[
https://issues.apache.org/jira/browse/KYLIN-4271?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
wu.kehua updated KYLIN-4271:
----------------------------
Description:
Kylin's user authentication is normal when connecting to an LDAP server with
the LDAP protocol enabled. However, the LDAP protocol is transmitted in plain
text and there are security risks. Therefore, the LDAP server that uses the
LDAPs protocol needs to be enabled. The LDAPs protocol supports encrypted
transmission. After configuring the LDAP related configuration in
kylin.properties, Kylin server cannot connect to the LDAP server for user
authentication.
The Kylin log shows the error log, as follows, you can also see the detail log
in attachment.
{code:java}
Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
{code}
So we add "javax.net.ssl.trustStore" to support
was:
Kylin's user authentication is normal when connecting to an LDAP server with
the LDAP protocol enabled. However, the LDAP protocol is transmitted in plain
text and there are security risks. Therefore, the LDAP server that uses the
LDAPs protocol needs to be enabled. The LDAPs protocol supports encrypted
transmission. After configuring the LDAP related configuration in
kylin.properties, Kylin server cannot connect to the LDAP server for user
authentication.
The Kylin log shows the error log, as follows, you can also see the detail log
in attachment.
{code:java}
Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
{code}
So we add
> Use configurable certificate to support LDAPs authentication of Kylin
> ---------------------------------------------------------------------
>
> Key: KYLIN-4271
> URL: https://issues.apache.org/jira/browse/KYLIN-4271
> Project: Kylin
> Issue Type: Improvement
> Components: Security
> Affects Versions: v3.0.0
> Reporter: wu.kehua
> Assignee: wu.kehua
> Priority: Major
> Attachments: kylin.log
>
>
> Kylin's user authentication is normal when connecting to an LDAP server with
> the LDAP protocol enabled. However, the LDAP protocol is transmitted in plain
> text and there are security risks. Therefore, the LDAP server that uses the
> LDAPs protocol needs to be enabled. The LDAPs protocol supports encrypted
> transmission. After configuring the LDAP related configuration in
> kylin.properties, Kylin server cannot connect to the LDAP server for user
> authentication.
> The Kylin log shows the error log, as follows, you can also see the detail
> log in attachment.
> {code:java}
> Root exception is javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException:
> PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> {code}
> So we add "javax.net.ssl.trustStore" to support
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
