[ https://issues.apache.org/jira/browse/ATLAS-4357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17379661#comment-17379661 ]
ighack commented on ATLAS-4357: ------------------------------- jzyc@bigdser4:/hadoop/app/zeppelin-0.9.0-bin-netinst/logs$ ldapsearch -x uid=ldapadmin -D 'uid=ldapadmin,ou=people,dc=join,dc=com' -w 000000 # extended LDIF # # LDAPv3 # base <dc=join,dc=com> (default) with scope subtree # filter: uid=ldapadmin # requesting: ALL # # ldapadmin, people, join.com dn: uid=ldapadmin,ou=people,dc=join,dc=com uid: ldapadmin uidNumber: 1031 homeDirectory: /home/ldapadmin gidNumber: 1031 cn: LDAP admin account sn: ldapadmin objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount loginShell: /bin/bash # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 > it can't get group with ldap > ---------------------------- > > Key: ATLAS-4357 > URL: https://issues.apache.org/jira/browse/ATLAS-4357 > Project: Atlas > Issue Type: Task > Components: atlas-core > Affects Versions: 2.1.0 > Reporter: ighack > Priority: Major > > atlas.authentication.method.ldap.url=ldap://hoostdd:389 > atlas.authentication.method.ldap.userDNpattern=uid=\{0},ou=people,dc=join,dc=com > atlas.authentication.method.ldap.groupSearchBase=ou=group,dc=join,dc=com > atlas.authentication.method.ldap.groupSearchFilter=(memberUid=uid=\{0},ou=peopel,dc=join,dc=com) > atlas.authentication.method.ldap.groupRoleAttribute=cn > atlas.authentication.method.ldap.base.dn=dc=join,dc=com > atlas.authentication.method.ldap.bind.dn=uid=ldapadmin,ou=people,dc=join,dc=com > atlas.authentication.method.ldap.bind.password= 000000 > atlas.authentication.method.ldap.referral=ignore > atlas.authentication.method.ldap.user.searchfilter=(uid=\{0}) > atlas.authentication.method.ldap.default.role=ROLE_USER > > but I get error > 2021-07-13 13:02:45,523 WARN - [pool-2-thread-4:] ~ Failed to get groups for > user jztwk (retry=0) by javax.naming.OperationNotSupportedException: [LDAP: > error code 53 - unauthenticated bind (DN with no password) disallowed] > (LdapGroupsMapping:290)2021-07-13 13:02:45,523 WARN - [pool-2-thread-4:] ~ > Failed to get groups for user jztwk (retry=0) by > javax.naming.OperationNotSupportedException: [LDAP: error code 53 - > unauthenticated bind (DN with no password) disallowed] > (LdapGroupsMapping:290)2021-07-13 13:02:45,524 WARN - [pool-2-thread-4:] ~ > Failed to get groups for user jztwk (retry=1) by > javax.naming.OperationNotSupportedException: [LDAP: error code 53 - > unauthenticated bind (DN with no password) disallowed] > (LdapGroupsMapping:290)2021-07-13 13:02:45,526 WARN - [pool-2-thread-4:] ~ > Failed to get groups for user jztwk (retry=2) by > javax.naming.OperationNotSupportedException: [LDAP: error code 53 - > unauthenticated bind (DN with no password) disallowed] > (LdapGroupsMapping:290)2021-07-13 13:02:45,533 WARN - [pool-2-thread-4:] ~ > Failed to get groups for user jztwk (retry=0) by > javax.naming.OperationNotSupportedException: [LDAP: error code 53 - > unauthenticated bind (DN with no password) disallowed] > (LdapGroupsMapping:290)2021-07-13 13:02:45,535 WARN - [pool-2-thread-4:] ~ > Failed to get groups for user jztwk (retry=1) by > javax.naming.OperationNotSupportedException: [LDAP: error code 53 - > unauthenticated bind (DN with no password) disallowed] > (LdapGroupsMapping:290)2021-07-13 13:02:45,536 WARN - [pool-2-thread-4:] ~ > Failed to get groups for user jztwk (retry=2) by > javax.naming.OperationNotSupportedException: [LDAP: error code 53 - > unauthenticated bind (DN with no password) disallowed] > (LdapGroupsMapping:290)2021-07-13 13:02:45,538 ERROR - [pool-2-thread-4:] ~ > Exception while fetching groups > (AtlasAbstractAuthenticationProvider:137)java.io.IOException: No groups found > for user jztwk at > org.apache.hadoop.security.Groups.noGroupsForUser(Groups.java:200) at > org.apache.hadoop.security.Groups.access$400(Groups.java:75) at > org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:334) at > org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270) at > com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3527) > at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2276) > at > com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154) > at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044) at > com.google.common.cache.LocalCache.get(LocalCache.java:3951) at > com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3973) at > com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4957) > at org.apache.hadoop.security.Groups.getGroups(Groups.java:228) at > org.apache.atlas.web.security.AtlasAbstractAuthenticationProvider.getAuthoritiesFromUGI(AtlasAbstractAuthenticationProvider.java:125) > at > org.apache.atlas.web.security.AtlasAbstractAuthenticationProvider.getAuthenticationWithGrantedAuthorityFromUGI(AtlasAbstractAuthenticationProvider.java:89) > at > org.apache.atlas.web.security.AtlasLdapAuthenticationProvider.getLdapBindAuthentication(AtlasLdapAuthenticationProvider.java:129) > at > org.apache.atlas.web.security.AtlasLdapAuthenticationProvider.authenticate(AtlasLdapAuthenticationProvider.java:73) > at > org.apache.atlas.web.security.AtlasAuthenticationProvider.authenticate(AtlasAuthenticationProvider.java:114) > at > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) > at > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) > at > org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94) > at > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1691) > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) > at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) > at org.eclipse.jetty.server.Server.handle(Server.java:534) at > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) at > org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) > at > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) > at > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) > at > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) -- This message was sent by Atlassian Jira (v8.3.4#803005)