[jira] [Commented] (KNOX-461) Leverage Directory Computed Attribute for User Group Discovery

Mon, 26 Nov 2018 14:54:17 -0800 


    [ 
https://issues.apache.org/jira/browse/KNOX-461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16699667#comment-16699667
 ] 

Raja Marimuthu commented on KNOX-461:
-------------------------------------

We are having same issue,  trying to configure  group filter  with memberOf, in 
my case, we need to restrict the authentication to specific groups, e.g only 
powerusers

 

<param name="main.ldapRealm.userSearchBase" value="dc=ds,dc=nb,dc=com"/> <param 
name="main.ldapRealm.userSearchFilter" 
value="(&amp;(objectclass=*)(memberOf=cn=m_powerusers,OU=Applications,OU=Groups,DC=ds,DC=nb,DC=com))"/>
 <param name="main.ldapRealm.userObjectClass" value="person"/>

 

this is throwing null pointer . exception 

 

018-11-26 22:34:16,225 DEBUG servlet.AdviceFilter 
(AdviceFilter.java:cleanup(194)) - Filter execution resulted in an unexpected 
Exception (not IOException or ServletException as the Filter API recommends). 
Wrapping in ServletException and propagating. 2018-11-26 22:34:16,225 ERROR 
knox.gateway (AbstractGatewayFilter.java:doFilter(66)) - Failed to execute 
filter: javax.servlet.ServletException: java.lang.NullPointerException 
javax.servlet.ServletException: java.lang.NullPointerException at 
org.apache.shiro.web.servlet.AdviceFilter.cleanup(AdviceFilter.java:196) at 
org.apache.shiro.web.filter.authc.AuthenticatingFilter.cleanup(AuthenticatingFilter.java:155)
 at 
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:148)
 at 
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
 at 
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)

> Leverage Directory Computed  Attribute for User Group Discovery
> ---------------------------------------------------------------
>
>                 Key: KNOX-461
>                 URL: https://issues.apache.org/jira/browse/KNOX-461
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Dilli Arumugam
>            Priority: Critical
>
> Leverage Directory Computed  Attribute for User Group Discovery
> We should use computed attribute memberof supported by Active Driectory to 
> discover groups of the authenticated user. This would significantly boost 
> performance as compared we computing groups using group search.
> OpenLDAP also could be configured to return computed groups.
> However, OpenLDAP would return this attribute as memberof.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to