[jira] [Updated] (KNOX-629) Misleading otuput for system-user-auth-test when userSearchBase used

Tue, 22 Dec 2015 07:44:38 -0800 

     [ 
https://issues.apache.org/jira/browse/KNOX-629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Minder updated KNOX-629:
------------------------------
    Fix Version/s:     (was: 0.7.0)
                   0.8.0

> Misleading otuput for system-user-auth-test when userSearchBase used
> --------------------------------------------------------------------
>
>                 Key: KNOX-629
>                 URL: https://issues.apache.org/jira/browse/KNOX-629
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: KnoxCLI
>    Affects Versions: 0.7.0
>            Reporter: Kevin Minder
>             Fix For: 0.8.0
>
>
> See the output below.  The use of searchBase and userSearchBase are 
> interchangeable but the diagnostics don't take that into account.
> {code}
> bin/knoxcli.sh system-user-auth-test --cluster admin
> Warn: main.ldapRealm.searchBase is not present in topology
> main.ldapRealm.userSearchAttributeName or main.ldapRealm.userObjectClass or 
> main.ldapRealm.searchBase was found in the topology
> If any one of the above params is present, all must be present.
> Topology warnings present. SystemUser may not bind.
> System LDAP Bind successful.
> {code}
> for this correct topology
> {code}
> <topology>
>   <gateway>
>     <provider>
>       <role>authentication</role>
>       <name>ShiroProvider</name>
>       <enabled>true</enabled>
>       <param name="main.ldapRealm" 
> value="org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm"/>
>       <param name="main.ldapContextFactory" 
> value="org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory"/>
>       <param name="main.ldapRealm.contextFactory" 
> value="$ldapContextFactory"/>
>       <param name="main.ldapRealm.contextFactory.url" 
> value="ldap://ad-nano.qe.hortonworks.com:389"/>
>       <param name="main.ldapRealm.contextFactory.authenticationMechanism" 
> value="simple"/>
>       <param name="main.ldapRealm.contextFactory.systemUsername" 
> value="CN=Kevin Minder,CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
>       <param name="main.ldapRealm.contextFactory.systemPassword" 
> value="p@ssw0rd"/>
>       <param name="main.ldapRealm.userSearchBase" 
> value="CN=Users,DC=hwqe,DC=hortonworks,DC=com"/>
>       <param name="main.ldapRealm.userSearchAttributeName" 
> value="sAMAccountName"/>
>       <param name="main.ldapRealm.userObjectClass" value="person"/>
>       <param name="urls./**" value="authcBasic"/>
>     </provider>
>   </gateway>
>   <service>
>     <role>KNOX</role>
>   </service>
> </topology>
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to