kylin-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ShaoFeng Shi <shaofeng...@apache.org>
Subject Re: Kylin login with LDAP (LDAP: error code 32 - No Such Object)
Date Sun, 12 Feb 2017 01:51:50 GMT
in kylin.properteis you defines "ou=people,dc=openldap,dc=jw,dc=cn"

but from the screen shot I see it is "ou=People" (P is uppercase); please
try the exact value as LDAP defines.

2017-02-10 18:07 GMT+08:00 Hoang Le Trung <hoangletrung@orenj.com>:

> You can refer my configure here
>
> http://mail-archives.apache.org/mod_mbox/kylin-user/201702.mbox/browser
>
>
>
>
>
> *From:* java_program@aliyun.com [mailto:java_program@aliyun.com]
> *Sent:* Friday, February 10, 2017 4:53 PM
> *To:* user
> *Subject:* Kylin login with LDAP (LDAP: error code 32 - No Such Object)
>
>
>
> hi:
>
>     i am trying to use ldap authentication on kylin
> server(1.6.0-cdh5.7.0),when i login with right username and password,there
> are errors in the kylin.log
>
>
>
> 2017-02-10 17:44:40,426 ERROR [http-bio-7070-exec-2] security.
> KylinAuthenticationProvider:96 : Failed to auth user: hadoop
> org.springframework.security.authentication.InternalAuthenticationServiceE
> xception: [LDAP: error code 32 - No Such Object]; nested
> exception is javax.naming.NameNotFoundException: [LDAP:
> error code 32 - No Such Object]; remaining name 'ou=
> people,dc=openldap,dc=jw,dc=cn'
> at org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.
> java:191)
> at org.springframework.security.ldap.authentication.
> AbstractLdapAuthenticationProvider.authenticate(
> AbstractLdapAuthenticationProvider.java:61)
>          at org.apache.kylin.rest.security.KylinAuthenticationProvider.
> authenticate(KylinAuthenticationProvider.java:90)
>             at org.springframework.security.authentication.
> ProviderManager.authenticate(ProviderManager.java:156)
>             at org.springframework.security.authentication.
> ProviderManager.authenticate(ProviderManager.java:174)
> at org.springframework.security.web.authentication.
> www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
>             at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.authentication.ui.
> DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilt
> er.java:91)
>             at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.authentication.
> AbstractAuthenticationProcessingFilter.doFilter(
> AbstractAuthenticationProcessingFilter.java:183)
>             at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>             at org.springframework.security.web.authentication.
> logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>             at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.context.SecurityContextPersistenceFilt
> er.doFilter(SecurityContextPersistenceFilter.java:87)
>             at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>             at org.springframework.security.web.FilterChainProxy.
> doFilterInternal(FilterChainProxy.java:192)
>             at org.springframework.security.web.FilterChainProxy.
> doFilter(FilterChainProxy.java:160)
>             at org.springframework.web.filter.DelegatingFilterProxy.
> invokeDelegate(DelegatingFilterProxy.java:343)
>             at org.springframework.web.filter.DelegatingFilterProxy.
> doFilter(DelegatingFilterProxy.java:260)
>             at org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:241)
>             at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
>             at com.thetransactioncompany.cors.CORSFilter.doFilter(
> CORSFilter.java:209)
>             at com.thetransactioncompany.cors.CORSFilter.doFilter(
> CORSFilter.java:244)
>             at org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:241)
>             at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
>             at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:220)
>             at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:122)
>             at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
> AuthenticatorBase.java:505)
>             at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:169)
>             at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:103)
>             at org.apache.catalina.valves.AccessLogValve.invoke(
> AccessLogValve.java:956)
>             at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:116)
>             at org.apache.catalina.connector.CoyoteAdapter.
> service(CoyoteAdapter.java:436)
>             at org.apache.coyote.http11.AbstractHttp11Processor.process(
> AbstractHttp11Processor.java:1078)
>             at org.apache.coyote.AbstractProtocol$
> AbstractConnectionHandler.process(AbstractProtocol.java:625)
>             at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.
> run(JIoEndpoint.java:316)
>             at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
>             at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
>             at org.apache.tomcat.util.threads.TaskThread$
> WrappingRunnable.run(TaskThread.java:61)
>             at java.lang.Thread.run(Thread.java:745)
> Caused by: org.springframework.ldap.NameNotFoundException: [LDAP:
> error code 32 - No Such Object]; nested exception is javax.naming.
> NameNotFoundException: [LDAP: error code 32 - No Such
> Object]; remaining name 'ou=people,dc=openldap,dc=jw,dc=cn'
>             at org.springframework.ldap.support.LdapUtils.
> convertLdapException(LdapUtils.java:174)
>             at org.springframework.ldap.core.LdapTemplate.
> executeWithContext(LdapTemplate.java:810)
>             at org.springframework.ldap.core.LdapTemplate.
> executeReadOnly(LdapTemplate.java:793)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate.
> searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
> at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.
> searchForUser(FilterBasedLdapUserSearch.java:116)
>         at org.springframework.security.ldap.authentication.
> BindAuthenticator.authenticate(BindAuthenticator.java:90)
> at org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.
> java:178)
>             ... 39 more
> Caused by: javax.naming.NameNotFoundException: [LDAP:
> error code 32 - No Such Object]; remaining name 'ou=
> people,dc=openldap,dc=jw,dc=cn'
>             at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3161)
>             at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.
> java:3082)
>             at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.
> java:2888)
>             at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
>             at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
>             at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
>             at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(
> ComponentDirContext.java:418)
>             at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(
> PartialCompositeDirContext.java:396)
>             at javax.naming.directory.InitialDirContext.search(
> InitialDirContext.java:297)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate.
> searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:210)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate$3.
> executeWithContext(SpringSecurityLdapTemplate.java:198)
>             at org.springframework.ldap.core.LdapTemplate.
> executeWithContext(LdapTemplate.java:807)
>             ... 44 more
> 2017-02-10 17:44:40,427 INFO  [http-bio-7070-exec-2] security.
> KylinAuthenticationProvider:77 : authentication.getName():hadoop
> 2017-02-10 17:44:40,428 INFO  [http-bio-7070-exec-2] security.
> KylinAuthenticationProvider:78 : authentication.
> getCredentials():apU)u%7lk,-7o
> 2017-02-10 17:44:40,428 INFO  [http-bio-7070-exec-2] security.
> KylinAuthenticationProvider:89 : authenticationProvider.
> getClass().getName():org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider
> 2017-02-10 17:44:40,429 ERROR [http-bio-7070-exec-2] security.
> KylinAuthenticationProvider:96 : Failed to auth user: hadoop
> org.springframework.security.authentication.InternalAuthenticationServiceE
> xception: Empty filter; nested exception is javax.naming.directory.
> InvalidSearchFilterException: Empty filter; remaining name '/'
> at org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.
> java:191)
> at org.springframework.security.ldap.authentication.
> AbstractLdapAuthenticationProvider.authenticate(
> AbstractLdapAuthenticationProvider.java:61)
>          at org.apache.kylin.rest.security.KylinAuthenticationProvider.
> authenticate(KylinAuthenticationProvider.java:90)
>             at org.springframework.security.authentication.
> ProviderManager.authenticate(ProviderManager.java:156)
>             at org.springframework.security.authentication.
> ProviderManager.authenticate(ProviderManager.java:174)
> at org.springframework.security.web.authentication.
> www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
>             at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.authentication.ui.
> DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilt
> er.java:91)
>             at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.authentication.
> AbstractAuthenticationProcessingFilter.doFilter(
> AbstractAuthenticationProcessingFilter.java:183)
>             at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>             at org.springframework.security.web.authentication.
> logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>             at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at org.springframework.security.web.context.SecurityContextPersistenceFilt
> er.doFilter(SecurityContextPersistenceFilter.java:87)
>             at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>             at org.springframework.security.web.FilterChainProxy.
> doFilterInternal(FilterChainProxy.java:192)
>             at org.springframework.security.web.FilterChainProxy.
> doFilter(FilterChainProxy.java:160)
>             at org.springframework.web.filter.DelegatingFilterProxy.
> invokeDelegate(DelegatingFilterProxy.java:343)
>             at org.springframework.web.filter.DelegatingFilterProxy.
> doFilter(DelegatingFilterProxy.java:260)
>             at org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:241)
>             at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
>             at com.thetransactioncompany.cors.CORSFilter.doFilter(
> CORSFilter.java:209)
>             at com.thetransactioncompany.cors.CORSFilter.doFilter(
> CORSFilter.java:244)
>             at org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:241)
>             at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
>             at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:220)
>             at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:122)
>             at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
> AuthenticatorBase.java:505)
>             at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:169)
>             at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:103)
>             at org.apache.catalina.valves.AccessLogValve.invoke(
> AccessLogValve.java:956)
>             at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:116)
>             at org.apache.catalina.connector.CoyoteAdapter.
> service(CoyoteAdapter.java:436)
>             at org.apache.coyote.http11.AbstractHttp11Processor.process(
> AbstractHttp11Processor.java:1078)
>             at org.apache.coyote.AbstractProtocol$
> AbstractConnectionHandler.process(AbstractProtocol.java:625)
>             at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.
> run(JIoEndpoint.java:316)
>             at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
>             at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
>             at org.apache.tomcat.util.threads.TaskThread$
> WrappingRunnable.run(TaskThread.java:61)
>             at java.lang.Thread.run(Thread.java:745)
> Caused by: org.springframework.ldap.InvalidSearchFilterException:
> Empty filter; nested exception is javax.naming.directory.
> InvalidSearchFilterException: Empty filter; remaining name '/'
>             at org.springframework.ldap.support.LdapUtils.
> convertLdapException(LdapUtils.java:135)
>             at org.springframework.ldap.core.LdapTemplate.
> executeWithContext(LdapTemplate.java:810)
>             at org.springframework.ldap.core.LdapTemplate.
> executeReadOnly(LdapTemplate.java:793)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate.
> searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
> at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.
> searchForUser(FilterBasedLdapUserSearch.java:116)
>         at org.springframework.security.ldap.authentication.
> BindAuthenticator.authenticate(BindAuthenticator.java:90)
> at org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.
> java:178)
>             ... 39 more
> Caused by: javax.naming.directory.InvalidSearchFilterException:
> Empty filter; remaining name '/'
>             at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:57)
>             at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:546)
>             at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
>             at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
>             at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
>             at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
>             at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(
> ComponentDirContext.java:418)
>             at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(
> PartialCompositeDirContext.java:396)
>             at javax.naming.directory.InitialDirContext.search(
> InitialDirContext.java:297)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate.
> searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:210)
> at org.springframework.security.ldap.SpringSecurityLdapTemplate$3.
> executeWithContext(SpringSecurityLdapTemplate.java:198)
>             at org.springframework.ldap.core.LdapTemplate.
> executeWithContext(LdapTemplate.java:807)
>             ... 44 more
>
>
>
>
>
> *ldap configuration shows below *
>
>
>
> database        bdb
> suffix          "dc=openldap,dc=jw,dc=cn"
> checkpoint      1024 15
> rootdn          "cn=Manager,dc=openldap,dc=jw,dc=cn"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw         T5Ut6m4Z15Iszzz
>
>
>
> *ldap tree shows in eclipse view *
>
> [image: cid:image001.jpg@01D283BF.CD5026E0]
>
>
>
>
>
> *kylin.properties:*
>
>
>
> kylin.security.profile=ldap
>
> ### SECURITY ###
> # Default roles and admin roles in LDAP, for ldap and saml
> acl.defaultRole=ROLE_ANALYST,ROLE_MODELER
> acl.adminRole=ROLE_ADMIN
>
> # LDAP authentication configuration
> #ldap.server=ldap://ldap_server:389
> ldap.server=ldap://10.10.16.3:389/dc=openldap,dc=jw,dc=cn
> ldap.username=cn=Manager,dc=openldap,dc=jw,dc=cn
> ldap.password=vlQiP78zbqKgsWycEFIEeA==
>
> # LDAP user account directory;
> ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
> ldap.user.searchPattern=(uid={0})
> ldap.user.groupSearchBase=
>
>
>
>
>
>
>
> i am using user 'hadoop'  in 'ou=people,dc=openldap,dc=jw,dc=cn' with the
> right password.
>
> i also config kylin.properties in some other ways shows below, but i did
> not work well
>
>
>
> 1、
>
> # LDAP authentication configuration
> #ldap.server=ldap://ldap_server:389
> ldap.server=ldap://10.10.16.3:389
> ldap.username=cn=Manager,dc=openldap,dc=jw,dc=cn
> ldap.password=vlQiP78zbqKgsWycEFIEeA==
>
> # LDAP user account directory;
> ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
> ldap.user.searchPattern=(uid={0})
> ldap.user.groupSearchBase=
>
>
>
> 2、
>
> # LDAP authentication configuration
> #ldap.server=ldap://ldap_server:389
> ldap.server=ldap://10.10.16.3:389
> ldap.username=Manager
> ldap.password=vlQiP78zbqKgsWycEFIEeA==
>
> # LDAP user account directory;
> ldap.user.searchBase=ou=people,dc=openldap,dc=jw,dc=cn
> ldap.user.searchPattern=(uid={0})
> ldap.user.groupSearchBase=
>
>
>
>
>
> did i config wrong in kylin.properties?
>
>
>
>
> ------------------------------
>
> java_program@aliyun.com
>
> ------------------------------
> This e-mail may contain confidential or privileged information. If you
> received this e-mail by mistake, please don't forward it to anyone else,
> please erase it from your device and let me know so I don't do it again.
>



-- 
Best regards,

Shaofeng Shi 史少锋

Mime
View raw message