You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by ni...@apache.org on 2020/01/12 12:08:09 UTC
[kylin] branch document updated: KYLIN-4271 update the document
named 'Secure with LDAP and SSO'
This is an automated email from the ASF dual-hosted git repository.
nic pushed a commit to branch document
in repository https://gitbox.apache.org/repos/asf/kylin.git
The following commit(s) were added to refs/heads/document by this push:
new 3250e82 KYLIN-4271 update the document named 'Secure with LDAP and SSO'
3250e82 is described below
commit 3250e820cb97e3ad1141e1dc22bf7fa60d0b9643
Author: wukehua <wu...@zte.com.cn>
AuthorDate: Wed Jan 8 17:28:13 2020 +0800
KYLIN-4271 update the document named 'Secure with LDAP and SSO'
---
website/_docs/howto/howto_ldap_and_sso.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/website/_docs/howto/howto_ldap_and_sso.md b/website/_docs/howto/howto_ldap_and_sso.md
index 0ab3b7a..22164ef 100644
--- a/website/_docs/howto/howto_ldap_and_sso.md
+++ b/website/_docs/howto/howto_ldap_and_sso.md
@@ -18,12 +18,13 @@ cd $KYLIN_HOME/tomcat/webapps/kylin/WEB-INF/lib
java -classpath kylin-server-base-\<versioin\>.jar:kylin-core-common-\<versioin\>.jar:spring-beans-4.3.10.RELEASE.jar:spring-core-4.3.10.RELEASE.jar:commons-codec-1.7.jar org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES <your_password>
```
-Config them in the conf/kylin.properties:
+Config them in the conf/kylin.properties. When you use the customized CA certificate library for user authentication based on LDAPs, you need to configure 'kylin.security.ldap.connection-truststore', the value of this configuration will be added to the JVM parameter javax.net.ssl.trustStore:
```
kylin.security.ldap.connection-server=ldap://<your_ldap_host>:<port>
kylin.security.ldap.connection-username=<your_user_name>
kylin.security.ldap.connection-password=<your_password_encrypted>
+kylin.security.ldap.connection-truststore=<your_customized_CA_certificate_library>
```
Secondly, provide the user search patterns, this is by LDAP design, here is just a sample: