[ https://issues.apache.org/jira/browse/KNOX-650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Selim Namsi updated KNOX-650: ----------------------------- Attachment: KNOX-650.patch > Add posixGroups support for LDAP groups lookup > ---------------------------------------------- > > Key: KNOX-650 > URL: https://issues.apache.org/jira/browse/KNOX-650 > Project: Apache Knox > Issue Type: New Feature > Affects Versions: 0.7.0 > Reporter: Selim Namsi > Fix For: Future > > Attachments: KNOX-650.patch > > > Add posixGroups support for LDAP group lookup. The current implementation > works only with groupOfNames. > posixGroups have "memberUid" attribute which is different from "member" > attribute, and when we set main.ldapRealm.memberAttribute equal to > "memberUid", this line (306) in > org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.java: > {noformat} > if (userLdapDn.equals(new LdapName(attrValue))) > {noformat} > will generate an InvalidNameException because "memberUid" is just an id and > not formatted according to the rules defined in RFC 2253. > To fix this, we need to just test if the group is a posixGroup and then > update attrValue by adding memberAttributeValuePrefix and > memberAttributeValueSuffix -- This message was sent by Atlassian JIRA (v6.3.4#6332)