[jira] [Commented] (ATLAS-4357) it can't get group with ldap

[Nixon Rodrigues (Jira)]

    [ 
https://issues.apache.org/jira/browse/ATLAS-4357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17381214#comment-17381214
 ] 

Nixon Rodrigues commented on ATLAS-4357:
----------------------------------------

[~ighack], from exception trace it looks like call is made to lookup for hadoop 
groups but looks like LDAP/AD is not configured correctly in hadoop 
core-site.xml.

Can you check if configuration are correct

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.0/installing-ranger/content/set_up_hadoop_group_mapping_for_ldap_ad.html

> it can't get group with ldap
> ----------------------------
>
>                 Key: ATLAS-4357
>                 URL: https://issues.apache.org/jira/browse/ATLAS-4357
>             Project: Atlas
>          Issue Type: Bug
>          Components:  atlas-core
>    Affects Versions: 2.1.0
>            Reporter: ighack
>            Priority: Major
>
> atlas.authentication.method.ldap.url=ldap://hoostdd:389
> atlas.authentication.method.ldap.userDNpattern=uid=\{0},ou=people,dc=join,dc=com
> atlas.authentication.method.ldap.groupSearchBase=ou=group,dc=join,dc=com
> atlas.authentication.method.ldap.groupSearchFilter=(memberUid=uid=\{0},ou=peopel,dc=join,dc=com)
> atlas.authentication.method.ldap.groupRoleAttribute=cn
> atlas.authentication.method.ldap.base.dn=dc=join,dc=com
> atlas.authentication.method.ldap.bind.dn=uid=ldapadmin,ou=people,dc=join,dc=com
> atlas.authentication.method.ldap.bind.password= 000000
> atlas.authentication.method.ldap.referral=ignore
> atlas.authentication.method.ldap.user.searchfilter=(uid=\{0})
> atlas.authentication.method.ldap.default.role=ROLE_USER
>  
> but I get error
> 2021-07-13 13:02:45,523 WARN  - [pool-2-thread-4:] ~ Failed to get groups for 
> user jztwk (retry=0) by javax.naming.OperationNotSupportedException: [LDAP: 
> error code 53 - unauthenticated bind (DN with no password) disallowed] 
> (LdapGroupsMapping:290)2021-07-13 13:02:45,523 WARN  - [pool-2-thread-4:] ~ 
> Failed to get groups for user jztwk (retry=0) by 
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 
> unauthenticated bind (DN with no password) disallowed] 
> (LdapGroupsMapping:290)2021-07-13 13:02:45,524 WARN  - [pool-2-thread-4:] ~ 
> Failed to get groups for user jztwk (retry=1) by 
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 
> unauthenticated bind (DN with no password) disallowed] 
> (LdapGroupsMapping:290)2021-07-13 13:02:45,526 WARN  - [pool-2-thread-4:] ~ 
> Failed to get groups for user jztwk (retry=2) by 
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 
> unauthenticated bind (DN with no password) disallowed] 
> (LdapGroupsMapping:290)2021-07-13 13:02:45,533 WARN  - [pool-2-thread-4:] ~ 
> Failed to get groups for user jztwk (retry=0) by 
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 
> unauthenticated bind (DN with no password) disallowed] 
> (LdapGroupsMapping:290)2021-07-13 13:02:45,535 WARN  - [pool-2-thread-4:] ~ 
> Failed to get groups for user jztwk (retry=1) by 
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 
> unauthenticated bind (DN with no password) disallowed] 
> (LdapGroupsMapping:290)2021-07-13 13:02:45,536 WARN  - [pool-2-thread-4:] ~ 
> Failed to get groups for user jztwk (retry=2) by 
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 
> unauthenticated bind (DN with no password) disallowed] 
> (LdapGroupsMapping:290)2021-07-13 13:02:45,538 ERROR - [pool-2-thread-4:] ~ 
> Exception while fetching groups  
> (AtlasAbstractAuthenticationProvider:137)java.io.IOException: No groups found 
> for user jztwk at 
> org.apache.hadoop.security.Groups.noGroupsForUser(Groups.java:200) at 
> org.apache.hadoop.security.Groups.access$400(Groups.java:75) at 
> org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:334) at 
> org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270) at 
> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3527)
>  at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2276) 
> at 
> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154)
>  at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044) at 
> com.google.common.cache.LocalCache.get(LocalCache.java:3951) at 
> com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3973) at 
> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4957)
>  at org.apache.hadoop.security.Groups.getGroups(Groups.java:228) at 
> org.apache.atlas.web.security.AtlasAbstractAuthenticationProvider.getAuthoritiesFromUGI(AtlasAbstractAuthenticationProvider.java:125)
>  at 
> org.apache.atlas.web.security.AtlasAbstractAuthenticationProvider.getAuthenticationWithGrantedAuthorityFromUGI(AtlasAbstractAuthenticationProvider.java:89)
>  at 
> org.apache.atlas.web.security.AtlasLdapAuthenticationProvider.getLdapBindAuthentication(AtlasLdapAuthenticationProvider.java:129)
>  at 
> org.apache.atlas.web.security.AtlasLdapAuthenticationProvider.authenticate(AtlasLdapAuthenticationProvider.java:73)
>  at 
> org.apache.atlas.web.security.AtlasAuthenticationProvider.authenticate(AtlasAuthenticationProvider.java:114)
>  at 
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
>  at 
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
>  at 
> org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
>  at 
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
>  at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>  at 
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
>  at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>  at 
> org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
>  at 
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>  at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>  at 
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
>  at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>  at 
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
>  at 
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>  at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>  at 
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
>  at 
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
>  at 
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
>  at 
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
>  at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1691)
>  at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) 
> at 
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) 
> at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
>  at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
>  at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) 
> at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>  at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
>  at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) 
> at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
>  at org.eclipse.jetty.server.Server.handle(Server.java:534) at 
> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) at 
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) 
> at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
>  at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) at 
> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
>  at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
>  at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
>  at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)