Sandeep More created KNOX-3092:
----------------------------------
Summary: Knox alias support for group.mapping.ldap.bind.password
Key: KNOX-3092
URL: https://issues.apache.org/jira/browse/KNOX-3092
Project: Apache Knox
Issue Type: Bug
Components: Server
Reporter: Sandeep More
Assignee: Sandeep More
When using LDAP for group lookups currently the only option is to store ldap
password is in a file.
Knox leverages Hadoop Group Lookup for this feature. For Hadoop Group Lookup,
looks like this is the only way
https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/GroupsMapping.html#LDAP_Groups_Mapping
This is what Hadoop docs recommends
bq. If the LDAP server does not support anonymous binds, set the distinguished
name of the user to bind in hadoop.security.group.mapping.ldap.bind.user. The
path to the file containing the bind user’s password is specified in
hadoop.security.group.mapping.ldap.bind.password.file. This file should be
readable only by the Unix user running the daemons.
This JIRA is to implement alias support, just like we do for Shiro LDAP
(${ALIAS=ldcSystemPassword})
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
