce2df614419c3d83e4c61be5 in knox's branch refs/heads/master from [~kevin.minder]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=974312e ]
KNOX-437: KnoxLdapContextFactory should be configured by default in all topology files
> KnoxLdapContextFactory should be configured by default in all topology files and docs
> -------------------------------------------------------------------------------------
>
> Key: KNOX-437
> URL: https://issues.apache.org/jira/browse/KNOX-437
> Project: Apache Knox
> Issue Type: Bug
> Components: Server, Site
> Affects Versions: 0.4.0
> Reporter: Kevin Minder
> Priority: Blocker
> Fix For: 0.5.0
>
>
> In some cases the KnoxLdapRealm will not work unless the KnoxLdapContextFactory is also configured. In particular the use of an ${ALIAS=...} in the >main.ldapRealm.contextFactory.systemPassword param. As this is such a common and important use cases the KnoxLdapContextFactory should be included in all default topology files, all sample topology files and all documented topology files.
> The snippet below shows what needs to be added to the topology files.
> {code:xml}
> <topology>
> <gateway>
> <provider>
> <role>authentication</role>
> <name>ShiroProvider</name>
> <enabled>true</enabled>
> ...
> <param>
> <name>main.ldapRealm</name>
> <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
> </param>
> <param>
> <name>main.ldapContextFactory</name>
> <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
> </param>
> <param>
> <name>main.ldapRealm.contextFactory</name>
> <value>$ldapContextFactory</value>
> </param>
> ...
> </gateway>
> ...
> </topology>
> {code}
> Without this in particular there were exceptions in the gateway.log file at startup when password indirection was used in the ShiroProvider section like this.
> {code:xml}
> <param>
> <name>main.ldapRealm.contextFactory.systemPassword</name>
> <value>${ALIAS=adSysPwd}</value>
> </param>
> {code}
> Those exceptions look like this. Indicating that the wrong LdapContextFactory was being used. Specifically the default one that does not have a setClusterName method.
> {code}
> 2014-10-02 13:25:09,888 ERROR env.EnvironmentLoader (EnvironmentLoader.java:initEnvironment(146)) - Shiro environment in
> itialization failed
> org.apache.shiro.config.ConfigurationException: Property 'contextFactory.clusterName' does not exist for object of type
> org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.
> at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:255)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544)
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167)
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)