[
https://issues.apache.org/jira/browse/KNOX-536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15560047#comment-15560047
]
Larry McCay commented on KNOX-536:
----------------------------------
Hi [~eyang] - this is great information. I'm not sure what you mean that the
PAM module has been in Knox since 0.6.0. Maybe the patch was available but I
don't think it goes back that far. It was only recently committed to master and
will be introduced as a new feature for Apache Knox in 0.10.0.
So, it isn't available in 0.6.0 or 0.7.0.
I am interested to see so much focus on the replication and flattening of the
hierarchy in your description. Is this actually required to support the nested
OUs along with the pam_sss?
Again, this is great information and it will help me ultimately be able to
reproduce the usecase and resolve this issue.
I am hoping to be able to do a simple test wherein a change to the users.ldif
file to make it contain nested OUs and the use of a pam module will help
accomplish group lookup across nested OUs. Does what you describe above with
the replication and all mean that such a simple test will not work without that
sort of machinery in place?
Thanks!
> LDAP authentication against nested OU
> -------------------------------------
>
> Key: KNOX-536
> URL: https://issues.apache.org/jira/browse/KNOX-536
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.5.0, 0.6.0, 0.7.0
> Environment: All
> Reporter: Jeffrey E Rodriguez
> Fix For: 0.10.0
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Knox Gateway provides HTTP BASIC authentication against an LDAP user
> directory. It currently supports only a single Organizational Unit (OU) and
> does not support nested OUs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
