kylin-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wu XIANG <w.xia...@gmail.com>
Subject Re: Kylin LDAP encryption
Date Wed, 03 Feb 2016 14:01:20 GMT
thanks jian,

  I managed to integrate LDAP by invoke "PasswordPlaceholderConfigurer#
encrypt" to encrypt my passwords. I'm not sure if it's the correct way.

  If encryption is needed, is it possible to expose "
PasswordPlaceholderConfigurer#encrypt" as a CLI tool or just make "
PasswordPlaceholderConfigurer#key" configurable ?

thanks
wu


On Wed, Feb 3, 2016 at 8:38 PM, Jian Zhong <hellowode110@gmail.com> wrote:

> Will update to doc,thank you
>
>
> On Wednesday, February 3, 2016, Jian Zhong <hellowode110@gmail.com> wrote:
>
>> Yes, encrypted is required.
>>
>>
>>
>> On Wednesday, February 3, 2016, Wu XIANG <w.xiang7@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>>    I'm configuring LDAP integration for Kylin. However, I got the
>>> following error when I start Kylin server:
>>>
>>> *"Invalid bean definition with name 'ldapSource' defined in class path
>>> resource [kylinSecurity.xml]: Input length must be multiple of 16 when
>>> decrypting with padded cipher"*
>>>
>>>    After a little bit of digging, I found this was due to "
>>> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords in
>>> kylin.properties file. Does this mean passwords like "ldap.password" in
>>> kylin.properties should be encrypted ? If so, I hope it's documented in
>>> tutorial.
>>>
>>>   // PasswordPlaceholderConfigurer.java:Line71
>>>
>>> protected String resolvePlaceholder(String placeholder, Properties
>>> props) {
>>>
>>>   if (placeholder.toLowerCase().contains("password")) {
>>>
>>>       return decrypt(props.getProperty(placeholder));
>>>
>>>   } else {
>>>
>>>       return props.getProperty(placeholder);
>>>
>>>   }
>>>
>>> }
>>>
>>>
>>> p.s.
>>>
>>> Kylin Branch: v1.2-release
>>>
>>>
>>> thanks
>>> *wu*
>>>
>>


-- 

*wu*

Mime
View raw message