You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Selim Namsi (JIRA)" <ji...@apache.org> on 2016/01/18 13:45:39 UTC
[jira] [Created] (KNOX-650) Add posixGroups support for LDAP groups
lookup
Selim Namsi created KNOX-650:
--------------------------------
Summary: Add posixGroups support for LDAP groups lookup
Key: KNOX-650
URL: https://issues.apache.org/jira/browse/KNOX-650
Project: Apache Knox
Issue Type: New Feature
Affects Versions: 0.7.0
Reporter: Selim Namsi
Fix For: Future
Add posixGroups support for LDAP group lookup. The current implementation works only with groupOfNames.
posixGroups have "memberUid" attribute which is different from "member" attribute, and when we set main.ldapRealm.memberAttribute equal to "memberUid", this line (306) in org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.java:
{noformat}
if (userLdapDn.equals(new LdapName(attrValue)))
{noformat}
will generate an InvalidNameException because "memberUid" is just an id and not formatted according to the rules defined in RFC 2253.
To fix this, we need to just test if the group is a posixGroup and then update attrValue by adding memberAttributeValuePrefix and memberAttributeValueSuffix
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)