Hi
I am trying to enable LDAP on Kylin 2.6.4 and am running into issues and would appreciate any help on how to solve this. My organization requires to use secure LDAP so I am using the url like this ldaps://<fully qualified domain name>:636. All machines connected to the corporate network have the necessary client certificates installed on it for ldaps. I get the error listed at the end of the email(I have obfuscated personal values) Do I need to do any set up for certificates on the Kylin machines? Also below are the fields that are available in the config which I have enabled. Am I missing anything? #### SECURITY ### # ## Spring security profile, options: testing, ldap, saml ## with "testing" profile, user can use pre-defined name/pwd like KYLIN/ADMIN to login kylin.security.profile=ldap # ## Admin roles in LDAP, for ldap and saml #kylin.security.acl.admin-role=admin # ## LDAP authentication configuration kylin.security.ldap.connection-server=ldaps://xx.yy.zz.com:636 [email protected] kylin.security.ldap.connection-password=bbb # ## LDAP user account directory; kylin.security.ldap.user-search-base=DC=xx,DC=yy,DC=zz,DC=com kylin.security.ldap.user-search-pattern=(&(cn={0})(memberOf=DC=xx,DC=yy,DC=zz,DC=com)) ERROR 2020-05-15 22:18:11,846 INFO [http-bio-7070-exec-4] common.KylinConfig:334 : Use KYLIN_HOME=/usr/bing-kylin/kylin 2020-05-15 22:18:25,732 ERROR [http-bio-7070-exec-4] security.KylinAuthenticationProvider:123 : Failed to auth user: xxxx org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed: xxx:636; nested exception is javax.naming.CommunicationException: simple bind failed: xxx:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilder Exception: unable to find valid certification path to requested target] at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85) at org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:94) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualF Thanks Preeti
