[jira] [Commented] (KYLIN-2819) Add "kylin.env.zookeeper-base-path" for zk path
[
https://issues.apache.org/jira/browse/KYLIN-2819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361864#comment-16361864
]
ASF GitHub Bot commented on KYLIN-2819:
---
yiming187 closed pull request #64: JIRA_ID:KYLIN-2819
URL: https://github.com/apache/kylin/pull/64
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java
b/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java
index 0e990df52f..0a62f3d31f 100644
--- a/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java
+++ b/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java
@@ -226,6 +226,10 @@ public String getHdfsWorkingDirectory() {
return cachedHdfsWorkingDirectory;
}
+public String getZkBasePath() {
+return getOptional("kylin.zk.base.path", "/kylin");
+}
+
/**
* A comma separated list of host:port pairs, each corresponding to a
ZooKeeper server
*/
diff --git a/core-common/src/main/resources/kylin-defaults.properties
b/core-common/src/main/resources/kylin-defaults.properties
index 7c421f9fa0..0cd9b9c248 100644
--- a/core-common/src/main/resources/kylin-defaults.properties
+++ b/core-common/src/main/resources/kylin-defaults.properties
@@ -26,6 +26,8 @@ kylin.env.hdfs-working-dir=/kylin
# DEV|QA|PROD. DEV will turn on some dev features, QA and PROD has no
difference in terms of functions.
kylin.env=QA
+# kylin zk base path
+kylin.zk.base.path=/kylin
### SERVER | WEB ###
diff --git
a/core-job/src/main/java/org/apache/kylin/job/impl/threadpool/DistributedScheduler.java
b/core-job/src/main/java/org/apache/kylin/job/impl/threadpool/DistributedScheduler.java
index e3a5836b97..9902618143 100644
---
a/core-job/src/main/java/org/apache/kylin/job/impl/threadpool/DistributedScheduler.java
+++
b/core-job/src/main/java/org/apache/kylin/job/impl/threadpool/DistributedScheduler.java
@@ -82,7 +82,7 @@
private String serverName;
private final static String SEGMENT_ID = "segmentId";
-public static final String ZOOKEEPER_LOCK_PATH = "/job_engine/lock"; //
note ZookeeperDistributedLock will ensure zk path prefix: /kylin/metadata
+public static final String ZOOKEEPER_LOCK_PATH = "/job_engine/lock"; //
note ZookeeperDistributedLock will ensure zk path prefix:
/${kylin.zk.base.path}/metadata
//only for it test
public static DistributedScheduler getInstance(KylinConfig config) {
diff --git
a/storage-hbase/src/main/java/org/apache/kylin/storage/hbase/util/ZookeeperDistributedLock.java
b/storage-hbase/src/main/java/org/apache/kylin/storage/hbase/util/ZookeeperDistributedLock.java
index 63ffda0a25..27278ffdee 100644
---
a/storage-hbase/src/main/java/org/apache/kylin/storage/hbase/util/ZookeeperDistributedLock.java
+++
b/storage-hbase/src/main/java/org/apache/kylin/storage/hbase/util/ZookeeperDistributedLock.java
@@ -102,7 +102,7 @@ public Factory() {
public Factory(KylinConfig config) {
this.curator = getZKClient(config);
-this.zkPathBase = fixSlash("/kylin/" +
KylinConfig.getInstanceFromEnv().getMetadataUrlPrefix());
+this.zkPathBase = fixSlash(config.getZkBasePath() +
KylinConfig.getInstanceFromEnv().getMetadataUrlPrefix());
}
@Override
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Add "kylin.env.zookeeper-base-path" for zk path
> ---
>
> Key: KYLIN-2819
> URL: https://issues.apache.org/jira/browse/KYLIN-2819
> Project: Kylin
> Issue Type: Improvement
>Affects Versions: v1.5.3
>Reporter: Shen Yinjie
>Assignee: Shen Yinjie
>Priority: Major
> Fix For: v2.2.0
>
> Attachments: KYLIN-2819_2.patch, kylin-2819_1.patch
>
>
> currently kylin zkbasepath is hard-coded as "/kylin",we met a scenario to
> launch more kylin services on YARN, and should make their zkbasepaths
> flexible and separable .
> Add an attribute "kylin.zk.base.path" in kylin.properties and default value
> is "/kylin".
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KYLIN-2960) Support user/group and role authentication for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361832#comment-16361832 ] ASF GitHub Bot commented on KYLIN-2960: --- yiming187 closed pull request #102: KYLIN-2960, modify the default LDAP admin group config. URL: https://github.com/apache/kylin/pull/102 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/core-common/src/main/resources/kylin-defaults.properties b/core-common/src/main/resources/kylin-defaults.properties index a79728a78f..37520ef899 100644 --- a/core-common/src/main/resources/kylin-defaults.properties +++ b/core-common/src/main/resources/kylin-defaults.properties @@ -243,7 +243,7 @@ kylin.query.transformers=org.apache.kylin.query.util.DefaultQueryTransformer,org kylin.security.profile=testing # Admin roles in LDAP, for ldap and saml -kylin.security.acl.admin-role=ROLE_ADMIN +kylin.security.acl.admin-role=admin # LDAP authentication configuration kylin.security.ldap.connection-server=ldap://ldap_server:389 diff --git a/examples/test_case_data/localmeta/kylin.properties b/examples/test_case_data/localmeta/kylin.properties index 1e3f2ff72c..b9dfc387fa 100644 --- a/examples/test_case_data/localmeta/kylin.properties +++ b/examples/test_case_data/localmeta/kylin.properties @@ -93,7 +93,7 @@ kylin.query.transformers=org.apache.kylin.query.util.DefaultQueryTransformer,org kylin.security.profile=testing # Admin roles in LDAP, for ldap and saml -kylin.security.acl.admin-role=ROLE_ADMIN +kylin.security.acl.admin-role=admin # LDAP authentication configuration kylin.security.ldap.connection-server=ldap://ldap_server:389 diff --git a/examples/test_case_data/sandbox/kylin.properties b/examples/test_case_data/sandbox/kylin.properties index b5f8657cce..ae9dad24b3 100644 --- a/examples/test_case_data/sandbox/kylin.properties +++ b/examples/test_case_data/sandbox/kylin.properties @@ -141,7 +141,7 @@ kylin.query.security-enabled=true kylin.security.profile=testing # Admin roles in LDAP, for ldap and saml -kylin.security.acl.admin-role=ROLE_ADMIN +kylin.security.acl.admin-role=admin ### MAIL ### This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Support user/group and role authentication for LDAP > --- > > Key: KYLIN-2960 > URL: https://issues.apache.org/jira/browse/KYLIN-2960 > Project: Kylin > Issue Type: New Feature > Components: Security >Reporter: peng.jianhua >Assignee: jiatao.tao >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-2960-Submit-a-new-feature-that-it-supports-the.patch > > > Currently, the user authentication interface that was provided by kylin to > the third party only supports user and role authentication. However only user > and group have authentication function when we use the LDAP authentication. > In fact the authentication for user and role and the authentication for user > and group have the same functional characteristics between different > appplication system. So we should submit a new feature that it support the > authentication for user and role and the authentication for user and group > when the LDAP authentication was enabled. > We supplied the checkPermission interface to implement the new feature. In > the interface we set user groups information to the userRoles parameter when > the LDAP was enabled, on the contrary we set user roles information to the > userRoles parameter. The interface is as following: > /** > * Checks if a user has permission on an entity. > * > * @param user > * @param userRoles > * @param entityType String constants defined in AclEntityType > * @param entityUuid > * @param permission > * > * @return true if has permission > */ > abstract public boolean checkPermission(String user, List userRoles, > // > String entityType, String entityUuid, Permission permission); -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-2960) Support user/group and role authentication for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361833#comment-16361833 ] ASF GitHub Bot commented on KYLIN-2960: --- yiming187 commented on issue #102: KYLIN-2960, modify the default LDAP admin group config. URL: https://github.com/apache/kylin/pull/102#issuecomment-365153978 merged This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Support user/group and role authentication for LDAP > --- > > Key: KYLIN-2960 > URL: https://issues.apache.org/jira/browse/KYLIN-2960 > Project: Kylin > Issue Type: New Feature > Components: Security >Reporter: peng.jianhua >Assignee: jiatao.tao >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-2960-Submit-a-new-feature-that-it-supports-the.patch > > > Currently, the user authentication interface that was provided by kylin to > the third party only supports user and role authentication. However only user > and group have authentication function when we use the LDAP authentication. > In fact the authentication for user and role and the authentication for user > and group have the same functional characteristics between different > appplication system. So we should submit a new feature that it support the > authentication for user and role and the authentication for user and group > when the LDAP authentication was enabled. > We supplied the checkPermission interface to implement the new feature. In > the interface we set user groups information to the userRoles parameter when > the LDAP was enabled, on the contrary we set user roles information to the > userRoles parameter. The interface is as following: > /** > * Checks if a user has permission on an entity. > * > * @param user > * @param userRoles > * @param entityType String constants defined in AclEntityType > * @param entityUuid > * @param permission > * > * @return true if has permission > */ > abstract public boolean checkPermission(String user, List userRoles, > // > String entityType, String entityUuid, Permission permission); -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361748#comment-16361748
]
Peng Xing commented on KYLIN-3197:
--
Hi [~Aron.tao], thanks for you reply, and I understand your suggestion, so we
should find a better method to resolve this issue, I will continue to analyze.
Besides, my user LDIF is as follows.
{code:java}
dn: dc=zdh,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: zdh.com
dc: zdh
structuralObjectClass: organization
entryUUID: b5eecc56-9462-1037-880c-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123082527Z
entryCSN: 20180123082527.411783Z#00#001#00
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180123082527Z
contextCSN: 20180126061232.673080Z#00#001#00
dn: ou=defaultCluster,dc=zdh,dc=com
ou: defaultCluster
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: f999602a-9466-1037-880d-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123085558Z
entryCSN: 20180123085558.923946Z#00#001#00
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180123085558Z
dn: ou=People,ou=defaultCluster,dc=zdh,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: f99a38b0-9466-1037-880e-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123085558Z
entryCSN: 20180123085558.929482Z#00#001#00
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180123085558Z
dn: ou=Group,ou=defaultCluster,dc=zdh,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: f99ad0ae-9466-1037-880f-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123085558Z
entryCSN: 20180123085558.933381Z#00#001#00
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180123085558Z
dn: cn=wkhGroup,ou=Group,ou=defaultCluster,dc=zdh,dc=com
objectClass: posixGroup
objectClass: top
cn: wkhGroup
gidNumber: 1
structuralObjectClass: posixGroup
entryUUID: f99c7e72-9466-1037-8810-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123085558Z
memberUid: wkh
memberUid: wkh1
memberUid: wkh2
memberUid: Wkh5
entryCSN: 20180124082044.774518Z#00#001#00
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180124082044Z
dn: uid=wkh,ou=People,ou=defaultCluster,dc=zdh,dc=com
uid: wkh
cn: wkh
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
sn: wkh
userPassword:: d2toMTExMTEx
uidNumber: 10001
gidNumber: 1
loginShell: /bin/bash
homeDirectory: /home/wkh
structuralObjectClass: inetOrgPerson
entryUUID: 12430982-9467-1037-8812-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123085640Z
entryCSN: 20180123085640.301158Z#00#001#00
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180123085640Z
{code}
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
>
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:54 AM:
Hi [~xingpeng1]
About Redhat we may need further discussion, it's need a full discussion and
comparison or we can solve one problem today, but next day, another problem may
occur. And can you also put your user's ldif?
Besides, I know you use getAdditionalRoles() to solve this problem, for sure,
but what I say is that should we use this method like this way? Can you find
some examples like document or other projects use this way? Not asking for how
it works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
I believe we are not the only one met this problem, we should go and find out
how other people solve this.
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
About Redhat we may need further discussion, it's need a full discussion and
comparison or we can solve one problem today, but next day, another problem may
occur. And can you also put your user's ldif?
Besides, I know you use getAdditionalRoles() to solve this problem, for sure,
but what I say is that should we use this method like this way? Can you find
some examples like document or other projects use this way? Not asking for how
it works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
I believe we are not the only one met the problem, we should go and find out
how other people solve this.
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:53 AM:
Hi [~xingpeng1]
About Redhat we may need further discussion, it's need a full discussion and
comparison or we can solve one problem today, but next day, another problem may
occur. And can you also put your user's ldif?
Besides, I know you use getAdditionalRoles() to solve this problem, for sure,
but what I say is that should we use this method like this way? Can you find
some examples like document or other projects use this way? Not asking for how
it works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
I believe we are not the only one met the problem, we should go and find out
how other people solve this.
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
About Redhat we may need further discussion, it's need a full discussion and
comparison or we can solve one problem today, but next day, another problem may
occur. And can you also put your user's ldif?
Besides, I know you use getAdditionalRoles() to solve this problem, for sure,
but what I say is that should we use this method like this way? Can you find
some examples like document or other projects use this way? Not asking for how
it works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
>
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:49 AM:
Hi [~xingpeng1]
About Redhat we may need further discussion, it's need a full discussion and
comparison or we can solve one problem today, but next day, another problem may
occur. And can you also put your user's ldif?
Besides, I know you use getAdditionalRoles() to solve this problem, for sure,
but what I say is that should we use this method like this way? Can you find
some examples like document or other projects use this way? Not asking for how
it works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
About Redhat we may need further discussion, it's need a full discussion and
comparison or we can solve one problem today, but next day, another problem may
occur.And can you also put your user's ldif?
Besides, I know you use getAdditionalRoles() to solve this problem, for sure,
but what I say is that should we use this method like this way? Can you find
some examples like document or other projects use this way? Not asking for how
it works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:49 AM:
Hi [~xingpeng1]
About Redhat we may need further discussion, it's need a full discussion and
comparison or we can solve one problem today, but next day, another problem may
occur.And can you also put your user's ldif?
Besides, I know you use getAdditionalRoles() to solve this problem, for sure,
but what I say is that should we use this method like this way? Can you find
some examples like document or other projects use this way? Not asking for how
it works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
About Redhat we may need further discussion, can you also put your user's ldif?
Besides, I know you use getAdditionalRoles to solve this problem, for sure, but
what I say is that should we use this method like this way? Can you find some
examples like document or other projects use this way? Not asking for how it
works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:44 AM:
Hi [~xingpeng1]
About Redhat we may need further discussion, can you also put your user's ldif?
Besides, I know you use getAdditionalRoles to solve this problem, for sure, but
what I say is that should we use this method like this way? Can you find some
examples like document or other projects use this way? Not asking for how it
works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use getAdditionalRoles to solve this problem, for sure, but
what I say is that should we use this method like this way? Can you find some
examples like document or other projects use this way? Not asking for how it
works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:42 AM:
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use getAdditionalRoles to solve this problem, for sure, but
what I say is that should we use this method like this way? Can you find some
examples like document or other projects use this way? Not asking for how it
works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use getAdditionalRoles to solve this problem, for sure, but
what I say is that should we use this method like this way? Can you find some
examples like document or other projects use this way? not asking for how it
works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:41 AM:
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use getAdditionalRoles to solve this problem, for sure, but
what I say is that should we use this method like this way? Can you find some
examples like document or other projects use this way? not asking for how it
works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use getAdditionalRoles to solve this problem, for sure, but
what I say is that should we use this method like this way? Can you find some
examples like document or other projects use this way, not asking for how it
works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:40 AM:
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use getAdditionalRoles to solve this problem, for sure, but
what I say is that should we use this method like this way? Can you find some
examples like document or other projects use this way, not asking for how it
works. We all understand how it works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use getAdditionalRoles to solve this problem, for sure, but
what I say is that should we use this method like this way? Can you find some
examples like document or other projects use this way, not asking for how it
works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:39 AM:
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use getAdditionalRoles to solve this problem, for sure, but
what I say is that should we use this method like this way? Can you find some
examples like document or other projects use this way, not asking for how it
works.
{code:java}
The signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use xxx to solve this problem, but what I say is that
should we use this method like this way? Can you find some examples like
document or other project use this way.
{code:java}
the signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:37 AM:
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use xxx to solve this problem, but what I say is that
should we use this method like this way? Can you find some examples like
document or other project use this way.
{code:java}
the signature of getAdditionalRoles() seems not the way you use.
Because the Redhat linux can not support the case insensitive ldap username,
that is to say 'getGroupMembershipRoles(userDn, username)' will return empty
Set, so I analyze the spring source code, after
'getGroupMembershipRoles(userDn, username)', there will call
'getAdditionalRoles(user, username)' to get the roles again, then I can get the
real username from the DirContextOperations object.
{code}
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use xxx to solve this problem, but what I say is that
should we use this method like this way? Can you find some examples like
document or other project use this way.
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:36 AM:
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Besides, I know you use xxx to solve this problem, but what I say is that
should we use this method like this way? Can you find some examples like
document or other project use this way.
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:32 AM:
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
Looking forward your opinion.
was (Author: aron.tao):
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734
]
jiatao.tao commented on KYLIN-3197:
---
Hi [~xingpeng1]
We will consider about Redhat, can you also put your user's ldif?
Also, I think it may be a requirements or issue that need discussion, but not
directly get "cn" from DirContextOperations.
{code:java}
the username passed in is not real one, but the 'WKH', so I find a way to fetch
the real one from DirContextOperations object by 'username =
user.getStringAttribute("cn");'
{code}
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: Future
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png,
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png,
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png,
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png,
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Resolved] (KYLIN-2986) Segments overlap issue may happen when concurrent merge or build
[ https://issues.apache.org/jira/browse/KYLIN-2986?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhong Yanghong resolved KYLIN-2986. --- Resolution: Duplicate > Segments overlap issue may happen when concurrent merge or build > > > Key: KYLIN-2986 > URL: https://issues.apache.org/jira/browse/KYLIN-2986 > Project: Kylin > Issue Type: Bug >Reporter: Zhong Yanghong >Assignee: Zhong Yanghong >Priority: Trivial > Labels: scope > Attachments: APACHE-KYLIN-2986.patch, screenshot-1.png > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-2986) Segments overlap issue may happen when concurrent merge or build
[
https://issues.apache.org/jira/browse/KYLIN-2986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361691#comment-16361691
]
Zhong Yanghong commented on KYLIN-2986:
---
Hi [~liyang.g...@gmail.com] & [~yimingliu], after checking the patch from
[KYLIN-3085], I found {{AutoReadWriteLock}} is introduced for {{CubeManager}}
to update cube instance data and the bugs of the copy-on-write design are
almost fixed. I agree not to merge this patch and this JIRA can be closed.
Will add one more unit test later.
> Segments overlap issue may happen when concurrent merge or build
>
>
> Key: KYLIN-2986
> URL: https://issues.apache.org/jira/browse/KYLIN-2986
> Project: Kylin
> Issue Type: Bug
>Reporter: Zhong Yanghong
>Assignee: Zhong Yanghong
>Priority: Trivial
> Labels: scope
> Attachments: APACHE-KYLIN-2986.patch, screenshot-1.png
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Closed] (KYLIN-3022) Add clone() for ISegment, which is needed when updating cube segment
[ https://issues.apache.org/jira/browse/KYLIN-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhong Yanghong closed KYLIN-3022. - > Add clone() for ISegment, which is needed when updating cube segment > > > Key: KYLIN-3022 > URL: https://issues.apache.org/jira/browse/KYLIN-3022 > Project: Kylin > Issue Type: Improvement >Reporter: Zhong Yanghong >Assignee: Zhong Yanghong >Priority: Major > Attachments: APACHE-KYLIN-3022.patch > > > We should not update the memory state until the storage state is updated. > Otherwise when it fails to update the storage state, inconsistency issue will > occur. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (KYLIN-3022) Add clone() for ISegment, which is needed when updating cube segment
[ https://issues.apache.org/jira/browse/KYLIN-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhong Yanghong resolved KYLIN-3022. --- Resolution: Duplicate > Add clone() for ISegment, which is needed when updating cube segment > > > Key: KYLIN-3022 > URL: https://issues.apache.org/jira/browse/KYLIN-3022 > Project: Kylin > Issue Type: Improvement >Reporter: Zhong Yanghong >Assignee: Zhong Yanghong >Priority: Major > Attachments: APACHE-KYLIN-3022.patch > > > We should not update the memory state until the storage state is updated. > Otherwise when it fails to update the storage state, inconsistency issue will > occur. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3022) Add clone() for ISegment, which is needed when updating cube segment
[ https://issues.apache.org/jira/browse/KYLIN-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361682#comment-16361682 ] Zhong Yanghong commented on KYLIN-3022: --- Agree that the clone level on cube instance rather than segment. Will not merge this patch. > Add clone() for ISegment, which is needed when updating cube segment > > > Key: KYLIN-3022 > URL: https://issues.apache.org/jira/browse/KYLIN-3022 > Project: Kylin > Issue Type: Improvement >Reporter: Zhong Yanghong >Assignee: Zhong Yanghong >Priority: Major > Attachments: APACHE-KYLIN-3022.patch > > > We should not update the memory state until the storage state is updated. > Otherwise when it fails to update the storage state, inconsistency issue will > occur. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (KYLIN-3253) Enabling DEBUG in kylin-server-log4j.properties results in NPE in Calcite layer during query execution
Vsevolod Ostapenko created KYLIN-3253:
-
Summary: Enabling DEBUG in kylin-server-log4j.properties results
in NPE in Calcite layer during query execution
Key: KYLIN-3253
URL: https://issues.apache.org/jira/browse/KYLIN-3253
Project: Kylin
Issue Type: Bug
Components: Query Engine
Affects Versions: v2.2.0
Environment: HDP 2.5.6, Kylin 2.2
Reporter: Vsevolod Ostapenko
If log4j root logger is set to DEBUG level in the kylin-server-log4j.properties
attempt to run a query after that results in a failure with an NPE being
triggered in the calcite layer (see stack trace below).
The issue was fixed in Calcite 1.14 as
https://issues.apache.org/jira/browse/CALCITE-1859
It's a one line change to
core/src/main/java/org/apache/calcite/plan/volcano/VolcanoPlanner.java
Since Kylin is packaging it's own fork of Calcite from
[http://repository.kyligence.io|http://repository.kyligence.io/], the fix need
to be ported to 1.13.0-kylin-r-SPANSHOT.jar by someone who has access to
this forked repo.
{quote} at
org.apache.calcite.avatica.Helper.createException(Helper.java:56)
at
org.apache.calcite.avatica.Helper.createException(Helper.java:41)
at
org.apache.calcite.avatica.AvaticaStatement.executeInternal(AvaticaStatement.java:156)
at
org.apache.calcite.avatica.AvaticaStatement.executeQuery(AvaticaStatement.java:218)
at
org.apache.kylin.rest.service.QueryService.execute(QueryService.java:834)
at
org.apache.kylin.rest.service.QueryService.queryWithSqlMassage(QueryService.java:561)
at
org.apache.kylin.rest.service.QueryService.query(QueryService.java:181)
at
org.apache.kylin.rest.service.QueryService.doQueryWithCache(QueryService.java:415)
at
org.apache.kylin.rest.controller.QueryController.query(QueryController.java:78)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
at
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
at
org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16360564#comment-16360564
]
Peng Xing commented on KYLIN-3197:
--
Hi [~Aron.tao], so I think the root cause is that the ldap search function does
not support for the case-insensitive conditions, as follows.
{code:java}
[root@zdh129 ~]# ldapsearch -x -b 'ou=Group,ou=defaultCluster,dc=zdh,dc=com'
'(memberUid=wkh)'
# extended LDIF
#
# LDAPv3
# base
[jira] [Commented] (KYLIN-3224) data can't show when use kylin pushdown model
[ https://issues.apache.org/jira/browse/KYLIN-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16360485#comment-16360485 ] peng.jianhua commented on KYLIN-3224: - provide a front-end modification way. > data can't show when use kylin pushdown model > -- > > Key: KYLIN-3224 > URL: https://issues.apache.org/jira/browse/KYLIN-3224 > Project: Kylin > Issue Type: Bug > Components: Query Engine, Web >Affects Versions: v2.2.0, v2.3.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Major > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3224-correction-in-front-end.patch, > 0001-KYLIN-3224.patch, 01.PNG, 02.PNG, 03.PNG, 04.PNG, KYLIN-3224.patch, > KYLIN-3224.png > > > select * from kylin_sales > use pushdown model,and the result shows like 01.png -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3224) data can't show when use kylin pushdown model
[ https://issues.apache.org/jira/browse/KYLIN-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated KYLIN-3224: Attachment: 0001-KYLIN-3224-correction-in-front-end.patch > data can't show when use kylin pushdown model > -- > > Key: KYLIN-3224 > URL: https://issues.apache.org/jira/browse/KYLIN-3224 > Project: Kylin > Issue Type: Bug > Components: Query Engine, Web >Affects Versions: v2.2.0, v2.3.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Major > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3224-correction-in-front-end.patch, > 0001-KYLIN-3224.patch, 01.PNG, 02.PNG, 03.PNG, 04.PNG, KYLIN-3224.patch, > KYLIN-3224.png > > > select * from kylin_sales > use pushdown model,and the result shows like 01.png -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3252) 当hbase使用的文件系统和MapReduce不一样时,使用清理存储工具时,无法清理hbase所在文件系统的数据文件
[ https://issues.apache.org/jira/browse/KYLIN-3252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] RenZhiMin updated KYLIN-3252: - Fix Version/s: v2.3.0 > 当hbase使用的文件系统和MapReduce不一样时,使用清理存储工具时,无法清理hbase所在文件系统的数据文件 > -- > > Key: KYLIN-3252 > URL: https://issues.apache.org/jira/browse/KYLIN-3252 > Project: Kylin > Issue Type: Bug > Components: Tools, Build and Test >Affects Versions: v2.0.0 >Reporter: RenZhiMin >Priority: Minor > Labels: patch > Fix For: v2.3.0 > > > 大家好,我使用的kylin版本是2.0,Hbase和MapReduce使用的文件系统不是同一个集群,当使用kylin清理存储工具时无法清理Hbase所在的文件系统上的数据 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (KYLIN-3252) 当hbase使用的文件系统和MapReduce不一样时,使用清理存储工具时,无法清理hbase所在文件系统的数据文件
[ https://issues.apache.org/jira/browse/KYLIN-3252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] RenZhiMin resolved KYLIN-3252. -- Resolution: Duplicate > 当hbase使用的文件系统和MapReduce不一样时,使用清理存储工具时,无法清理hbase所在文件系统的数据文件 > -- > > Key: KYLIN-3252 > URL: https://issues.apache.org/jira/browse/KYLIN-3252 > Project: Kylin > Issue Type: Bug > Components: Tools, Build and Test >Affects Versions: v2.0.0 >Reporter: RenZhiMin >Priority: Minor > Labels: patch > > 大家好,我使用的kylin版本是2.0,Hbase和MapReduce使用的文件系统不是同一个集群,当使用kylin清理存储工具时无法清理Hbase所在的文件系统上的数据 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
