[
https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15818198#comment-15818198
]
mathias kluba edited comment on KYLIN-2305 at 1/11/17 12:41 PM:
----------------------------------------------------------------
Sorry but I don't agree.
With a smaller searchBase (under 38 characters) it works.
The error message says: "Failed to parse DN; ... Lexical error at line 1,
column 38. Encountered: "."
We can see that the Spring Security code that uses LDAP java API is parsing a
string to build a DN, and crashes because the String is not correct at column
38.
I'm not able to debug as of today, and I don't understand what is the code that
can modify the value injected by Spring from the .properties file...
I'll try with your kylinSecurity.xml file without the Spring variable from
.properties, I'll let you know if it works.
was (Author: mathias.kluba):
Sorry but I don't agree.
With a smaller searchBase (under 38 characters) it works.
The error message says: "Failed to parse DN; ... Lexical error at line 1,
column 38. Encountered: "."
We can see that the Spring Security code that uses LDAP java API is parsing a
string to build a DN, and crashes because the String is not correct at column
38.
I'm not able to debug as of today, and I don't understand what is the code that
can modify the value injected by Spring from the .properties file...
> Unable to use long searchBase/Pattern for LDAP
> ----------------------------------------------
>
> Key: KYLIN-2305
> URL: https://issues.apache.org/jira/browse/KYLIN-2305
> Project: Kylin
> Issue Type: Bug
> Affects Versions: v1.6.0
> Reporter: mathias kluba
>
> I try to use LDAP authentication.
> I set the ldap.user.searchBase & ldap.user.searchPattern &
> ldap.user.groupSearchBase
> I followed the documentation
> http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html
> It crashed because of:
> {code}
> Failed to parse DN; nested exception is
> org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column
> 38. Encountered: "." (46), after : ""
> {code}
> I change the logger configuration to have debug to understand the query done
> using Spring Security LdapTemplate.
> It seems that it trim the value at column 38 and add "..."
> I can't tell you my real AD path, but here is an example:
> in kylin.properties:
> {code}
>
> ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM
> {code}
> Debug log:
> {code}
> 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1]
> search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with
> user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit:
> 0, derefLinkFlag: false ]
> {code}
> I change the searchBase to be shorted (less than 38 char) and it seems that
> the bug is the same with the searchPattern and the groupSearchBase.
> I don't know where Kylin is reading these properties, but it seems that it
> doesn't use the right function (maybe toString() that trim the value?)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
