You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2015/11/17 19:54:10 UTC
[jira] [Created] (KNOX-629) Misleading otuput for
system-user-auth-test when userSearchBase used
Kevin Minder created KNOX-629:
---------------------------------
Summary: Misleading otuput for system-user-auth-test when userSearchBase used
Key: KNOX-629
URL: https://issues.apache.org/jira/browse/KNOX-629
Project: Apache Knox
Issue Type: Bug
Components: KnoxCLI
Affects Versions: 0.7.0
Reporter: Kevin Minder
Fix For: 0.7.0
See the output below. The use of searchBase and userSearchBase are interchangeable but the diagnostics don't take that into account.
{code}
bin/knoxcli.sh system-user-auth-test --cluster admin
Warn: main.ldapRealm.searchBase is not present in topology
main.ldapRealm.userSearchAttributeName or main.ldapRealm.userObjectClass or main.ldapRealm.searchBase was found in the topology
If any one of the above params is present, all must be present.
Topology warnings present. SystemUser may not bind.
System LDAP Bind successful.
{code}
for this correct topology
{code}
<topology>
<gateway>
<provider>
<role>authentication</role>
<name>ShiroProvider</name>
<enabled>true</enabled>
<param name="main.ldapRealm" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm"/>
<param name="main.ldapContextFactory" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory"/>
<param name="main.ldapRealm.contextFactory" value="$ldapContextFactory"/>
<param name="main.ldapRealm.contextFactory.url" value="ldap://ad-nano.qe.hortonworks.com:389"/>
<param name="main.ldapRealm.contextFactory.authenticationMechanism" value="simple"/>
<param name="main.ldapRealm.contextFactory.systemUsername" value="CN=Kevin Minder,CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
<param name="main.ldapRealm.contextFactory.systemPassword" value="p@ssw0rd"/>
<param name="main.ldapRealm.userSearchBase" value="CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
<param name="main.ldapRealm.userSearchAttributeName" value="sAMAccountName"/>
<param name="main.ldapRealm.userObjectClass" value="person"/>
<param name="urls./**" value="authcBasic"/>
</provider>
</gateway>
<service>
<role>KNOX</role>
</service>
</topology>
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)