[jira] [Commented] (KYLIN-2819) Add "kylin.env.zookeeper-base-path" for zk path
[ https://issues.apache.org/jira/browse/KYLIN-2819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361864#comment-16361864 ] ASF GitHub Bot commented on KYLIN-2819: --- yiming187 closed pull request #64: JIRA_ID:KYLIN-2819 URL: https://github.com/apache/kylin/pull/64 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java b/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java index 0e990df52f..0a62f3d31f 100644 --- a/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java +++ b/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java @@ -226,6 +226,10 @@ public String getHdfsWorkingDirectory() { return cachedHdfsWorkingDirectory; } +public String getZkBasePath() { +return getOptional("kylin.zk.base.path", "/kylin"); +} + /** * A comma separated list of host:port pairs, each corresponding to a ZooKeeper server */ diff --git a/core-common/src/main/resources/kylin-defaults.properties b/core-common/src/main/resources/kylin-defaults.properties index 7c421f9fa0..0cd9b9c248 100644 --- a/core-common/src/main/resources/kylin-defaults.properties +++ b/core-common/src/main/resources/kylin-defaults.properties @@ -26,6 +26,8 @@ kylin.env.hdfs-working-dir=/kylin # DEV|QA|PROD. DEV will turn on some dev features, QA and PROD has no difference in terms of functions. kylin.env=QA +# kylin zk base path +kylin.zk.base.path=/kylin ### SERVER | WEB ### diff --git a/core-job/src/main/java/org/apache/kylin/job/impl/threadpool/DistributedScheduler.java b/core-job/src/main/java/org/apache/kylin/job/impl/threadpool/DistributedScheduler.java index e3a5836b97..9902618143 100644 --- a/core-job/src/main/java/org/apache/kylin/job/impl/threadpool/DistributedScheduler.java +++ b/core-job/src/main/java/org/apache/kylin/job/impl/threadpool/DistributedScheduler.java @@ -82,7 +82,7 @@ private String serverName; private final static String SEGMENT_ID = "segmentId"; -public static final String ZOOKEEPER_LOCK_PATH = "/job_engine/lock"; // note ZookeeperDistributedLock will ensure zk path prefix: /kylin/metadata +public static final String ZOOKEEPER_LOCK_PATH = "/job_engine/lock"; // note ZookeeperDistributedLock will ensure zk path prefix: /${kylin.zk.base.path}/metadata //only for it test public static DistributedScheduler getInstance(KylinConfig config) { diff --git a/storage-hbase/src/main/java/org/apache/kylin/storage/hbase/util/ZookeeperDistributedLock.java b/storage-hbase/src/main/java/org/apache/kylin/storage/hbase/util/ZookeeperDistributedLock.java index 63ffda0a25..27278ffdee 100644 --- a/storage-hbase/src/main/java/org/apache/kylin/storage/hbase/util/ZookeeperDistributedLock.java +++ b/storage-hbase/src/main/java/org/apache/kylin/storage/hbase/util/ZookeeperDistributedLock.java @@ -102,7 +102,7 @@ public Factory() { public Factory(KylinConfig config) { this.curator = getZKClient(config); -this.zkPathBase = fixSlash("/kylin/" + KylinConfig.getInstanceFromEnv().getMetadataUrlPrefix()); +this.zkPathBase = fixSlash(config.getZkBasePath() + KylinConfig.getInstanceFromEnv().getMetadataUrlPrefix()); } @Override This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Add "kylin.env.zookeeper-base-path" for zk path > --- > > Key: KYLIN-2819 > URL: https://issues.apache.org/jira/browse/KYLIN-2819 > Project: Kylin > Issue Type: Improvement >Affects Versions: v1.5.3 >Reporter: Shen Yinjie >Assignee: Shen Yinjie >Priority: Major > Fix For: v2.2.0 > > Attachments: KYLIN-2819_2.patch, kylin-2819_1.patch > > > currently kylin zkbasepath is hard-coded as "/kylin",we met a scenario to > launch more kylin services on YARN, and should make their zkbasepaths > flexible and separable . > Add an attribute "kylin.zk.base.path" in kylin.properties and default value > is "/kylin". -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-2960) Support user/group and role authentication for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361832#comment-16361832 ] ASF GitHub Bot commented on KYLIN-2960: --- yiming187 closed pull request #102: KYLIN-2960, modify the default LDAP admin group config. URL: https://github.com/apache/kylin/pull/102 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/core-common/src/main/resources/kylin-defaults.properties b/core-common/src/main/resources/kylin-defaults.properties index a79728a78f..37520ef899 100644 --- a/core-common/src/main/resources/kylin-defaults.properties +++ b/core-common/src/main/resources/kylin-defaults.properties @@ -243,7 +243,7 @@ kylin.query.transformers=org.apache.kylin.query.util.DefaultQueryTransformer,org kylin.security.profile=testing # Admin roles in LDAP, for ldap and saml -kylin.security.acl.admin-role=ROLE_ADMIN +kylin.security.acl.admin-role=admin # LDAP authentication configuration kylin.security.ldap.connection-server=ldap://ldap_server:389 diff --git a/examples/test_case_data/localmeta/kylin.properties b/examples/test_case_data/localmeta/kylin.properties index 1e3f2ff72c..b9dfc387fa 100644 --- a/examples/test_case_data/localmeta/kylin.properties +++ b/examples/test_case_data/localmeta/kylin.properties @@ -93,7 +93,7 @@ kylin.query.transformers=org.apache.kylin.query.util.DefaultQueryTransformer,org kylin.security.profile=testing # Admin roles in LDAP, for ldap and saml -kylin.security.acl.admin-role=ROLE_ADMIN +kylin.security.acl.admin-role=admin # LDAP authentication configuration kylin.security.ldap.connection-server=ldap://ldap_server:389 diff --git a/examples/test_case_data/sandbox/kylin.properties b/examples/test_case_data/sandbox/kylin.properties index b5f8657cce..ae9dad24b3 100644 --- a/examples/test_case_data/sandbox/kylin.properties +++ b/examples/test_case_data/sandbox/kylin.properties @@ -141,7 +141,7 @@ kylin.query.security-enabled=true kylin.security.profile=testing # Admin roles in LDAP, for ldap and saml -kylin.security.acl.admin-role=ROLE_ADMIN +kylin.security.acl.admin-role=admin ### MAIL ### This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Support user/group and role authentication for LDAP > --- > > Key: KYLIN-2960 > URL: https://issues.apache.org/jira/browse/KYLIN-2960 > Project: Kylin > Issue Type: New Feature > Components: Security >Reporter: peng.jianhua >Assignee: jiatao.tao >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-2960-Submit-a-new-feature-that-it-supports-the.patch > > > Currently, the user authentication interface that was provided by kylin to > the third party only supports user and role authentication. However only user > and group have authentication function when we use the LDAP authentication. > In fact the authentication for user and role and the authentication for user > and group have the same functional characteristics between different > appplication system. So we should submit a new feature that it support the > authentication for user and role and the authentication for user and group > when the LDAP authentication was enabled. > We supplied the checkPermission interface to implement the new feature. In > the interface we set user groups information to the userRoles parameter when > the LDAP was enabled, on the contrary we set user roles information to the > userRoles parameter. The interface is as following: > /** > * Checks if a user has permission on an entity. > * > * @param user > * @param userRoles > * @param entityType String constants defined in AclEntityType > * @param entityUuid > * @param permission > * > * @return true if has permission > */ > abstract public boolean checkPermission(String user, List userRoles, > // > String entityType, String entityUuid, Permission permission); -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-2960) Support user/group and role authentication for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361833#comment-16361833 ] ASF GitHub Bot commented on KYLIN-2960: --- yiming187 commented on issue #102: KYLIN-2960, modify the default LDAP admin group config. URL: https://github.com/apache/kylin/pull/102#issuecomment-365153978 merged This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Support user/group and role authentication for LDAP > --- > > Key: KYLIN-2960 > URL: https://issues.apache.org/jira/browse/KYLIN-2960 > Project: Kylin > Issue Type: New Feature > Components: Security >Reporter: peng.jianhua >Assignee: jiatao.tao >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-2960-Submit-a-new-feature-that-it-supports-the.patch > > > Currently, the user authentication interface that was provided by kylin to > the third party only supports user and role authentication. However only user > and group have authentication function when we use the LDAP authentication. > In fact the authentication for user and role and the authentication for user > and group have the same functional characteristics between different > appplication system. So we should submit a new feature that it support the > authentication for user and role and the authentication for user and group > when the LDAP authentication was enabled. > We supplied the checkPermission interface to implement the new feature. In > the interface we set user groups information to the userRoles parameter when > the LDAP was enabled, on the contrary we set user roles information to the > userRoles parameter. The interface is as following: > /** > * Checks if a user has permission on an entity. > * > * @param user > * @param userRoles > * @param entityType String constants defined in AclEntityType > * @param entityUuid > * @param permission > * > * @return true if has permission > */ > abstract public boolean checkPermission(String user, List userRoles, > // > String entityType, String entityUuid, Permission permission); -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361748#comment-16361748 ] Peng Xing commented on KYLIN-3197: -- Hi [~Aron.tao], thanks for you reply, and I understand your suggestion, so we should find a better method to resolve this issue, I will continue to analyze. Besides, my user LDIF is as follows. {code:java} dn: dc=zdh,dc=com objectClass: top objectClass: dcObject objectClass: organization o: zdh.com dc: zdh structuralObjectClass: organization entryUUID: b5eecc56-9462-1037-880c-e1d7152e775c creatorsName: cn=LdapAdmin,dc=zdh,dc=com createTimestamp: 20180123082527Z entryCSN: 20180123082527.411783Z#00#001#00 modifiersName: cn=LdapAdmin,dc=zdh,dc=com modifyTimestamp: 20180123082527Z contextCSN: 20180126061232.673080Z#00#001#00 dn: ou=defaultCluster,dc=zdh,dc=com ou: defaultCluster objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f999602a-9466-1037-880d-e1d7152e775c creatorsName: cn=LdapAdmin,dc=zdh,dc=com createTimestamp: 20180123085558Z entryCSN: 20180123085558.923946Z#00#001#00 modifiersName: cn=LdapAdmin,dc=zdh,dc=com modifyTimestamp: 20180123085558Z dn: ou=People,ou=defaultCluster,dc=zdh,dc=com ou: People objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f99a38b0-9466-1037-880e-e1d7152e775c creatorsName: cn=LdapAdmin,dc=zdh,dc=com createTimestamp: 20180123085558Z entryCSN: 20180123085558.929482Z#00#001#00 modifiersName: cn=LdapAdmin,dc=zdh,dc=com modifyTimestamp: 20180123085558Z dn: ou=Group,ou=defaultCluster,dc=zdh,dc=com ou: Group objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f99ad0ae-9466-1037-880f-e1d7152e775c creatorsName: cn=LdapAdmin,dc=zdh,dc=com createTimestamp: 20180123085558Z entryCSN: 20180123085558.933381Z#00#001#00 modifiersName: cn=LdapAdmin,dc=zdh,dc=com modifyTimestamp: 20180123085558Z dn: cn=wkhGroup,ou=Group,ou=defaultCluster,dc=zdh,dc=com objectClass: posixGroup objectClass: top cn: wkhGroup gidNumber: 1 structuralObjectClass: posixGroup entryUUID: f99c7e72-9466-1037-8810-e1d7152e775c creatorsName: cn=LdapAdmin,dc=zdh,dc=com createTimestamp: 20180123085558Z memberUid: wkh memberUid: wkh1 memberUid: wkh2 memberUid: Wkh5 entryCSN: 20180124082044.774518Z#00#001#00 modifiersName: cn=LdapAdmin,dc=zdh,dc=com modifyTimestamp: 20180124082044Z dn: uid=wkh,ou=People,ou=defaultCluster,dc=zdh,dc=com uid: wkh cn: wkh objectClass: top objectClass: posixAccount objectClass: inetOrgPerson sn: wkh userPassword:: d2toMTExMTEx uidNumber: 10001 gidNumber: 1 loginShell: /bin/bash homeDirectory: /home/wkh structuralObjectClass: inetOrgPerson entryUUID: 12430982-9467-1037-8812-e1d7152e775c creatorsName: cn=LdapAdmin,dc=zdh,dc=com createTimestamp: 20180123085640Z entryCSN: 20180123085640.301158Z#00#001#00 modifiersName: cn=LdapAdmin,dc=zdh,dc=com modifyTimestamp: 20180123085640Z {code} > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, >
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:54 AM: Hi [~xingpeng1] About Redhat we may need further discussion, it's need a full discussion and comparison or we can solve one problem today, but next day, another problem may occur. And can you also put your user's ldif? Besides, I know you use getAdditionalRoles() to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} I believe we are not the only one met this problem, we should go and find out how other people solve this. Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] About Redhat we may need further discussion, it's need a full discussion and comparison or we can solve one problem today, but next day, another problem may occur. And can you also put your user's ldif? Besides, I know you use getAdditionalRoles() to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} I believe we are not the only one met the problem, we should go and find out how other people solve this. Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:53 AM: Hi [~xingpeng1] About Redhat we may need further discussion, it's need a full discussion and comparison or we can solve one problem today, but next day, another problem may occur. And can you also put your user's ldif? Besides, I know you use getAdditionalRoles() to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} I believe we are not the only one met the problem, we should go and find out how other people solve this. Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] About Redhat we may need further discussion, it's need a full discussion and comparison or we can solve one problem today, but next day, another problem may occur. And can you also put your user's ldif? Besides, I know you use getAdditionalRoles() to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, >
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:49 AM: Hi [~xingpeng1] About Redhat we may need further discussion, it's need a full discussion and comparison or we can solve one problem today, but next day, another problem may occur. And can you also put your user's ldif? Besides, I know you use getAdditionalRoles() to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] About Redhat we may need further discussion, it's need a full discussion and comparison or we can solve one problem today, but next day, another problem may occur.And can you also put your user's ldif? Besides, I know you use getAdditionalRoles() to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:49 AM: Hi [~xingpeng1] About Redhat we may need further discussion, it's need a full discussion and comparison or we can solve one problem today, but next day, another problem may occur.And can you also put your user's ldif? Besides, I know you use getAdditionalRoles() to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] About Redhat we may need further discussion, can you also put your user's ldif? Besides, I know you use getAdditionalRoles to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:44 AM: Hi [~xingpeng1] About Redhat we may need further discussion, can you also put your user's ldif? Besides, I know you use getAdditionalRoles to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use getAdditionalRoles to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:42 AM: Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use getAdditionalRoles to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? Not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use getAdditionalRoles to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:41 AM: Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use getAdditionalRoles to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way? not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use getAdditionalRoles to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way, not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:40 AM: Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use getAdditionalRoles to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way, not asking for how it works. We all understand how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use getAdditionalRoles to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way, not asking for how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:39 AM: Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use getAdditionalRoles to solve this problem, for sure, but what I say is that should we use this method like this way? Can you find some examples like document or other projects use this way, not asking for how it works. {code:java} The signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use xxx to solve this problem, but what I say is that should we use this method like this way? Can you find some examples like document or other project use this way. {code:java} the signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:37 AM: Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use xxx to solve this problem, but what I say is that should we use this method like this way? Can you find some examples like document or other project use this way. {code:java} the signature of getAdditionalRoles() seems not the way you use. Because the Redhat linux can not support the case insensitive ldap username, that is to say 'getGroupMembershipRoles(userDn, username)' will return empty Set, so I analyze the spring source code, after 'getGroupMembershipRoles(userDn, username)', there will call 'getAdditionalRoles(user, username)' to get the roles again, then I can get the real username from the DirContextOperations object. {code} Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use xxx to solve this problem, but what I say is that should we use this method like this way? Can you find some examples like document or other project use this way. Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:36 AM: Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Besides, I know you use xxx to solve this problem, but what I say is that should we use this method like this way? Can you find some examples like document or other project use this way. Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao edited comment on KYLIN-3197 at 2/13/18 2:32 AM: Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} Looking forward your opinion. was (Author: aron.tao): Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361734#comment-16361734 ] jiatao.tao commented on KYLIN-3197: --- Hi [~xingpeng1] We will consider about Redhat, can you also put your user's ldif? Also, I think it may be a requirements or issue that need discussion, but not directly get "cn" from DirContextOperations. {code:java} the username passed in is not real one, but the 'WKH', so I find a way to fetch the real one from DirContextOperations object by 'username = user.getStringAttribute("cn");' {code} > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: Future > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, > image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, > image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, > image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, > image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (KYLIN-2986) Segments overlap issue may happen when concurrent merge or build
[ https://issues.apache.org/jira/browse/KYLIN-2986?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhong Yanghong resolved KYLIN-2986. --- Resolution: Duplicate > Segments overlap issue may happen when concurrent merge or build > > > Key: KYLIN-2986 > URL: https://issues.apache.org/jira/browse/KYLIN-2986 > Project: Kylin > Issue Type: Bug >Reporter: Zhong Yanghong >Assignee: Zhong Yanghong >Priority: Trivial > Labels: scope > Attachments: APACHE-KYLIN-2986.patch, screenshot-1.png > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-2986) Segments overlap issue may happen when concurrent merge or build
[ https://issues.apache.org/jira/browse/KYLIN-2986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361691#comment-16361691 ] Zhong Yanghong commented on KYLIN-2986: --- Hi [~liyang.g...@gmail.com] & [~yimingliu], after checking the patch from [KYLIN-3085], I found {{AutoReadWriteLock}} is introduced for {{CubeManager}} to update cube instance data and the bugs of the copy-on-write design are almost fixed. I agree not to merge this patch and this JIRA can be closed. Will add one more unit test later. > Segments overlap issue may happen when concurrent merge or build > > > Key: KYLIN-2986 > URL: https://issues.apache.org/jira/browse/KYLIN-2986 > Project: Kylin > Issue Type: Bug >Reporter: Zhong Yanghong >Assignee: Zhong Yanghong >Priority: Trivial > Labels: scope > Attachments: APACHE-KYLIN-2986.patch, screenshot-1.png > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (KYLIN-3022) Add clone() for ISegment, which is needed when updating cube segment
[ https://issues.apache.org/jira/browse/KYLIN-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhong Yanghong closed KYLIN-3022. - > Add clone() for ISegment, which is needed when updating cube segment > > > Key: KYLIN-3022 > URL: https://issues.apache.org/jira/browse/KYLIN-3022 > Project: Kylin > Issue Type: Improvement >Reporter: Zhong Yanghong >Assignee: Zhong Yanghong >Priority: Major > Attachments: APACHE-KYLIN-3022.patch > > > We should not update the memory state until the storage state is updated. > Otherwise when it fails to update the storage state, inconsistency issue will > occur. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (KYLIN-3022) Add clone() for ISegment, which is needed when updating cube segment
[ https://issues.apache.org/jira/browse/KYLIN-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhong Yanghong resolved KYLIN-3022. --- Resolution: Duplicate > Add clone() for ISegment, which is needed when updating cube segment > > > Key: KYLIN-3022 > URL: https://issues.apache.org/jira/browse/KYLIN-3022 > Project: Kylin > Issue Type: Improvement >Reporter: Zhong Yanghong >Assignee: Zhong Yanghong >Priority: Major > Attachments: APACHE-KYLIN-3022.patch > > > We should not update the memory state until the storage state is updated. > Otherwise when it fails to update the storage state, inconsistency issue will > occur. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3022) Add clone() for ISegment, which is needed when updating cube segment
[ https://issues.apache.org/jira/browse/KYLIN-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361682#comment-16361682 ] Zhong Yanghong commented on KYLIN-3022: --- Agree that the clone level on cube instance rather than segment. Will not merge this patch. > Add clone() for ISegment, which is needed when updating cube segment > > > Key: KYLIN-3022 > URL: https://issues.apache.org/jira/browse/KYLIN-3022 > Project: Kylin > Issue Type: Improvement >Reporter: Zhong Yanghong >Assignee: Zhong Yanghong >Priority: Major > Attachments: APACHE-KYLIN-3022.patch > > > We should not update the memory state until the storage state is updated. > Otherwise when it fails to update the storage state, inconsistency issue will > occur. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (KYLIN-3253) Enabling DEBUG in kylin-server-log4j.properties results in NPE in Calcite layer during query execution
Vsevolod Ostapenko created KYLIN-3253: - Summary: Enabling DEBUG in kylin-server-log4j.properties results in NPE in Calcite layer during query execution Key: KYLIN-3253 URL: https://issues.apache.org/jira/browse/KYLIN-3253 Project: Kylin Issue Type: Bug Components: Query Engine Affects Versions: v2.2.0 Environment: HDP 2.5.6, Kylin 2.2 Reporter: Vsevolod Ostapenko If log4j root logger is set to DEBUG level in the kylin-server-log4j.properties attempt to run a query after that results in a failure with an NPE being triggered in the calcite layer (see stack trace below). The issue was fixed in Calcite 1.14 as https://issues.apache.org/jira/browse/CALCITE-1859 It's a one line change to core/src/main/java/org/apache/calcite/plan/volcano/VolcanoPlanner.java Since Kylin is packaging it's own fork of Calcite from [http://repository.kyligence.io|http://repository.kyligence.io/], the fix need to be ported to 1.13.0-kylin-r-SPANSHOT.jar by someone who has access to this forked repo. {quote} at org.apache.calcite.avatica.Helper.createException(Helper.java:56) at org.apache.calcite.avatica.Helper.createException(Helper.java:41) at org.apache.calcite.avatica.AvaticaStatement.executeInternal(AvaticaStatement.java:156) at org.apache.calcite.avatica.AvaticaStatement.executeQuery(AvaticaStatement.java:218) at org.apache.kylin.rest.service.QueryService.execute(QueryService.java:834) at org.apache.kylin.rest.service.QueryService.queryWithSqlMassage(QueryService.java:561) at org.apache.kylin.rest.service.QueryService.query(QueryService.java:181) at org.apache.kylin.rest.service.QueryService.doQueryWithCache(QueryService.java:415) at org.apache.kylin.rest.controller.QueryController.query(QueryController.java:78) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) at
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16360564#comment-16360564 ] Peng Xing commented on KYLIN-3197: -- Hi [~Aron.tao], so I think the root cause is that the ldap search function does not support for the case-insensitive conditions, as follows. {code:java} [root@zdh129 ~]# ldapsearch -x -b 'ou=Group,ou=defaultCluster,dc=zdh,dc=com' '(memberUid=wkh)' # extended LDIF # # LDAPv3 # base
[jira] [Commented] (KYLIN-3224) data can't show when use kylin pushdown model
[ https://issues.apache.org/jira/browse/KYLIN-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16360485#comment-16360485 ] peng.jianhua commented on KYLIN-3224: - provide a front-end modification way. > data can't show when use kylin pushdown model > -- > > Key: KYLIN-3224 > URL: https://issues.apache.org/jira/browse/KYLIN-3224 > Project: Kylin > Issue Type: Bug > Components: Query Engine, Web >Affects Versions: v2.2.0, v2.3.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Major > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3224-correction-in-front-end.patch, > 0001-KYLIN-3224.patch, 01.PNG, 02.PNG, 03.PNG, 04.PNG, KYLIN-3224.patch, > KYLIN-3224.png > > > select * from kylin_sales > use pushdown model,and the result shows like 01.png -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3224) data can't show when use kylin pushdown model
[ https://issues.apache.org/jira/browse/KYLIN-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated KYLIN-3224: Attachment: 0001-KYLIN-3224-correction-in-front-end.patch > data can't show when use kylin pushdown model > -- > > Key: KYLIN-3224 > URL: https://issues.apache.org/jira/browse/KYLIN-3224 > Project: Kylin > Issue Type: Bug > Components: Query Engine, Web >Affects Versions: v2.2.0, v2.3.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Major > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3224-correction-in-front-end.patch, > 0001-KYLIN-3224.patch, 01.PNG, 02.PNG, 03.PNG, 04.PNG, KYLIN-3224.patch, > KYLIN-3224.png > > > select * from kylin_sales > use pushdown model,and the result shows like 01.png -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3252) 当hbase使用的文件系统和MapReduce不一样时,使用清理存储工具时,无法清理hbase所在文件系统的数据文件
[ https://issues.apache.org/jira/browse/KYLIN-3252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] RenZhiMin updated KYLIN-3252: - Fix Version/s: v2.3.0 > 当hbase使用的文件系统和MapReduce不一样时,使用清理存储工具时,无法清理hbase所在文件系统的数据文件 > -- > > Key: KYLIN-3252 > URL: https://issues.apache.org/jira/browse/KYLIN-3252 > Project: Kylin > Issue Type: Bug > Components: Tools, Build and Test >Affects Versions: v2.0.0 >Reporter: RenZhiMin >Priority: Minor > Labels: patch > Fix For: v2.3.0 > > > 大家好,我使用的kylin版本是2.0,Hbase和MapReduce使用的文件系统不是同一个集群,当使用kylin清理存储工具时无法清理Hbase所在的文件系统上的数据 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (KYLIN-3252) 当hbase使用的文件系统和MapReduce不一样时,使用清理存储工具时,无法清理hbase所在文件系统的数据文件
[ https://issues.apache.org/jira/browse/KYLIN-3252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] RenZhiMin resolved KYLIN-3252. -- Resolution: Duplicate > 当hbase使用的文件系统和MapReduce不一样时,使用清理存储工具时,无法清理hbase所在文件系统的数据文件 > -- > > Key: KYLIN-3252 > URL: https://issues.apache.org/jira/browse/KYLIN-3252 > Project: Kylin > Issue Type: Bug > Components: Tools, Build and Test >Affects Versions: v2.0.0 >Reporter: RenZhiMin >Priority: Minor > Labels: patch > > 大家好,我使用的kylin版本是2.0,Hbase和MapReduce使用的文件系统不是同一个集群,当使用kylin清理存储工具时无法清理Hbase所在的文件系统上的数据 -- This message was sent by Atlassian JIRA (v7.6.3#76005)