You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Selim Namsi (JIRA)" <ji...@apache.org> on 2016/01/18 13:45:39 UTC

[jira] [Created] (KNOX-650) Add posixGroups support for LDAP groups lookup

Selim Namsi created KNOX-650:
--------------------------------

             Summary: Add posixGroups support for LDAP groups lookup
                 Key: KNOX-650
                 URL: https://issues.apache.org/jira/browse/KNOX-650
             Project: Apache Knox
          Issue Type: New Feature
    Affects Versions: 0.7.0
            Reporter: Selim Namsi
             Fix For: Future


Add posixGroups support for LDAP group lookup. The current implementation works only with groupOfNames. 
posixGroups have "memberUid" attribute which is different from "member" attribute, and when we set main.ldapRealm.memberAttribute equal to "memberUid", this line (306) in org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.java:

{noformat}
if (userLdapDn.equals(new LdapName(attrValue)))
{noformat}

will generate an InvalidNameException because "memberUid" is just an id and not formatted according to the rules defined in RFC 2253.

To fix this, we need to just test if the group is a posixGroup and then update attrValue by adding memberAttributeValuePrefix and memberAttributeValueSuffix



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)