Thanks for the update. LDAP configurations are usually case by case, because each org has a different way to organize that. And LDAP vendors also have differences in implementations; That's why we say you may need to do that with the support from an LDAP admin...
Best regards, Shaofeng Shi 史少锋 Apache Kylin PMC Email: [email protected] Apache Kylin FAQ: https://kylin.apache.org/docs/gettingstarted/faq.html Join Kylin user mail group: [email protected] Join Kylin dev mail group: [email protected] mvishnubhatta <[email protected]> 于2020年5月13日周三 上午1:48写道: > I made progress on the problem by looking at the webserver logs in > $KYLIN_HOME/tomcat/logs/localhost.2020-05-12.log. > > The log file gave the below error message: > org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect > result size: expected 1, actual 4 > > It appears that when authenticating with LDAP it is getting more than 1 > match. > > I then figured out that my kylin.security.ldap.user-search-pattern was > wrong. I changed it to: > > kylin.security.ldap.user-search-pattern=(sAMAccountName={0}) > > and then it started working. This was my mistake as the documentation on > LDAP already has an example with "cn={0}" as part of the user search > pattern. > > I realize that this {0} stands for the username given at the login prompt, > but I am not sure why it is {0} and not, say, argv[0] or something like > that. Is this how the spring LDAP framework receives the user name, or is > this something Kylin specific. Any pointers to information on why that > particular format to pass the user name (with flower braces) is the one to > use would be helpful. This is more for my understanding though (my issue is > resolved). > > Thanks. > > > > -- > Sent from: http://apache-kylin.74782.x6.nabble.com/ >
