Kylin uses Spring-Security implementing the LDAP authentication. So the problem is more Spring-security related. If Spring supports GSS+LDAP, then it will be doable in Kylin. Suggest you do some search with Spring.
2016-04-25 12:16 GMT+08:00 alaleiwang <[email protected]>: > hi: > i am trying to use ldap authentication on my kylin server(1.5.1),some > problem happened > my kylin.conf as followers: > #LDAP authentication configuration > ldap.server=ldap://ldap.XXXX.com:389 > [email protected] > ldap.password=XXXX > > #LDAP user account directory; > ldap.user.searchBase=OU=XXX,DC=XXX,DC=com > ldap.user.searchPattern= > > ldap.password was generated by command: > java -cp > > ./server/target/kylin-server-1.5.1-SNAPSHOT/WEB-INF/lib/*:./server/target/kylin-server-1.5.1-SNAPSHOT-classes.jar > org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES password > > but my kylin server fail to start,and i check the “error code 49 +data > 52e” meaning invalid user/password: > Caused by: org.springframework.ldap.AuthenticationException: [LDAP: > error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: > AcceptSecurityContext error, data 52e, v > 1db1^@]; nested exception is javax.naming.AuthenticationException: [LDAP: > error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: > AcceptSecurityContext error, data > 52e, v1db1^@] > at > > org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:182) > at > > org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266) > at > > org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106) > at > > org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125) > at > > org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:792) > at > > org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:196) > at > > org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:116) > at > > org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:90) > at > > org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178) > ... 39 more > Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - > 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, > data > 52e, v1db1^@] > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) > at > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) > at > com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) > at > > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) > at > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) > at > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > at > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) > at javax.naming.InitialContext.init(InitialContext.java:242) > at > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) > at > > org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) > at > > org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) > ... 46 more > > > i also run ldap broserer on my pc,and i found i had to use > user/password with "GSS Negotiated" mode to contact my ldap server: > <http://apache-kylin.74782.x6.nabble.com/file/n4257/ldap.png> > > anyone help to tell what am i doing wrong? > > -- > View this message in context: > http://apache-kylin.74782.x6.nabble.com/kylin-ldap-configuration-problem-tp4257.html > Sent from the Apache Kylin mailing list archive at Nabble.com. > -- Best regards, Shaofeng Shi
