Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 026FE200C04 for ; Tue, 24 Jan 2017 14:44:28 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 00DEA160B3D; Tue, 24 Jan 2017 13:44:28 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 4A911160B31 for ; Tue, 24 Jan 2017 14:44:26 +0100 (CET) Received: (qmail 19764 invoked by uid 500); 24 Jan 2017 13:44:18 -0000 Mailing-List: contact user-help@kylin.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@kylin.apache.org Delivered-To: mailing list user@kylin.apache.org Received: (qmail 19755 invoked by uid 99); 24 Jan 2017 13:44:18 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jan 2017 13:44:18 +0000 Received: from mail-yw0-f173.google.com (mail-yw0-f173.google.com [209.85.161.173]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 3465C1A018B for ; Tue, 24 Jan 2017 13:44:18 +0000 (UTC) Received: by mail-yw0-f173.google.com with SMTP id l19so160486074ywc.2 for ; Tue, 24 Jan 2017 05:44:18 -0800 (PST) X-Gm-Message-State: AIkVDXLj1PbpFXh1kLVjB1CeNj/9t93z9LKWFvHHFHszj0DLCViHb/5feIDF8djDOUAw06sVGGGRhGGdtcIlhg== X-Received: by 10.13.211.196 with SMTP id v187mr15503672ywd.31.1485265457363; Tue, 24 Jan 2017 05:44:17 -0800 (PST) MIME-Version: 1.0 Received: by 10.13.199.1 with HTTP; Tue, 24 Jan 2017 05:43:37 -0800 (PST) In-Reply-To: <10cb8b8443244e2a818fe085fad1a848@SESOEX0013.global.scd.scania.com> References: <65272e16257340abae06aa409482c4dd@SESOEX0013.global.scd.scania.com> <6ebf625e2e684704aad72bc9d9cc2c3a@SESOEX0013.global.scd.scania.com> <10cb8b8443244e2a818fe085fad1a848@SESOEX0013.global.scd.scania.com> From: ShaoFeng Shi Date: Tue, 24 Jan 2017 21:43:37 +0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Password decrypting and LDAP To: user Content-Type: multipart/alternative; boundary=001a114c5b98fbcd900546d74f40 archived-at: Tue, 24 Jan 2017 13:44:28 -0000 --001a114c5b98fbcd900546d74f40 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable okay, so it means the max. length Kylin supports is 15, right? Berry, could you please report a JIRA to Kylin in https://issues.apache.org/jira/secure/Dashboard.jspa? We use JIRA to track the issues; Thank you! 2017-01-24 20:57 GMT+08:00 =C3=96sterlund Berry : > Got the result > > > > java org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES > 123456789012345 > > AES encrypted password is: > > pLKuoHlKbRg+55tny8n2YA=3D=3D > > If I put this string into ldap.password, Kylin starts up without errors (= I > can ofc not login, because the password is wrong.) > > > > java org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES > 1234567890123456 > > AES encrypted password is: > > RSvxLxIHAugtd/LBQFpGF+9fW0wb6YVnsEYgogo9w/w=3D > > If I put this string into ldap.password, Kylin failes to start with the > error I posted previously > > > > //Berry > > > > > > *From:* =C3=96sterlund Berry [mailto:berry.osterlund@scania.com] > *Sent:* den 24 januari 2017 13:42 > *To:* user@kylin.apache.org > *Subject:* RE: Password decrypting and LDAP > > > > Let me try different passwords, and different length and I=E2=80=99ll get= back > with the result. > > > > *From:* ShaoFeng Shi [mailto:shaofengshi@apache.org > ] > *Sent:* den 24 januari 2017 13:39 > *To:* user > *Subject:* Re: Password decrypting and LDAP > > > > In your password is there some non-ascii character? I'm wondering what ca= n > cause its encrypted values be different with others; This post ( > https://stackoverflow.com/questions/17234359/javax-crypto- > illegalblocksizeexception-input-length-must-be-multiple-of-16-whe) > mentioned: "you are only able to encrypt data in blocks of 128 bits or 16 > bytes. That's why you are getting that IllegalBlockSizeException > exception." > > > > Besides, there should be a way to bypass this in Kylin; If you still don'= t > have progress, we can try that. > > > > 2017-01-24 17:26 GMT+08:00 =C3=96sterlund Berry : > > Hi > > > > I also tried (sorry for not writing that) to run with a correct JAVA_HOME= , > but it still picks the 1.8 version from HBase. I=E2=80=99m sure that I ca= n force it > to use 1.7, but I found another interesting thing that I look into now. > > > > If I use my own account and password as the serviceaccount for Kylin (my > password is 9 chars long), I get passed that error. Now, I don=E2=80=99t = have the > correct permissions in the AD so I can=E2=80=99t use my account for that.= But it=E2=80=99s > interesting that it looks like it=E2=80=99s the password length that affe= cts this. > I have ordered a new account with a 15 char long password to test it out. > Once I get it, I=E2=80=99ll update with more information. > > > > Best Regards > > Berry > > > > *From:* ShaoFeng Shi [mailto:shaofengshi@apache.org] > *Sent:* den 24 januari 2017 09:47 > *To:* user > *Subject:* Re: Password decrypting and LDAP > > > > Hi Berry, > > > > Did you try to start Kylin with java 1.7? Yes by default Kylin uses the > HBase's java to startup; You can add "export JAVA_HOME=3D > /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.x86_64/" in > $KYLIN_HOME/bin/setenv.sh, and then HBase should use the specifiied java. > > > > We use SUN JDK in most environments, not get much feedback on OpenJDK 1.8= ; > For the ClassNotFound exception, do you have the detail stacktrace? > > > > 2017-01-24 14:38 GMT+08:00 =C3=96sterlund Berry : > > Hello > > > > I=E2=80=99m trying to connect out Kylin installation to an LDAP server, a= s we are > required to have that before we put any solution into production. But I= =E2=80=99m > facing a problem. When I start Kylin, this is what I get in the log. > > > > 2017-01-24 07:12:06,110 WARN [localhost-startStop-1] support.XmlWebAppli= cationContext:487 > : Exception encountered during context initialization - cancelling refres= h > attempt: org.springframework.beans.factory.BeanDefinitionStoreException: > Invalid bean definition with name 'ldapSource' defined in class path > resource [kylinSecurity.xml]: Input length must be multiple of 16 when > decrypting with padded cipher; nested exception is > java.lang.RuntimeException: Input length must be multiple of 16 when > decrypting with padded cipher > > 2017-01-24 07:12:06,111 ERROR [localhost-startStop-1] > context.ContextLoader:331 : Context initialization failed > > org.springframework.beans.factory.BeanDefinitionStoreException: Invalid > bean definition with name 'ldapSource' defined in class path resource > [kylinSecurity.xml]: Input length must be multiple of 16 when decrypting > with padded cipher; nested exception is java.lang.RuntimeException: Input > length must be multiple of 16 when decrypting with padded cipher > > at org.springframework.beans.factory.config. > PlaceholderConfigurerSupport.doProcessProperties( > PlaceholderConfigurerSupport.java:209) > > at org.springframework.beans.factory.config. > PropertyPlaceholderConfigurer.processProperties( > PropertyPlaceholderConfigurer.java:222) > > at org.springframework.beans.factory.config. > PropertyResourceConfigurer.postProcessBeanFactory( > PropertyResourceConfigurer.java:84) > > at org.springframework.context.support.AbstractApplicationContext= . > invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:699) > > at org.springframework.context.support.AbstractApplicationContext= . > invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:674) > > at org.springframework.context.support.AbstractApplicationContext= . > refresh(AbstractApplicationContext.java:461) > > at org.springframework.web.context.ContextLoader. > configureAndRefreshWebApplicationContext(ContextLoader.java:410) > > at org.springframework.web.context.ContextLoader. > initWebApplicationContext(ContextLoader.java:306) > > at org.springframework.web.context.ContextLoaderListener. > contextInitialized(ContextLoaderListener.java:112) > > at org.apache.catalina.core.StandardContext.listenerStart( > StandardContext.java:5068) > > at org.apache.catalina.core.StandardContext.startInternal( > StandardContext.java:5584) > > at org.apache.catalina.util.LifecycleBase.start( > LifecycleBase.java:147) > > at org.apache.catalina.core.ContainerBase.addChildInternal( > ContainerBase.java:899) > > at org.apache.catalina.core.ContainerBase.addChild( > ContainerBase.java:875) > > at org.apache.catalina.core.StandardHost.addChild( > StandardHost.java:652) > > at org.apache.catalina.startup.HostConfig.deployWAR( > HostConfig.java:1092) > > at org.apache.catalina.startup.HostConfig$DeployWar.run( > HostConfig.java:1984) > > at java.util.concurrent.Executors$RunnableAdapter. > call(Executors.java:511) > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > > at java.util.concurrent.ThreadPoolExecutor.runWorker( > ThreadPoolExecutor.java:1142) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run( > ThreadPoolExecutor.java:617) > > at java.lang.Thread.run(Thread.java:745) > > Caused by: java.lang.RuntimeException: Input length must be multiple of 1= 6 > when decrypting with padded cipher > > at org.apache.kylin.rest.security.PasswordPlaceholderConfigurer. > decrypt(PasswordPlaceholderConfigurer.java:84) > > at org.apache.kylin.rest.security.PasswordPlaceholderConfigurer. > resolvePlaceholder(PasswordPlaceholderConfigurer.java:90) > > at org.springframework.beans.factory.config. > PropertyPlaceholderConfigurer.resolvePlaceholder( > PropertyPlaceholderConfigurer.java:162) > > at org.springframework.beans.factory.config. > PropertyPlaceholderConfigurer$PropertyPlaceholderConfigurerR > esolver.resolvePlaceholder(PropertyPlaceholderConfigurer.java:272) > > at org.springframework.util.PropertyPlaceholderHelper. > parseStringValue(PropertyPlaceholderHelper.java:146) > > at org.springframework.util.PropertyPlaceholderHelper. > replacePlaceholders(PropertyPlaceholderHelper.java:125) > > at org.springframework.beans.factory.config. > PropertyPlaceholderConfigurer$PlaceholderResolvingStringValu > eResolver.resolveStringValue(PropertyPlaceholderConfigurer.java:257) > > at org.springframework.beans.factory.config.BeanDefinitionVisitor= . > resolveStringValue(BeanDefinitionVisitor.java:282) > > at org.springframework.beans.factory.config.BeanDefinitionVisitor= . > resolveValue(BeanDefinitionVisitor.java:204) > > at org.springframework.beans.factory.config.BeanDefinitionVisitor= . > visitPropertyValues(BeanDefinitionVisitor.java:141) > > at org.springframework.beans.factory.config.BeanDefinitionVisitor= . > visitBeanDefinition(BeanDefinitionVisitor.java:82) > > at org.springframework.beans.factory.config. > PlaceholderConfigurerSupport.doProcessProperties( > PlaceholderConfigurerSupport.java:206) > > ... 21 more > > Caused by: javax.crypto.IllegalBlockSizeException: Input length must be > multiple of 16 when decrypting with padded cipher > > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:934= ) > > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845= ) > > at com.sun.crypto.provider.AESCipher.engineDoFinal( > AESCipher.java:446) > > at javax.crypto.Cipher.doFinal(Cipher.java:2165) > > at org.apache.kylin.rest.security.PasswordPlaceholderConfigurer. > decrypt(PasswordPlaceholderConfigurer.java:81) > > > > > > > > This is the ldap part of the configuration file > > ldap.server=3Dldap://:389 > > ldap.username=3D > > ldap.password=3D70tIoIdndG4eYPU5XWsqxNZZ9VlKAwKj19JR6vfEphw=3D > > > > # LDAP user account directory; > > ldap.user.searchBase=3D > > ldap.user.searchPattern=3D(memberOf=3D) > > ldap.user.groupSearchBase=3D > > > > All parameters are used in other LDAP integrations (Like SSSD, Ambari, > Ranger, Atlas=E2=80=A6.) so I know that those are right. I got the hashed= password > by running this command. By the way, the org.apache.kylin.rest.security.P= asswordPlaceholderConfigurer > class gets classNotFound exception if I run it with Java 1.8. Just so you > know=E2=80=A6. 1.7 works better > > > > cd /opt/kylin-1.6.0/tomcat/webapps/kylin/WEB-INF/lib > > /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.x86_64/bin/java > -classpath kylin-server-base-1.6.0.jar:spring-beans-3.2.17.RELEASE. > jar:spring-core-3.2.17.RELEASE.jar:commons-codec-1.7.jar > org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES > > > > > If I understand everything correctly, Kylin is executed with the Java > versions that HBase is running. And the version I have is 1.8.0_112 > > Can anybody give me some info on how to solve this problem? I really like > to install Kylin on our production servers so I can play with real data > > > > Best Regards > > Berry =C3=96sterlund > > Sweden > > > > > > > > > > > > > > -- > > Best regards, > > > > Shaofeng Shi =E5=8F=B2=E5=B0=91=E9=94=8B > > > > > > > > -- > > Best regards, > > > > Shaofeng Shi =E5=8F=B2=E5=B0=91=E9=94=8B > > > --=20 Best regards, Shaofeng Shi =E5=8F=B2=E5=B0=91=E9=94=8B --001a114c5b98fbcd900546d74f40 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
okay, so it means the max. length Kylin supports is 15, ri= ght?

Berry, could you please report a JIRA to Kylin in <= a href=3D"https://issues.apache.org/jira/secure/Dashboard.jspa">https://iss= ues.apache.org/jira/secure/Dashboard.jspa?=C2=A0 We use JIRA to track t= he issues; Thank you!

2017-01-24 20:57 GMT+08:00 =C3=96sterlund Berry <berry.osterlund@scania.com>:

Got the result

=C2=A0

java org.apache.kylin.rest.secur= ity.PasswordPlaceholderConfigurer AES 123456789012345

AES encrypted password is:<= /u>

pLKuoHlKbRg+55tny8n2YA=3D=3D

If I put this string into ldap.passwo= rd, Kylin starts up without errors (I can ofc not login, because the passwo= rd is wrong.)

=C2=A0

java org.apache.kylin.rest.secur= ity.PasswordPlaceholderConfigurer AES 1234567890123456

AES encrypted password is:<= /u>

RSvxLxIHAugtd/LBQFpGF+9fW0wb6YVn= sEYgogo9w/w=3D

If I put this string into ldap.passwo= rd, Kylin failes to start with the error I posted previously<= /span>

=C2=A0

//Berry

=C2=A0

=C2=A0

From: = =C3=96sterlund Berry [mailto:berry.osterlund@scania.com]
Sent: den 24 januari 2017 13:42
To: user@= kylin.apache.org
Subject: RE: Password decrypting and LDAP

=C2=A0

Let me try different passwords, and d= ifferent length and I=E2=80=99ll get back with the result.

=C2=A0

From: = ShaoFeng Shi [m= ailto:shaofengshi@apache.org]
Sent: den 24 januari 2017 13:39
To: user <user@kylin.apache.org>
Subject: Re: Password decrypting and LDAP

=C2=A0

In your password is there some non-ascii character? = I'm wondering what can cause its encrypted values be different with oth= ers; This post (https://stackoverflow.com/questions/17234359/javax= -crypto-illegalblocksizeexception-input-length-must-be-multi= ple-of-16-whe) mentioned: "you are only able to encrypt data in blocks = of 128 bits or 16 bytes. That's why you are getting that=C2=A0IllegalBlockSizeEx= ception=C2=A0exception."=

=C2=A0

Besides, there should be a way to bypas= s this in Kylin; If you still don't have progress, we can try that.=C2= =A0

=C2=A0

2017-01-24 17:26 GMT+08:00 =C3=96sterlund Berry <= berry.oster= lund@scania.com>:

Hi

=C2=A0

I also tried (sorry for not writing t= hat) to run with a correct JAVA_HOME, but it still picks the 1.8 version from HBase. I=E2=80=99m sure that I can force it to use 1.7, but I= found another interesting thing that I look into now.=

=C2=A0

If I use my own account and password = as the serviceaccount for Kylin (my password is 9 chars long), I get passed that error. Now, I don=E2=80=99t have the correct permissions= in the AD so I can=E2=80=99t use my account for that. But it=E2=80=99s int= eresting that it looks like it=E2=80=99s the password length that affects t= his. I have ordered a new account with a 15 char long password to test it out. Once I get it, I=E2=80=99ll update with more information.

=C2=A0

Best Regards

Berry

=C2=A0

From: = ShaoFeng Shi [mailto:sh= aofengshi@apache.org]
Sent: den 24 januari 2017 09:47
To: user <user@kylin.apache.org>
Subject: Re: Password decrypting and LDAP

=C2=A0

Hi Berry,

=C2=A0

Did you try to start Kylin with java 1.7? Yes by def= ault Kylin uses the HBase's java to startup; You can add "export J= AVA_HOME=3D/usr/lib/jvm/java-1.7.0-op= enjdk-1.7.0.111-2.6.7.2.el7_2.x86_64/" in $KYLIN_HOME/bin/setenv.sh, and then HBase should use the specifiied jav= a.

=C2=A0

We use SUN JDK in most environments, not get much fe= edback on OpenJDK 1.8; For the ClassNotFound exception, do you have the det= ail stacktrace?

=C2=A0

2017-01-24 14:38 GMT+08:00 =C3=96sterlund Berry <= berry.oster= lund@scania.com>:

Hello

=C2=A0

I=E2=80=99m trying to connect out Kylin installation= to an LDAP server, as we are required to have that before we put any solut= ion into production. But I=E2=80=99m facing a problem. When I start Kylin, this is what I get in the log.

=C2=A0

2017-01-24 07:12:06,110 WARN=C2=A0 [localhost-startS= top-1] support.XmlWebApplicationContext:487 : Exception encountered du= ring context initialization - cancelling refresh attempt: org.springframewo= rk.beans.factory.BeanDefinitionStoreException: Invalid bean definition with name 'ldapSource' defined in class pa= th resource [kylinSecurity.xml]: Input length must be multiple of 16 when d= ecrypting with padded cipher; nested exception is java.lang.RuntimeExceptio= n: Input length must be multiple of 16 when decrypting with padded cipher

2017-01-24 07:12:06,111 ERROR [localhost-startStop-1= ] context.ContextLoader:331 : Context initialization failed

org.springframework.beans.factory.BeanDefi= nitionStoreException: Invalid bean definition with name 'ldapSource'= ; defined in class path resource [kylinSecurity.xml]: Input length must be multiple of 16 when decrypting with padded cipher; nested exception is = java.lang.RuntimeException: Input length must be multiple of 16 when decryp= ting with padded cipher

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.PlaceholderConfigurerSupport.<= wbr>doProcessProperties(PlaceholderConfigurerSupport.java:209)=

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.PropertyPlaceholderConfigurer.= processProperties(PropertyPlaceholderConfigurer.java:222)=

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.PropertyResourceConfigurer.postProcessBeanFactory(PropertyResourceConfigurer.java:84)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.context.support.AbstractApplicationContext.inv= okeBeanFactoryPostProcessors(AbstractApplicationContext.java:699)=

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.context.support.AbstractApplicationContext.inv= okeBeanFactoryPostProcessors(AbstractApplicationContext.java:674)=

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.context.support.AbstractApplicationContext.ref= resh(AbstractApplicationContext.java:461)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.web.context.ContextLoader.configureAndRefreshWebApp= licationContext(ContextLoader.java:410)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.web.context.ContextLoader.initWebApplicationContext= (ContextLoader.java:306)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.web.context.ContextLoaderListener.contextInitialize= d(ContextLoaderListener.java:112)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.ap= ache.catalina.core.StandardContext.listenerStart(StandardContext.= java:5068)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.ap= ache.catalina.core.StandardContext.startInternal(StandardContext.= java:5584)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.ap= ache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)=

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.ap= ache.catalina.core.ContainerBase.addChildInternal(ContainerB= ase.java:899)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.ap= ache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)=

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.ap= ache.catalina.core.StandardHost.addChild(StandardHost.java:652)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.ap= ache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1092)<= u>

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.ap= ache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:19= 84)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at java.u= til.concurrent.Executors$RunnableAdapter.call(Executors.java:511)=

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at java.u= til.concurrent.FutureTask.run(FutureTask.java:266)<= /p>

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at java.u= til.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.ja= va:1142)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at java.u= til.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.j= ava:617)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at java.l= ang.Thread.run(Thread.java:745)

Caused by: java.lang.RuntimeException: Input length = must be multiple of 16 when decrypting with padded cipher

=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0at org.ap= ache.kylin.rest.security.PasswordPlaceholderConfigurer.decry= pt(PasswordPlaceholderConfigurer.java:84)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.ap= ache.kylin.rest.security.PasswordPlaceholderConfigurer.resol= vePlaceholder(PasswordPlaceholderConfigurer.java:90)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.PropertyPlaceholderConfigurer.= resolvePlaceholder(PropertyPlaceholderConfigurer.java:162)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.PropertyPlaceholderConfigurer$= PropertyPlaceholderConfigurerResolver.resolvePlaceholder(Pro= pertyPlaceholderConfigurer.java:272)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:146)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.util.PropertyPlaceholderHelper.replacePlaceholders(= PropertyPlaceholderHelper.java:125)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.PropertyPlaceholderConfigurer$= PlaceholderResolvingStringValueResolver.resolveStringValue(P= ropertyPlaceholderConfigurer.java:257)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.BeanDefinitionVisitor.res= olveStringValue(BeanDefinitionVisitor.java:282)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.BeanDefinitionVisitor.res= olveValue(BeanDefinitionVisitor.java:204)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.BeanDefinitionVisitor.vis= itPropertyValues(BeanDefinitionVisitor.java:141)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.BeanDefinitionVisitor.vis= itBeanDefinition(BeanDefinitionVisitor.java:82)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.sp= ringframework.beans.factory.config.PlaceholderConfigurerSupport.<= wbr>doProcessProperties(PlaceholderConfigurerSupport.java:206)=

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ... 21 mo= re

Caused by: javax.crypto.IllegalBlockSizeExcepti= on: Input length must be multiple of 16 when decrypting with padded cipher<= u>

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at com.su= n.crypto.provider.CipherCore.doFinal(CipherCore.java:934)<= u>

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at com.su= n.crypto.provider.CipherCore.doFinal(CipherCore.java:845)<= u>

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at com.su= n.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)<= /u>

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0at javax.c= rypto.Cipher.doFinal(Cipher.java:2165)

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 at org.ap= ache.kylin.rest.security.PasswordPlaceholderConfigurer.decry= pt(PasswordPlaceholderConfigurer.java:81)

=C2=A0

=C2=A0

=C2=A0

This is the ldap part of the configuration file

ldap.server=3Dldap://<FULL HOSTNAME>:389

ldap.username=3D<FULL DN TO USER>

ldap.password=3D70tIoIdndG4eYPU5XWsqxNZZ9VlKAw<= wbr>Kj19JR6vfEphw=3D

=C2=A0

# LDAP user account directory;

ldap.user.searchBase=3D<VALID DN>

ldap.user.searchPattern=3D(memberOf=3D<VALID= GROUP>)

ldap.user.groupSearchBase=3D<GROUP SEARCH BA= SE>

=C2=A0

All parameters are used in other LDAP integrations (= Like SSSD, Ambari, Ranger, Atlas=E2=80=A6.) so I know that those are right.= I got the hashed password by running this command. By the way, the org.apache.kylin.rest.security.PasswordPlaceholderConfi= gurer class gets classNotFound exception if I run it with Java 1.8. Just so= you know=E2=80=A6. 1.7 works better

=C2=A0

cd /opt/kylin-1.6.0/tomcat/webapps/kylin/WEB-IN= F/lib

/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.111-2.6.7= .2.el7_2.x86_64/bin/java -classpath kylin-server-base-1.6.0.jar:s= pring-beans-3.2.17.RELEASE.jar:spring-core-3.2.17.RELEASE.jar:com= mons-codec-1.7.jar org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES= <PASSWORD 18 CHARS LONG>

=C2=A0

If I understand everything correctly, Kylin is execu= ted with the Java versions that HBase is running. And the version I have is= 1.8.0_112

Can anybody give me some info on how to solve this p= roblem? I really like to install Kylin on our production servers so I can p= lay with real data

=C2=A0

Best Regards

Berry =C3=96sterlund

Sweden

=C2=A0

=C2=A0

=C2=A0

=C2=A0



=C2=A0

--

Best regards,

=C2=A0

Shaofeng Shi =E5=8F=B2=E5=B0=91=E9=94= =8B

=C2=A0



=C2=A0

--

Best regards,

=C2=A0

Shaofeng Shi =E5=8F=B2=E5=B0=91=E9=94=8B

=C2=A0




--
Best regards,

Shaofeng Shi =E5=8F=B2= =E5=B0=91=E9=94=8B

--001a114c5b98fbcd900546d74f40--