[ https://issues.apache.org/jira/browse/KNOX-629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Larry McCay updated KNOX-629: ----------------------------- Fix Version/s: (was: 0.8.0) Future > Misleading output for system-user-auth-test when userSearchBase used > -------------------------------------------------------------------- > > Key: KNOX-629 > URL: https://issues.apache.org/jira/browse/KNOX-629 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI > Affects Versions: 0.7.0 > Reporter: Kevin Minder > Fix For: Future > > > See the output below. The use of searchBase and userSearchBase are > interchangeable but the diagnostics don't take that into account. > {code} > bin/knoxcli.sh system-user-auth-test --cluster admin > Warn: main.ldapRealm.searchBase is not present in topology > main.ldapRealm.userSearchAttributeName or main.ldapRealm.userObjectClass or > main.ldapRealm.searchBase was found in the topology > If any one of the above params is present, all must be present. > Topology warnings present. SystemUser may not bind. > System LDAP Bind successful. > {code} > for this correct topology > {code} > <topology> > <gateway> > <provider> > <role>authentication</role> > <name>ShiroProvider</name> > <enabled>true</enabled> > <param name="main.ldapRealm" > value="org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm"/> > <param name="main.ldapContextFactory" > value="org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory"/> > <param name="main.ldapRealm.contextFactory" > value="$ldapContextFactory"/> > <param name="main.ldapRealm.contextFactory.url" > value="ldap://ad-nano.qe.hortonworks.com:389"/> > <param name="main.ldapRealm.contextFactory.authenticationMechanism" > value="simple"/> > <param name="main.ldapRealm.contextFactory.systemUsername" > value="CN=Kevin Minder,CN=Users,DC=hwqe,DC=hortonworks,DC=com"/> > <param name="main.ldapRealm.contextFactory.systemPassword" > value="p@ssw0rd"/> > <param name="main.ldapRealm.userSearchBase" > value="CN=Users,DC=hwqe,DC=hortonworks,DC=com"/> > <param name="main.ldapRealm.userSearchAttributeName" > value="sAMAccountName"/> > <param name="main.ldapRealm.userObjectClass" value="person"/> > <param name="urls./**" value="authcBasic"/> > </provider> > </gateway> > <service> > <role>KNOX</role> > </service> > </topology> > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)