Hi, I am trying to set up a Kylin server on an AWS EMR edge node. I was able to do that successfully.
Now I am trying to enable LDAP. I followed the instructions here: https://kylin.apache.org/docs30/howto/howto_ldap_and_sso.html. I get an error on the GUI that says "System error, please contact your administrator" but there are no clear error messages in the log. Details below. Any ideas? Here is how I edited the config entries (I have replaced some values for security) ## LDAP authentication configuration kylin.security.ldap.connection-server=ldap://99.99.99.99:389 kylin.security.ldap.connection-username=ldaptest@awt.local kylin.security.ldap.connection-password=***************** # ## LDAP user account directory; kylin.security.ldap.user-search-base=OU=Common,OU=Users,OU=Dev,DC=awst,DC=local kylin.security.ldap.user-search-pattern=(objectclass=*) kylin.security.ldap.user-group-search-base=OU=Security Group,OU=Dev,DC=awst,DC=local kylin.security.ldap.user-group-search-filter=(objectclass=*) Here are the version details: Hadoop version is Hadoop 2.8.5-amzn-4 Kylin version is 3.0.1 Hive 2.3.5-amzn-0 The error message on the GUI is attached: <http://apache-kylin.74782.x6.nabble.com/file/t1099/KylinLDAPErrorMessage.png> The messages in the Kylin log are below.*I dont see any error message in particular. Not sure what is going wrong though. Any ideas?* 2020-05-12 00:33:15,785 INFO [localhost-startStop-1] ldap.DefaultSpringSecurityContextSource:76 : URL 'ldap://99.99.99.99:389', root DN is '' 2020-05-12 00:33:15,785 INFO [localhost-startStop-1] ldap.DefaultSpringSecurityContextSource:76 : URL 'ldap://99.99.99.99:389', root DN is '' 2020-05-12 00:33:15,896 INFO [localhost-startStop-1] search.FilterBasedLdapUserSearch:96 : SearchBase not set. Searches will be performed from the root: 2020-05-12 00:33:15,896 INFO [localhost-startStop-1] search.FilterBasedLdapUserSearch:96 : SearchBase not set. Searches will be performed from the root: 2020-05-12 00:33:15,897 INFO [localhost-startStop-1] userdetails.DefaultLdapAuthoritiesPopulator:171 : groupSearchBase is empty. Searches will be performed from the context source base 2020-05-12 00:33:15,897 INFO [localhost-startStop-1] userdetails.DefaultLdapAuthoritiesPopulator:171 : groupSearchBase is empty. Searches will be performed from the context source base 2020-05-12 00:33:16,568 INFO [localhost-startStop-1] web.DefaultSecurityFilterChain:43 : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@47ac0572, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@51a501c, org.springframework.security.web.header.HeaderWriterFilter@355a9562, org.springframework.security.web.authentication.logout.LogoutFilter@2655d539, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1f5d314, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@56b8e986, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@372897b6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3fdc7077, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@109e69eb, org.springframework.security.web.session.SessionManagementFilter@1fb46a7, org.springframework.security.web.access.ExceptionTranslationFilter@721de409, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@2e9e6df5] 2020-05-12 00:33:16,568 INFO [localhost-startStop-1] web.DefaultSecurityFilterChain:43 : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@47ac0572, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@51a501c, org.springframework.security.web.header.HeaderWriterFilter@355a9562, org.springframework.security.web.authentication.logout.LogoutFilter@2655d539, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1f5d314, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@56b8e986, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@372897b6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3fdc7077, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@109e69eb, org.springframework.security.web.session.SessionManagementFilter@1fb46a7, org.springframework.security.web.access.ExceptionTranslationFilter@721de409, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@2e9e6df5] 2020-05-12 00:33:16,609 INFO [localhost-startStop-1] http.DefaultFilterChainValidator:154 : Checking whether login URL '/login' is accessible with your configuration 2020-05-12 00:33:16,609 INFO [localhost-startStop-1] http.DefaultFilterChainValidator:154 : Checking whether login URL '/login' is accessible with your configuration 2020-05-12 00:33:17,321 INFO [FetcherRunner 1098208926-45] threadpool.DefaultFetcherRunner:111 : Job Fetcher: 0 should running, 0 actual running, 0 stopped, 0 ready, 8 already succeed, 11 error, 0 discarded, 0 others 2020-05-12 00:33:18,650 DEBUG [http-bio-7070-exec-3] common.KylinConfig:343 : KYLIN_CONF property was not set, will seek KYLIN_HOME env variable 2020-05-12 00:33:18,650 INFO [http-bio-7070-exec-3] common.KylinConfig:349 : Use KYLIN_HOME=/usr/local/kylin/apache-kylin-3.0.1-bin-hbase1x -- Sent from: http://apache-kylin.74782.x6.nabble.com/
