[jira] [Created] (KNOX-629) Misleading otuput for system-user-auth-test when userSearchBase used

Tue, 17 Nov 2015 10:54:45 -0800 

Kevin Minder created KNOX-629:
---------------------------------

             Summary: Misleading otuput for system-user-auth-test when 
userSearchBase used
                 Key: KNOX-629
                 URL: https://issues.apache.org/jira/browse/KNOX-629
             Project: Apache Knox
          Issue Type: Bug
          Components: KnoxCLI
    Affects Versions: 0.7.0
            Reporter: Kevin Minder
             Fix For: 0.7.0


See the output below.  The use of searchBase and userSearchBase are 
interchangeable but the diagnostics don't take that into account.

{code}
bin/knoxcli.sh system-user-auth-test --cluster admin
Warn: main.ldapRealm.searchBase is not present in topology
main.ldapRealm.userSearchAttributeName or main.ldapRealm.userObjectClass or 
main.ldapRealm.searchBase was found in the topology
If any one of the above params is present, all must be present.
Topology warnings present. SystemUser may not bind.
System LDAP Bind successful.
{code}

for this correct topology

{code}
<topology>

  <gateway>

    <provider>
      <role>authentication</role>
      <name>ShiroProvider</name>
      <enabled>true</enabled>
      <param name="main.ldapRealm" 
value="org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm"/>
      <param name="main.ldapContextFactory" 
value="org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory"/>
      <param name="main.ldapRealm.contextFactory" value="$ldapContextFactory"/>
      <param name="main.ldapRealm.contextFactory.url" 
value="ldap://ad-nano.qe.hortonworks.com:389"/>
      <param name="main.ldapRealm.contextFactory.authenticationMechanism" 
value="simple"/>
      <param name="main.ldapRealm.contextFactory.systemUsername" 
value="CN=Kevin Minder,CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
      <param name="main.ldapRealm.contextFactory.systemPassword" 
value="p@ssw0rd"/>
      <param name="main.ldapRealm.userSearchBase" 
value="CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
      <param name="main.ldapRealm.userSearchAttributeName" 
value="sAMAccountName"/>
      <param name="main.ldapRealm.userObjectClass" value="person"/>
      <param name="urls./**" value="authcBasic"/>
    </provider>

  </gateway>

  <service>
    <role>KNOX</role>
  </service>

</topology>
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to