[
https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15818198#comment-15818198
]
mathias kluba edited comment on KYLIN-2305 at 1/11/17 12:40 PM:
----------------------------------------------------------------
Sorry but I don't agree.
With a smaller searchBase (under 38 characters) it works.
The error message says: "Failed to parse DN; ... Lexical error at line 1,
column 38. Encountered: "."
We can see that the Spring Security code that uses LDAP java API is parsing a
string to build a DN, and crashes because the String is not correct at column
38.
I'm not able to debug as of today, and I don't understand what is the code that
can modify the value injected by Spring from the .properties file...
was (Author: mathias.kluba):
Sorry but I don't agree.
With a smaller searchBase (under 38 characters) it works.
The error message says: "Failed to parse DN; ... Lexical error at line 1,
column 38. Encountered: "."
We can see that the Spring Security code that uses LDAP java API is parsing a
string to build a DN, and crashes because the String is not correct at column
38.
> Unable to use long searchBase/Pattern for LDAP
> ----------------------------------------------
>
> Key: KYLIN-2305
> URL: https://issues.apache.org/jira/browse/KYLIN-2305
> Project: Kylin
> Issue Type: Bug
> Affects Versions: v1.6.0
> Reporter: mathias kluba
>
> I try to use LDAP authentication.
> I set the ldap.user.searchBase & ldap.user.searchPattern &
> ldap.user.groupSearchBase
> I followed the documentation
> http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html
> It crashed because of:
> {code}
> Failed to parse DN; nested exception is
> org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column
> 38. Encountered: "." (46), after : ""
> {code}
> I change the logger configuration to have debug to understand the query done
> using Spring Security LdapTemplate.
> It seems that it trim the value at column 38 and add "..."
> I can't tell you my real AD path, but here is an example:
> in kylin.properties:
> {code}
>
> ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM
> {code}
> Debug log:
> {code}
> 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1]
> search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with
> user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit:
> 0, derefLinkFlag: false ]
> {code}
> I change the searchBase to be shorted (less than 38 char) and it seems that
> the bug is the same with the searchPattern and the groupSearchBase.
> I don't know where Kylin is reading these properties, but it seems that it
> doesn't use the right function (maybe toString() that trim the value?)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
