[jira] [Updated] (KNOX-437) KnoxLdapContextFactory should be configured by default in all topology files and docs

Thu, 02 Oct 2014 14:20:06 -0700 

     [ 
https://issues.apache.org/jira/browse/KNOX-437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Minder updated KNOX-437:
------------------------------
    Description: 
In some cases the KnoxLdapRealm will not work unless the KnoxLdapContextFactory 
is also configured.  In particular the use of an ${ALIAS=...} in the 
>main.ldapRealm.contextFactory.systemPassword param.  As this is such a common 
and important use cases the KnoxLdapContextFactory should be included in all 
default topology files, all sample topology files and all documented topology 
files.

The snippet below shows what needs to be added to the topology files.
{code:xml}
<topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>ShiroProvider</name>
            <enabled>true</enabled>
            ...
            <param>
                <name>main.ldapRealm</name>
                
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
            </param>
            <param>
                <name>main.ldapContextFactory</name>
                
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
            </param>
            <param>
                <name>main.ldapRealm.contextFactory</name>
                <value>$ldapContextFactory</value>
            </param>
            ...
    </gateway>
    ...
</topology>
{code}

Without this in particular there were exceptions in the gateway.log file at 
startup when password indirection was used in the ShiroProvider section like 
this.
{code:xml}
            <param>
                <name>main.ldapRealm.contextFactory.systemPassword</name>
                <value>${ALIAS=adSysPwd}</value>
            </param>
{code}

  was:
In some cases the KnoxLdapRealm will not work unless the KnoxLdapContextFactory 
is also configured.  In particular the use of an ${ALIAS=...} in the 
>main.ldapRealm.contextFactory.systemPassword param.  As this is such a common 
and important use cases the KnoxLdapContextFactory should be included in all 
default topology files, all sample topology files and all documented topology 
files.

The snippet below shows what needs to be added to the topology files.
{code:xml}
<topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>ShiroProvider</name>
            <enabled>true</enabled>
            ...
            <param>
                <name>main.ldapRealm</name>
                
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
            </param>
            <param>
                <name>main.ldapContextFactory</name>
                
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
            </param>
            <param>
                <name>main.ldapRealm.contextFactory</name>
                <value>$ldapContextFactory</value>
            </param>
            ...
    </gateway>
    ...
</topology>
{code}


> KnoxLdapContextFactory should be configured by default in all topology files 
> and docs
> -------------------------------------------------------------------------------------
>
>                 Key: KNOX-437
>                 URL: https://issues.apache.org/jira/browse/KNOX-437
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server, Site
>    Affects Versions: 0.4.0
>            Reporter: Kevin Minder
>            Priority: Blocker
>             Fix For: 0.5.0
>
>
> In some cases the KnoxLdapRealm will not work unless the 
> KnoxLdapContextFactory is also configured.  In particular the use of an 
> ${ALIAS=...} in the >main.ldapRealm.contextFactory.systemPassword param.  As 
> this is such a common and important use cases the KnoxLdapContextFactory 
> should be included in all default topology files, all sample topology files 
> and all documented topology files.
> The snippet below shows what needs to be added to the topology files.
> {code:xml}
> <topology>
>     <gateway>
>         <provider>
>             <role>authentication</role>
>             <name>ShiroProvider</name>
>             <enabled>true</enabled>
>             ...
>             <param>
>                 <name>main.ldapRealm</name>
>                 
> <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
>             </param>
>             <param>
>                 <name>main.ldapContextFactory</name>
>                 
> <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
>             </param>
>             <param>
>                 <name>main.ldapRealm.contextFactory</name>
>                 <value>$ldapContextFactory</value>
>             </param>
>             ...
>     </gateway>
>     ...
> </topology>
> {code}
> Without this in particular there were exceptions in the gateway.log file at 
> startup when password indirection was used in the ShiroProvider section like 
> this.
> {code:xml}
>             <param>
>                 <name>main.ldapRealm.contextFactory.systemPassword</name>
>                 <value>${ALIAS=adSysPwd}</value>
>             </param>
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to