https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201434#M76781 <P><EM>@<A href="https://community.hortonworks.com/users/19322/mishraanurag643.html">Anurag Mishra</A> </EM>LDAP authentication is configured by adding a "ShiroProvider" authentication provider to the cluster's topology file. When enabled, the Knox Gateway uses Apache Shiro (<CODE>org.apache.shiro.realm.ldap.JndiLdapRealm</CODE>) to authenticate users against the configured LDAP store.</P><P><EM>Please go through this </EM><A href="https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.4/bk_security/content/setting_up_ldap_authentication.html" target="_blank">document link</A><EM> </EM><BR /><BR />1. Shiro Provider is Knox side code and integrated. You need not worry about it's internal and change admin.xml (Admin topology) i.e. for Knox Administrators to proper LDAP/AD related values. For general usage, use default topology for services integration.<BR />2. Read above documentation.<BR />3. Read above documentation.</P><P>4. Make a group of users, you want to give access and whitelist them using ACL.</P> Thu, 05 Apr 2018 14:30:33 GMT WhiteHa 2018-04-05T14:30:33Z https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201430#M76777 <P>I am trying to integrate Knox with Ldap but i have some doubts on the same .Please help me out . Please find below queries on the same :</P><P>1. I can see below property under /etc/knox/conf/topologies/admin.xml file </P><P>&lt;role&gt;authentication&lt;/role&gt; &lt;name&gt;ShiroProvider&lt;/name&gt; &lt;enabled&gt;true&lt;/enabled&gt;</P><P>what is shiroProvider , can we customize it ? where does it exist ldap server end or knox ?</P><P>2. value of main.ldapRealm.contextFactory.authenticationMechanism is set to Simple and in documentation it is mentioned as well Apache Knox supports only simple authentication. What does it really mean , what is here contextFactory and main.ldapRealm.contextFactory.authenticationMechanism value simple ? what does simple refer to ?</P><P>3. urls./** : authcBasic</P><P>what does it really signify </P><P>I have gone through below link below but not much understanding , please help me on this .</P><P><A href="https://developer.ibm.com/hadoop/2016/08/03/ldap-integration-with-apache-knox/" target="_blank">https://developer.ibm.com/hadoop/2016/08/03/ldap-integration-with-apache-knox/</A></P><P>4. How to deny access to the user which is present already in the main.ldapRealm.userDnTemplate .</P><P>Thanks in advance</P> Tue, 03 Apr 2018 14:27:39 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201430#M76777 amol_08 2018-04-03T14:27:39Z https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201431#M76778 <P>@Jay Kumar SenSharma</P><P>Hi jay could you please help me on this ?</P> Thu, 05 Apr 2018 01:34:02 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201431#M76778 amol_08 2018-04-05T01:34:02Z https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201432#M76779 <P><EM>@<A href="https://community.hortonworks.com/users/19322/mishraanurag643.html">Anurag Mishra</A></EM></P><P><EM>This is the ultimate reference for knox. I am sure you will get the above questions answered with examples </EM></P><P><A href="http://knox.apache.org/books/knox-0-6-0/user-guide.html#WebHDFS+Examples" target="_blank"><EM>knox_ldap</EM></A></P> Thu, 05 Apr 2018 01:57:58 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201432#M76779 Shelton 2018-04-05T01:57:58Z https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201433#M76780 <P><EM> @<A href="https://community.hortonworks.com/users/19322/mishraanurag643.html">Anurag Mishra</A></EM></P><P><EM>If your question got answered or resolved by that link please <STRONG>"Accept"</STRONG> and close this thread .</EM></P><P><EM>Thank you</EM></P> Thu, 05 Apr 2018 14:26:35 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201433#M76780 Shelton 2018-04-05T14:26:35Z https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201434#M76781 <P><EM>@<A href="https://community.hortonworks.com/users/19322/mishraanurag643.html">Anurag Mishra</A> </EM>LDAP authentication is configured by adding a "ShiroProvider" authentication provider to the cluster's topology file. When enabled, the Knox Gateway uses Apache Shiro (<CODE>org.apache.shiro.realm.ldap.JndiLdapRealm</CODE>) to authenticate users against the configured LDAP store.</P><P><EM>Please go through this </EM><A href="https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.4/bk_security/content/setting_up_ldap_authentication.html" target="_blank">document link</A><EM> </EM><BR /><BR />1. Shiro Provider is Knox side code and integrated. You need not worry about it's internal and change admin.xml (Admin topology) i.e. for Knox Administrators to proper LDAP/AD related values. For general usage, use default topology for services integration.<BR />2. Read above documentation.<BR />3. Read above documentation.</P><P>4. Make a group of users, you want to give access and whitelist them using ACL.</P> Thu, 05 Apr 2018 14:30:33 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/knox-Ldap-integration/m-p/201434#M76781 WhiteHa 2018-04-05T14:30:33Z