[
https://issues.apache.org/jira/browse/ATLAS-4357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17380377#comment-17380377
]
Nixon Rodrigues commented on ATLAS-4357:
----------------------------------------
[~ighack],
It is observed that spring ldap API is not returning groups for the user after
authentication. making a follow up call after authentication to fetch groups in
time consuming.
Sync up the ldap user group in to linux user group or hadoop UGI so that
groups can be fetched after authentication.
{quote}org.apache.hadoop.security.Groups.getGroups(Groups.java:228) at
org.apache.atlas.web.security.AtlasAbstractAuthenticationProvider.getAuthoritiesFromUGI(AtlasAbstractAuthenticationProvider.java:125
{quote}
> it can't get group with ldap
> ----------------------------
>
> Key: ATLAS-4357
> URL: https://issues.apache.org/jira/browse/ATLAS-4357
> Project: Atlas
> Issue Type: Bug
> Components: atlas-core
> Affects Versions: 2.1.0
> Reporter: ighack
> Priority: Major
>
> atlas.authentication.method.ldap.url=ldap://hoostdd:389
> atlas.authentication.method.ldap.userDNpattern=uid=\{0},ou=people,dc=join,dc=com
> atlas.authentication.method.ldap.groupSearchBase=ou=group,dc=join,dc=com
> atlas.authentication.method.ldap.groupSearchFilter=(memberUid=uid=\{0},ou=peopel,dc=join,dc=com)
> atlas.authentication.method.ldap.groupRoleAttribute=cn
> atlas.authentication.method.ldap.base.dn=dc=join,dc=com
> atlas.authentication.method.ldap.bind.dn=uid=ldapadmin,ou=people,dc=join,dc=com
> atlas.authentication.method.ldap.bind.password= 000000
> atlas.authentication.method.ldap.referral=ignore
> atlas.authentication.method.ldap.user.searchfilter=(uid=\{0})
> atlas.authentication.method.ldap.default.role=ROLE_USER
>
> but I get error
> 2021-07-13 13:02:45,523 WARN - [pool-2-thread-4:] ~ Failed to get groups for
> user jztwk (retry=0) by javax.naming.OperationNotSupportedException: [LDAP:
> error code 53 - unauthenticated bind (DN with no password) disallowed]
> (LdapGroupsMapping:290)2021-07-13 13:02:45,523 WARN - [pool-2-thread-4:] ~
> Failed to get groups for user jztwk (retry=0) by
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> unauthenticated bind (DN with no password) disallowed]
> (LdapGroupsMapping:290)2021-07-13 13:02:45,524 WARN - [pool-2-thread-4:] ~
> Failed to get groups for user jztwk (retry=1) by
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> unauthenticated bind (DN with no password) disallowed]
> (LdapGroupsMapping:290)2021-07-13 13:02:45,526 WARN - [pool-2-thread-4:] ~
> Failed to get groups for user jztwk (retry=2) by
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> unauthenticated bind (DN with no password) disallowed]
> (LdapGroupsMapping:290)2021-07-13 13:02:45,533 WARN - [pool-2-thread-4:] ~
> Failed to get groups for user jztwk (retry=0) by
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> unauthenticated bind (DN with no password) disallowed]
> (LdapGroupsMapping:290)2021-07-13 13:02:45,535 WARN - [pool-2-thread-4:] ~
> Failed to get groups for user jztwk (retry=1) by
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> unauthenticated bind (DN with no password) disallowed]
> (LdapGroupsMapping:290)2021-07-13 13:02:45,536 WARN - [pool-2-thread-4:] ~
> Failed to get groups for user jztwk (retry=2) by
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> unauthenticated bind (DN with no password) disallowed]
> (LdapGroupsMapping:290)2021-07-13 13:02:45,538 ERROR - [pool-2-thread-4:] ~
> Exception while fetching groups
> (AtlasAbstractAuthenticationProvider:137)java.io.IOException: No groups found
> for user jztwk at
> org.apache.hadoop.security.Groups.noGroupsForUser(Groups.java:200) at
> org.apache.hadoop.security.Groups.access$400(Groups.java:75) at
> org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:334) at
> org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270) at
> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3527)
> at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2276)
> at
> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154)
> at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044) at
> com.google.common.cache.LocalCache.get(LocalCache.java:3951) at
> com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3973) at
> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4957)
> at org.apache.hadoop.security.Groups.getGroups(Groups.java:228) at
> org.apache.atlas.web.security.AtlasAbstractAuthenticationProvider.getAuthoritiesFromUGI(AtlasAbstractAuthenticationProvider.java:125)
> at
> org.apache.atlas.web.security.AtlasAbstractAuthenticationProvider.getAuthenticationWithGrantedAuthorityFromUGI(AtlasAbstractAuthenticationProvider.java:89)
> at
> org.apache.atlas.web.security.AtlasLdapAuthenticationProvider.getLdapBindAuthentication(AtlasLdapAuthenticationProvider.java:129)
> at
> org.apache.atlas.web.security.AtlasLdapAuthenticationProvider.authenticate(AtlasLdapAuthenticationProvider.java:73)
> at
> org.apache.atlas.web.security.AtlasAuthenticationProvider.authenticate(AtlasAuthenticationProvider.java:114)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
> at
> org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1691)
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
> at org.eclipse.jetty.server.Server.handle(Server.java:534) at
> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
> at
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) at
> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
> at
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
> at
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
> at
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
