You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kylin.apache.org by "mathias kluba (JIRA)" <ji...@apache.org> on 2016/12/20 14:01:58 UTC

[jira] [Updated] (KYLIN-2305) Unable to use long searchBase/Pattern for LDAP

     [ https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

mathias kluba updated KYLIN-2305:
---------------------------------
    Description: 
I try to use LDAP authentication.
I set the ldap.user.searchBase & ldap.user.searchPattern & ldap.user.groupSearchBase
I followed the documentation http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html

It crashed because of:
{code}
Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 38.  Encountered: "." (46), after : ""
{code}

I change the logger configuration to have debug to understand the query done using Spring Security LdapTemplate.
It seems that it trim the value at column 38 and add "..."

I can't tell you my real AD path, but here is an example:
in kylin.properties:
{code}
 ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM
{code}
Debug log:
{code}
2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
{code}

I change the searchBase to be shorted (less than 38 char) and it seems that the bug is the same with the searchPattern and the groupSearchBase.

I don't know where Kylin is reading these properties, but it seems that it doesn't use the right function (maybe toString() that trim the value?)


  was:
I try to use LDAP authentication.
I set the ldap.user.searchBase & ldap.user.searchPattern & ldap.user.groupSearchBase
I followed the documentation http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html

It crashed because of:
{code}
Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 38.  Encountered: "." (46), after : ""
{code}

I change the logger configuration to have debug to understand the query done using Spring Security LdapTemplate.
It seems that it trim the value at column 38 and add "..."

I can't tell you my real AD path, but here is an example:
in kylin.properties:
{code}
 ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM
{code}
Debug log:
{code}
2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
{code}

I change the searchBase to be shorted (less than 38 char) and it seems that the bug is the same with the searchPattern and the groupSearchBase.




> Unable to use long searchBase/Pattern for LDAP
> ----------------------------------------------
>
>                 Key: KYLIN-2305
>                 URL: https://issues.apache.org/jira/browse/KYLIN-2305
>             Project: Kylin
>          Issue Type: Bug
>    Affects Versions: v1.6.0
>            Reporter: mathias kluba
>
> I try to use LDAP authentication.
> I set the ldap.user.searchBase & ldap.user.searchPattern & ldap.user.groupSearchBase
> I followed the documentation http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html
> It crashed because of:
> {code}
> Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 38.  Encountered: "." (46), after : ""
> {code}
> I change the logger configuration to have debug to understand the query done using Spring Security LdapTemplate.
> It seems that it trim the value at column 38 and add "..."
> I can't tell you my real AD path, but here is an example:
> in kylin.properties:
> {code}
>  ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM
> {code}
> Debug log:
> {code}
> 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
> {code}
> I change the searchBase to be shorted (less than 38 char) and it seems that the bug is the same with the searchPattern and the groupSearchBase.
> I don't know where Kylin is reading these properties, but it seems that it doesn't use the right function (maybe toString() that trim the value?)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)