What's your Kylin version? Which document are you following? I just noticed the LDAP configuration document has been out of date for some time. We will update it. But seems you're not following that -:).
BTW, there is no the configuration named "kylin.security.ldap.user-search-filter" in Apache Kylin code base. Jiatao Tao <245915...@qq.com> 于2018年10月13日周六 下午9:42写道: > Hi, > Can you try command '"ldapsearch" to get the users/groups you wanted > first? > > --- > Regards! > Aron Tao > > > > On [DATE], "[NAME]" <[ADDRESS]> wrote: > > Hi - Please help us to solve the below issue to sync with LDAP > > Below is the kylin ldap configuration . > > kylin.security.profile=ldap > kylin.security.acl.admin-role=ROLE_KYLIN-ADMIN-GROUP > > kylin.security.ldap.connection-server=ldap://****:389 > kylin.security.ldap.connection-username=********* > kylin.security.ldap.connection-password=***** > > > kylin.security.ldap.user-search-base=OU=****,OU=Applications,DC=****,DC=com > > kylin.security.ldap.user-search-pattern=(&(cn={0})) --tried with many > options but still same issue as below (CN=*, > OU=Applications,OU=Groups,DC=bcbsfl,DC=com) (uid=*) > > #kylin.security.ldap.user-search-filter=CN=*,OU=Hadoop,DC=****,DC=com > > > kylin.security.ldap.user-group-search-base=OU=Requested,OU=Groups,DC=*****,DC=com > > > > org.springframework.security.authentication.InternalAuthenticationServiceException: > Empty filter; nested exception is > javax.naming.directory.InvalidSearchFilterException: Empty filter; > remaining > name '/' > at > > org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206) > at > > org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85) > at > > org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:94) > at > > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) > at > > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) > at > > org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180) > at > > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) > at > > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) > at > > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > > org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) > at > > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > > org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) > > > -- > Sent from: http://apache-kylin.74782.x6.nabble.com/ > > > > > -- Best regards, Shaofeng Shi 史少锋