I made progress on the problem by looking at the webserver logs in
$KYLIN_HOME/tomcat/logs/localhost.2020-05-12.log.
The log file gave the below error message:
org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect
result size: expected 1, actual 4
It appears that when authenticating with LDAP it is getting more than 1
match.
I then figured out that my kylin.security.ldap.user-search-pattern was
wrong. I changed it to:
kylin.security.ldap.user-search-pattern=(sAMAccountName={0})
and then it started working. This was my mistake as the documentation on
LDAP already has an example with "cn={0}" as part of the user search
pattern.
I realize that this {0} stands for the username given at the login prompt,
but I am not sure why it is {0} and not, say, argv[0] or something like
that. Is this how the spring LDAP framework receives the user name, or is
this something Kylin specific. Any pointers to information on why that
particular format to pass the user name (with flower braces) is the one to
use would be helpful. This is more for my understanding though (my issue is
resolved).
Thanks.
--
Sent from: http://apache-kylin.74782.x6.nabble.com/
