You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2015/11/17 19:54:10 UTC

[jira] [Created] (KNOX-629) Misleading otuput for system-user-auth-test when userSearchBase used

Kevin Minder created KNOX-629:
---------------------------------

             Summary: Misleading otuput for system-user-auth-test when userSearchBase used
                 Key: KNOX-629
                 URL: https://issues.apache.org/jira/browse/KNOX-629
             Project: Apache Knox
          Issue Type: Bug
          Components: KnoxCLI
    Affects Versions: 0.7.0
            Reporter: Kevin Minder
             Fix For: 0.7.0


See the output below.  The use of searchBase and userSearchBase are interchangeable but the diagnostics don't take that into account.

{code}
bin/knoxcli.sh system-user-auth-test --cluster admin
Warn: main.ldapRealm.searchBase is not present in topology
main.ldapRealm.userSearchAttributeName or main.ldapRealm.userObjectClass or main.ldapRealm.searchBase was found in the topology
If any one of the above params is present, all must be present.
Topology warnings present. SystemUser may not bind.
System LDAP Bind successful.
{code}

for this correct topology

{code}
<topology>

  <gateway>

    <provider>
      <role>authentication</role>
      <name>ShiroProvider</name>
      <enabled>true</enabled>
      <param name="main.ldapRealm" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm"/>
      <param name="main.ldapContextFactory" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory"/>
      <param name="main.ldapRealm.contextFactory" value="$ldapContextFactory"/>
      <param name="main.ldapRealm.contextFactory.url" value="ldap://ad-nano.qe.hortonworks.com:389"/>
      <param name="main.ldapRealm.contextFactory.authenticationMechanism" value="simple"/>
      <param name="main.ldapRealm.contextFactory.systemUsername" value="CN=Kevin Minder,CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
      <param name="main.ldapRealm.contextFactory.systemPassword" value="p@ssw0rd"/>
      <param name="main.ldapRealm.userSearchBase" value="CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
      <param name="main.ldapRealm.userSearchAttributeName" value="sAMAccountName"/>
      <param name="main.ldapRealm.userObjectClass" value="person"/>
      <param name="urls./**" value="authcBasic"/>
    </provider>

  </gateway>

  <service>
    <role>KNOX</role>
  </service>

</topology>
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)