Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
v1.2
-
None
Description
When integrating LDAP authentication in Kylin, people might run into the following error message. One possible reason is that Kylin actually requires passwords in kylin.properties be encrypted.
Invalid bean definition with name 'ldapSource' defined in class path resource [kylinSecurity.xm]: Input length must be multiple of 16 when decrypting with padded cipher
Related code for passwords decryption is as follows:
PasswordPlaceholderConfigurer.java
protected String resolvePlaceholder(String placeholder, Properties props) { if (placeholder.toLowerCase().contains("password")) { return decrypt(props.getProperty(placeholder)); } else { return props.getProperty(placeholder); } }
Related discussion in mailing list: Link
In this ticket, I would propose a CLI tool for password encryption for Kylin, and add related documentation in How to Enable Security with LDAP and SSO