You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kylin.apache.org by alaleiwang <al...@sohu-inc.com> on 2016/04/25 06:16:37 UTC
kylin ldap configuration problem
hi:
i am trying to use ldap authentication on my kylin server(1.5.1),some
problem happened
my kylin.conf as followers:
#LDAP authentication configuration
ldap.server=ldap://ldap.XXXX.com:389
ldap.username=XXXX@XXXX.icom
ldap.password=XXXX
#LDAP user account directory;
ldap.user.searchBase=OU=XXX,DC=XXX,DC=com
ldap.user.searchPattern=
ldap.password was generated by command:
java -cp
./server/target/kylin-server-1.5.1-SNAPSHOT/WEB-INF/lib/*:./server/target/kylin-server-1.5.1-SNAPSHOT-classes.jar
org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES password
but my kylin server fail to start,and i check the “error code 49 +data
52e” meaning invalid user/password:
Caused by: org.springframework.ldap.AuthenticationException: [LDAP:
error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v
1db1^@]; nested exception is javax.naming.AuthenticationException: [LDAP:
error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data
52e, v1db1^@]
at
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:182)
at
org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
at
org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
at
org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
at
org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:792)
at
org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
at
org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:116)
at
org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:90)
at
org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
... 39 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data
52e, v1db1^@]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
at
org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)
at
org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)
... 46 more
i also run ldap broserer on my pc,and i found i had to use
user/password with "GSS Negotiated" mode to contact my ldap server:
<http://apache-kylin.74782.x6.nabble.com/file/n4257/ldap.png>
anyone help to tell what am i doing wrong?
--
View this message in context: http://apache-kylin.74782.x6.nabble.com/kylin-ldap-configuration-problem-tp4257.html
Sent from the Apache Kylin mailing list archive at Nabble.com.
Re: kylin ldap configuration problem
Posted by ShaoFeng Shi <sh...@apache.org>.
Kylin uses Spring-Security implementing the LDAP authentication. So the
problem is more Spring-security related. If Spring supports GSS+LDAP, then
it will be doable in Kylin. Suggest you do some search with Spring.
2016-04-25 12:16 GMT+08:00 alaleiwang <al...@sohu-inc.com>:
> hi:
> i am trying to use ldap authentication on my kylin server(1.5.1),some
> problem happened
> my kylin.conf as followers:
> #LDAP authentication configuration
> ldap.server=ldap://ldap.XXXX.com:389
> ldap.username=XXXX@XXXX.icom
> ldap.password=XXXX
>
> #LDAP user account directory;
> ldap.user.searchBase=OU=XXX,DC=XXX,DC=com
> ldap.user.searchPattern=
>
> ldap.password was generated by command:
> java -cp
>
> ./server/target/kylin-server-1.5.1-SNAPSHOT/WEB-INF/lib/*:./server/target/kylin-server-1.5.1-SNAPSHOT-classes.jar
> org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES password
>
> but my kylin server fail to start,and i check the “error code 49 +data
> 52e” meaning invalid user/password:
> Caused by: org.springframework.ldap.AuthenticationException: [LDAP:
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e, v
> 1db1^@]; nested exception is javax.naming.AuthenticationException: [LDAP:
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data
> 52e, v1db1^@]
> at
>
> org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:182)
> at
>
> org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
> at
>
> org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
> at
>
> org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
> at
>
> org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:792)
> at
>
> org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
> at
>
> org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:116)
> at
>
> org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:90)
> at
>
> org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
> ... 39 more
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
> 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error,
> data
> 52e, v1db1^@]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
> at
>
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
> at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
> at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
> at javax.naming.InitialContext.init(InitialContext.java:242)
> at
> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
> at
>
> org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)
> at
>
> org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)
> ... 46 more
>
>
> i also run ldap broserer on my pc,and i found i had to use
> user/password with "GSS Negotiated" mode to contact my ldap server:
> <http://apache-kylin.74782.x6.nabble.com/file/n4257/ldap.png>
>
> anyone help to tell what am i doing wrong?
>
> --
> View this message in context:
> http://apache-kylin.74782.x6.nabble.com/kylin-ldap-configuration-problem-tp4257.html
> Sent from the Apache Kylin mailing list archive at Nabble.com.
>
--
Best regards,
Shaofeng Shi