[
https://issues.apache.org/jira/browse/KYLIN-4271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16984241#comment-16984241
]
Marc Wu commented on KYLIN-4271:
--------------------------------
OK, got your point.
> Use configurable certificate to support LDAPs authentication of Kylin
> ---------------------------------------------------------------------
>
> Key: KYLIN-4271
> URL: https://issues.apache.org/jira/browse/KYLIN-4271
> Project: Kylin
> Issue Type: Improvement
> Components: Security
> Affects Versions: v3.0.0
> Reporter: wu.kehua
> Assignee: wu.kehua
> Priority: Major
> Attachments: kylin.log
>
>
> Kylin's user authentication is normal when connecting to an LDAP server with
> the LDAP protocol enabled. However, the LDAP protocol is transmitted in plain
> text and there are security risks. Therefore, the LDAP server that uses the
> LDAPs protocol needs to be enabled. The LDAPs protocol supports encrypted
> transmission. After configuring the LDAP related configuration in
> kylin.properties, Kylin server cannot connect to the LDAP server for user
> authentication.
> The Kylin log shows the error log, as follows, you can also see the detail
> log in attachment.
> {code:java}
> Root exception is javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException:
> PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> {code}
> So we add "kylin.security.ldap.connection-truststore" parameter which is set
> to be value of "javax.net.ssl.trustStore", so we can use configurable
> certificate to support LDAPs authentication of Kylin.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
