[ https://issues.apache.org/jira/browse/KNOX-650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15107594#comment-15107594 ]
ASF subversion and git services commented on KNOX-650: ------------------------------------------------------ Commit 9619a398f9ed57d4cd7f705e73f100e85921bfdd in knox's branch refs/heads/master from [~kevin.minder] [ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=9619a39 ] [KNOX-650] - Add posixGroups support for LDAP groups lookup > Add posixGroups support for LDAP groups lookup > ---------------------------------------------- > > Key: KNOX-650 > URL: https://issues.apache.org/jira/browse/KNOX-650 > Project: Apache Knox > Issue Type: New Feature > Affects Versions: 0.7.0 > Reporter: Selim Namsi > Assignee: Selim Namsi > Labels: features, patch > Fix For: Future > > Attachments: > 0001-KNOX-650-Add-posixGroups-support-for-LDAP-groups-loo.patch, > KNOX-650.patch > > > Add posixGroups support for LDAP group lookup. The current implementation > works only with groupOfNames. > posixGroups have "memberUid" attribute which is different from "member" > attribute, and when we set main.ldapRealm.memberAttribute equal to > "memberUid", this line (306) in > org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.java: > {noformat} > if (userLdapDn.equals(new LdapName(attrValue))) > {noformat} > will generate an InvalidNameException because "memberUid" is just an id and > not formatted according to the rules defined in RFC 2253. > To fix this, we need to just test if the group is a posixGroup and then > update attrValue by adding memberAttributeValuePrefix and > memberAttributeValueSuffix -- This message was sent by Atlassian JIRA (v6.3.4#6332)