[jira] [Commented] (KYLIN-2305) Unable to use long searchBase/Pattern for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15925559#comment-15925559 ] Shaofeng SHI commented on KYLIN-2305: - Kanta, the JIRAs won't be closed until be formally released. You can set it as "Resolved" now to indicate it has been resolved. > Unable to use long searchBase/Pattern for LDAP > -- > > Key: KYLIN-2305 > URL: https://issues.apache.org/jira/browse/KYLIN-2305 > Project: Kylin > Issue Type: Bug >Affects Versions: v1.6.0 >Reporter: mathias kluba >Assignee: Kanta Kuramoto > Fix For: v2.0.0 > > Attachments: KYLIN-2305.patch > > > I try to use LDAP authentication. > I set the ldap.user.searchBase & ldap.user.searchPattern & > ldap.user.groupSearchBase > I followed the documentation > http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html > It crashed because of: > {code} > Failed to parse DN; nested exception is > org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column > 38. Encountered: "." (46), after : "" > {code} > I change the logger configuration to have debug to understand the query done > using Spring Security LdapTemplate. > It seems that it trim the value at column 38 and add "..." > I can't tell you my real AD path, but here is an example: > in kylin.properties: > {code} > > ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM > {code} > Debug log: > {code} > 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] > search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with > user search [ searchFilter: '(sAMAccountName={0})', searchBase: > 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: > 0, derefLinkFlag: false ] > {code} > I change the searchBase to be shorted (less than 38 char) and it seems that > the bug is the same with the searchPattern and the groupSearchBase. > I don't know where Kylin is reading these properties, but it seems that it > doesn't use the right function (maybe toString() that trim the value?) -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (KYLIN-2305) Unable to use long searchBase/Pattern for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15925422#comment-15925422 ] Kanta Kuramoto commented on KYLIN-2305: --- Thank you for the review and merging the patch, [~yimingliu] and [~Shaofengshi]. Can I close this JIRA? > Unable to use long searchBase/Pattern for LDAP > -- > > Key: KYLIN-2305 > URL: https://issues.apache.org/jira/browse/KYLIN-2305 > Project: Kylin > Issue Type: Bug >Affects Versions: v1.6.0 >Reporter: mathias kluba >Assignee: Kanta Kuramoto > Fix For: v2.0.0 > > Attachments: KYLIN-2305.patch > > > I try to use LDAP authentication. > I set the ldap.user.searchBase & ldap.user.searchPattern & > ldap.user.groupSearchBase > I followed the documentation > http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html > It crashed because of: > {code} > Failed to parse DN; nested exception is > org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column > 38. Encountered: "." (46), after : "" > {code} > I change the logger configuration to have debug to understand the query done > using Spring Security LdapTemplate. > It seems that it trim the value at column 38 and add "..." > I can't tell you my real AD path, but here is an example: > in kylin.properties: > {code} > > ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM > {code} > Debug log: > {code} > 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] > search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with > user search [ searchFilter: '(sAMAccountName={0})', searchBase: > 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: > 0, derefLinkFlag: false ] > {code} > I change the searchBase to be shorted (less than 38 char) and it seems that > the bug is the same with the searchPattern and the groupSearchBase. > I don't know where Kylin is reading these properties, but it seems that it > doesn't use the right function (maybe toString() that trim the value?) -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (KYLIN-2305) Unable to use long searchBase/Pattern for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15906211#comment-15906211 ] Shaofeng SHI commented on KYLIN-2305: - Patch merged into master branch: https://github.com/apache/kylin/commit/181b6c5c16fc0506a475993f3735a4b7e73a07c1 > Unable to use long searchBase/Pattern for LDAP > -- > > Key: KYLIN-2305 > URL: https://issues.apache.org/jira/browse/KYLIN-2305 > Project: Kylin > Issue Type: Bug >Affects Versions: v1.6.0 >Reporter: mathias kluba >Assignee: Kanta Kuramoto > Fix For: v2.0.0 > > Attachments: KYLIN-2305.patch > > > I try to use LDAP authentication. > I set the ldap.user.searchBase & ldap.user.searchPattern & > ldap.user.groupSearchBase > I followed the documentation > http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html > It crashed because of: > {code} > Failed to parse DN; nested exception is > org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column > 38. Encountered: "." (46), after : "" > {code} > I change the logger configuration to have debug to understand the query done > using Spring Security LdapTemplate. > It seems that it trim the value at column 38 and add "..." > I can't tell you my real AD path, but here is an example: > in kylin.properties: > {code} > > ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM > {code} > Debug log: > {code} > 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] > search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with > user search [ searchFilter: '(sAMAccountName={0})', searchBase: > 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: > 0, derefLinkFlag: false ] > {code} > I change the searchBase to be shorted (less than 38 char) and it seems that > the bug is the same with the searchPattern and the groupSearchBase. > I don't know where Kylin is reading these properties, but it seems that it > doesn't use the right function (maybe toString() that trim the value?) -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (KYLIN-2305) Unable to use long searchBase/Pattern for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15905441#comment-15905441 ] Billy Liu commented on KYLIN-2305: -- +1. > Unable to use long searchBase/Pattern for LDAP > -- > > Key: KYLIN-2305 > URL: https://issues.apache.org/jira/browse/KYLIN-2305 > Project: Kylin > Issue Type: Bug >Affects Versions: v1.6.0 >Reporter: mathias kluba >Assignee: Kanta Kuramoto > Attachments: KYLIN-2305.patch > > > I try to use LDAP authentication. > I set the ldap.user.searchBase & ldap.user.searchPattern & > ldap.user.groupSearchBase > I followed the documentation > http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html > It crashed because of: > {code} > Failed to parse DN; nested exception is > org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column > 38. Encountered: "." (46), after : "" > {code} > I change the logger configuration to have debug to understand the query done > using Spring Security LdapTemplate. > It seems that it trim the value at column 38 and add "..." > I can't tell you my real AD path, but here is an example: > in kylin.properties: > {code} > > ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM > {code} > Debug log: > {code} > 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] > search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with > user search [ searchFilter: '(sAMAccountName={0})', searchBase: > 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: > 0, derefLinkFlag: false ] > {code} > I change the searchBase to be shorted (less than 38 char) and it seems that > the bug is the same with the searchPattern and the groupSearchBase. > I don't know where Kylin is reading these properties, but it seems that it > doesn't use the right function (maybe toString() that trim the value?) -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (KYLIN-2305) Unable to use long searchBase/Pattern for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15904700#comment-15904700 ] Shaofeng SHI commented on KYLIN-2305: - +1 Looks good, thanks Kanta! > Unable to use long searchBase/Pattern for LDAP > -- > > Key: KYLIN-2305 > URL: https://issues.apache.org/jira/browse/KYLIN-2305 > Project: Kylin > Issue Type: Bug >Affects Versions: v1.6.0 >Reporter: mathias kluba >Assignee: Kanta Kuramoto > Attachments: KYLIN-2305.patch > > > I try to use LDAP authentication. > I set the ldap.user.searchBase & ldap.user.searchPattern & > ldap.user.groupSearchBase > I followed the documentation > http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html > It crashed because of: > {code} > Failed to parse DN; nested exception is > org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column > 38. Encountered: "." (46), after : "" > {code} > I change the logger configuration to have debug to understand the query done > using Spring Security LdapTemplate. > It seems that it trim the value at column 38 and add "..." > I can't tell you my real AD path, but here is an example: > in kylin.properties: > {code} > > ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM > {code} > Debug log: > {code} > 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] > search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with > user search [ searchFilter: '(sAMAccountName={0})', searchBase: > 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: > 0, derefLinkFlag: false ] > {code} > I change the searchBase to be shorted (less than 38 char) and it seems that > the bug is the same with the searchPattern and the groupSearchBase. > I don't know where Kylin is reading these properties, but it seems that it > doesn't use the right function (maybe toString() that trim the value?) -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (KYLIN-2305) Unable to use long searchBase/Pattern for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15818198#comment-15818198 ] mathias kluba commented on KYLIN-2305: -- Sorry but I don't agree. With a smaller searchBase (under 38 characters) it works. The error message says: "Failed to parse DN; ... Lexical error at line 1, column 38. Encountered: "." We can see that the Spring Security code that uses LDAP java API is parsing a string to build a DN, and crashes because the String is not correct at column 38. > Unable to use long searchBase/Pattern for LDAP > -- > > Key: KYLIN-2305 > URL: https://issues.apache.org/jira/browse/KYLIN-2305 > Project: Kylin > Issue Type: Bug >Affects Versions: v1.6.0 >Reporter: mathias kluba > > I try to use LDAP authentication. > I set the ldap.user.searchBase & ldap.user.searchPattern & > ldap.user.groupSearchBase > I followed the documentation > http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html > It crashed because of: > {code} > Failed to parse DN; nested exception is > org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column > 38. Encountered: "." (46), after : "" > {code} > I change the logger configuration to have debug to understand the query done > using Spring Security LdapTemplate. > It seems that it trim the value at column 38 and add "..." > I can't tell you my real AD path, but here is an example: > in kylin.properties: > {code} > > ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM > {code} > Debug log: > {code} > 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] > search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with > user search [ searchFilter: '(sAMAccountName={0})', searchBase: > 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: > 0, derefLinkFlag: false ] > {code} > I change the searchBase to be shorted (less than 38 char) and it seems that > the bug is the same with the searchPattern and the groupSearchBase. > I don't know where Kylin is reading these properties, but it seems that it > doesn't use the right function (maybe toString() that trim the value?) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KYLIN-2305) Unable to use long searchBase/Pattern for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15800492#comment-15800492 ] Shaofeng SHI commented on KYLIN-2305: - Agree with Billy; Kylin desn't trim the value. If you don't believe, you can find the kylinSecurity.xml file (should be in $KYLIN_HOME/tomcat/webapps/kylin/WEB-INF/classes) and the replace the "ldap.user.searchBase" property with your values, then try again. > Unable to use long searchBase/Pattern for LDAP > -- > > Key: KYLIN-2305 > URL: https://issues.apache.org/jira/browse/KYLIN-2305 > Project: Kylin > Issue Type: Bug >Affects Versions: v1.6.0 >Reporter: mathias kluba > > I try to use LDAP authentication. > I set the ldap.user.searchBase & ldap.user.searchPattern & > ldap.user.groupSearchBase > I followed the documentation > http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html > It crashed because of: > {code} > Failed to parse DN; nested exception is > org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column > 38. Encountered: "." (46), after : "" > {code} > I change the logger configuration to have debug to understand the query done > using Spring Security LdapTemplate. > It seems that it trim the value at column 38 and add "..." > I can't tell you my real AD path, but here is an example: > in kylin.properties: > {code} > > ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM > {code} > Debug log: > {code} > 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] > search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with > user search [ searchFilter: '(sAMAccountName={0})', searchBase: > 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: > 0, derefLinkFlag: false ] > {code} > I change the searchBase to be shorted (less than 38 char) and it seems that > the bug is the same with the searchPattern and the groupSearchBase. > I don't know where Kylin is reading these properties, but it seems that it > doesn't use the right function (maybe toString() that trim the value?) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KYLIN-2305) Unable to use long searchBase/Pattern for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15764317#comment-15764317 ] Billy Liu commented on KYLIN-2305: -- I don't think there are length limit or wrong trim function here. The "..." is just used for logging information. Kylin use Spring Security to access LDAP, not directly. > Unable to use long searchBase/Pattern for LDAP > -- > > Key: KYLIN-2305 > URL: https://issues.apache.org/jira/browse/KYLIN-2305 > Project: Kylin > Issue Type: Bug >Affects Versions: v1.6.0 >Reporter: mathias kluba > > I try to use LDAP authentication. > I set the ldap.user.searchBase & ldap.user.searchPattern & > ldap.user.groupSearchBase > I followed the documentation > http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html > It crashed because of: > {code} > Failed to parse DN; nested exception is > org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column > 38. Encountered: "." (46), after : "" > {code} > I change the logger configuration to have debug to understand the query done > using Spring Security LdapTemplate. > It seems that it trim the value at column 38 and add "..." > I can't tell you my real AD path, but here is an example: > in kylin.properties: > {code} > > ldap.user.searchBase=OU=Users,OU=Accounts,OU=FR,OU=ABCDE,OU=FGHIJ,DC=MYCOMPANY,DC=COM > {code} > Debug log: > {code} > 2016-12-20 14:04:41,242 DEBUG [http-bio-7070-exec-1] > search.FilterBasedLdapUserSearch:107 : Searching for user 'mylogin', with > user search [ searchFilter: '(sAMAccountName={0})', searchBase: > 'OU=Users,OU=Accounts,OU=FR,OU=ABCDE,O...', scope: subtree, searchTimeLimit: > 0, derefLinkFlag: false ] > {code} > I change the searchBase to be shorted (less than 38 char) and it seems that > the bug is the same with the searchPattern and the groupSearchBase. > I don't know where Kylin is reading these properties, but it seems that it > doesn't use the right function (maybe toString() that trim the value?) -- This message was sent by Atlassian JIRA (v6.3.4#6332)