[ https://issues.apache.org/jira/browse/KNOX-650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15105344#comment-15105344 ]
Larry McCay commented on KNOX-650: ---------------------------------- Hi [~snamsi] - thank you for this patch! I wonder whether you would be easily able to provide a users.ldif file that would be configured for posixGroups. That would help in being able to test the patch and others need an example. Location would be in templates: ./gateway-release/home/templates/users.posixgroups.ldif Thanks again! > Add posixGroups support for LDAP groups lookup > ---------------------------------------------- > > Key: KNOX-650 > URL: https://issues.apache.org/jira/browse/KNOX-650 > Project: Apache Knox > Issue Type: New Feature > Affects Versions: 0.7.0 > Reporter: Selim Namsi > Labels: features, patch > Fix For: Future > > Attachments: KNOX-650.patch > > > Add posixGroups support for LDAP group lookup. The current implementation > works only with groupOfNames. > posixGroups have "memberUid" attribute which is different from "member" > attribute, and when we set main.ldapRealm.memberAttribute equal to > "memberUid", this line (306) in > org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.java: > {noformat} > if (userLdapDn.equals(new LdapName(attrValue))) > {noformat} > will generate an InvalidNameException because "memberUid" is just an id and > not formatted according to the rules defined in RFC 2253. > To fix this, we need to just test if the group is a posixGroup and then > update attrValue by adding memberAttributeValuePrefix and > memberAttributeValueSuffix -- This message was sent by Atlassian JIRA (v6.3.4#6332)