[KNOX-650] Add posixGroups support for LDAP groups lookup - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.7.0
Fix Version/s: 0.8.0
Component/s: None
Labels:
- features
- patch

Flags:

Patch

Description

Add posixGroups support for LDAP group lookup. The current implementation works only with groupOfNames.
posixGroups have "memberUid" attribute which is different from "member" attribute, and when we set main.ldapRealm.memberAttribute equal to "memberUid", this line (306) in org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.java:

if (userLdapDn.equals(new LdapName(attrValue)))

will generate an InvalidNameException because "memberUid" is just an id and not formatted according to the rules defined in RFC 2253.

To fix this, we need to just test if the group is a posixGroup and then update attrValue by adding memberAttributeValuePrefix and memberAttributeValueSuffix

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

KNOX-650.patch
18/Jan/16 13:03
2 kB
Selim Namsi
0001-KNOX-650-Add-posixGroups-support-for-LDAP-groups-loo.patch
19/Jan/16 22:37
20 kB
Kevin Minder

Activity

People

Assignee:: Selim Namsi

Reporter:: Selim Namsi

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Jan/16 12:45

Updated:: 28/Mar/19 14:15

Resolved:: 20/Jan/16 09:16