Selim Namsi created KNOX-650:
--------------------------------
Summary: Add posixGroups support for LDAP groups lookup
Key: KNOX-650
URL: https://issues.apache.org/jira/browse/KNOX-650
Project: Apache Knox
Issue Type: New Feature
Affects Versions: 0.7.0
Reporter: Selim Namsi
Fix For: Future
Add posixGroups support for LDAP group lookup. The current implementation works
only with groupOfNames.
posixGroups have "memberUid" attribute which is different from "member"
attribute, and when we set main.ldapRealm.memberAttribute equal to "memberUid",
this line (306) in org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.java:
{noformat}
if (userLdapDn.equals(new LdapName(attrValue)))
{noformat}
will generate an InvalidNameException because "memberUid" is just an id and not
formatted according to the rules defined in RFC 2253.
To fix this, we need to just test if the group is a posixGroup and then update
attrValue by adding memberAttributeValuePrefix and memberAttributeValueSuffix
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
