You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kylin.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2019/12/30 06:59:00 UTC

[jira] [Commented] (KYLIN-4271) Use configurable certificate to support LDAPs authentication of Kylin

    [ https://issues.apache.org/jira/browse/KYLIN-4271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17005167#comment-17005167 ] 

ASF GitHub Bot commented on KYLIN-4271:
---------------------------------------

wkh8011 commented on pull request #963: KYLIN-4271 Use configurable certificate to support LDAPs authentication of Kylin
URL: https://github.com/apache/kylin/pull/963
 
 
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Use configurable certificate to support LDAPs authentication of Kylin
> ---------------------------------------------------------------------
>
>                 Key: KYLIN-4271
>                 URL: https://issues.apache.org/jira/browse/KYLIN-4271
>             Project: Kylin
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: v3.0.0
>            Reporter: wu.kehua
>            Assignee: wu.kehua
>            Priority: Major
>         Attachments: kylin.log
>
>
> Kylin's user authentication is normal when connecting to an LDAP server with the LDAP protocol enabled. However, the LDAP protocol is transmitted in plain text and there are security risks. Therefore, the LDAP server that uses the LDAPs protocol needs to be enabled. The LDAPs protocol supports encrypted transmission. After configuring the LDAP related configuration in kylin.properties, Kylin server cannot connect to the LDAP server for user authentication.
> The Kylin log shows the error log, as follows, you can also see the detail log in attachment.
> {code:java}
> Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> {code}
> So we add "kylin.security.ldap.connection-truststore" parameter which is set to be value of "javax.net.ssl.trustStore", so we can use configurable certificate to support LDAPs authentication of Kylin.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)