You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Diana Arrieta (JIRA)" <ji...@apache.org> on 2018/09/21 23:04:00 UTC
[jira] [Created] (SHIRO-651) Unable to Debug LdapRealm
Diana Arrieta created SHIRO-651:
-----------------------------------
Summary: Unable to Debug LdapRealm
Key: SHIRO-651
URL: https://issues.apache.org/jira/browse/SHIRO-651
Project: Shiro
Issue Type: Bug
Environment: Amazon EMR 5.16
Zeppelin 0.7.3
OpenJDK 1.8
Reporter: Diana Arrieta
I've tried the following log4j to try and debug LdapRealm and figure out what it's sending to query our ldap service, but nothing is logged on failure. No idea what's wrong.
{code:java}
log4j.rootLogger = DEBUG, syslog
log4j.logger.org.apache.realm.LdapRealm = DEBUG, FILE
log4j.additivity.org.apache.realm.LdapRealm = true
log4j.appender.stdout = org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout = org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%5p [%d] ({%t} %F[%M]:%L) - %m%n
log4j.appender.syslog = org.apache.log4j.net.SyslogAppender
log4j.appender.syslog.Threshold = ALL
log4j.appender.syslog.layout = org.apache.log4j.PatternLayout
log4j.appender.syslog.layout.conversionPattern=%5p [%d] ({%t} %F[%M]:%L) - %m%n
log4j.appender.syslog.facility = LOCAL0
log4j.appender.syslog.syslogHost = 127.0.0.1:514
log4j.appender.FILE = org.apache.log4j.FileAppender{code}
I also have the following anonymized shiro.ini
{code:java}
[main]
ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.systemUsername = svc.ldap@ad.corp.com
ldapRealm.contextFactory.systemPassword = ${ldap_system_password}
ldapRealm.contextFactory.url = ldaps://ad.corp.com:636
ldapRealm.userDnTemplate = uid={0},OU=Users,DC=ad,DC=corp,DC=com
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.authorizationEnabled=true
ldapRealm.userLowerCase = true
ldapRealm.searchBase = DC=ad,DC=corp,DC=com
ldapRealm.userSearchBase = CN=Users,DC=ad,DC=corp,DC=com
ldapRealm.userObjectClass=person
ldapRealm.userSearchAttributeName = sAMAccountName
ldapRealm.userSearchScope = subtree;
ldapRealm.userSearchFilter =(&(objectclass=person)(sAMAccountName={0}))
ldapRealm.memberAttribute= member
ldapRealm.memberAttributeValueTemplate=CN={0},CN=Users,DC=ad,DC=corp,DC=com
ldapRealm.rolesByGroup = "zeppelin-admins":admin,"zeppelin-users":users
ldapRealm.authorizationCachingEnabled = false
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.realm = $activeDirectoryRealm
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 3600000
shiro.loginUrl = /api/login
[roles]
admin = *
users = *
[urls]
/api/version = anon
/api/configurations/** = authc, roles[admin], roles[users]
/api/credential/** = authc, roles[admin], roles[users]
/api/notebookRepos/** = authc, roles[admin], roles[users]
/api/interpreter/** = authc, roles[admin], roles[users]
/** = authc
{code}
After attempting to log in with my username of firstname.lastname, it gave me the following error in the Zeppelin logs:
{code:java}
"Illegal principal name: <username>"
{code}
From the following line of code: https://github.com/apache/zeppelin/blob/5e7d2b472cdfe2d215fb528559c7484a3abd455f/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java#L912
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)