Reply
New Contributor
Posts: 2
Registered: ‎02-03-2019

LDAP role mapping issue

I'm having problems using LDAP authentication with Director 6.x.x

Our users are under an LDAP group called 'R&D' so I've put the following line in the server configuration (alongside all the other needed LDAP configuration):

lp.security.ldapConfig.activeDirectory.roleMapping.R&D: ADMIN

 

But Director tries to map a group named RD to the ADMIN role (ignores the &), and thus returning 'forbidden' on login attempts:

INFO  [main] - - - - - c.c.launchpad.config.SecurityConfig: Overriding roleMapping={RD=ADMIN} (default={RD=ADMIN})

 

I've tested authentication with a temporary group named 'RnD' instead, and everything works as expected.

 

Is there any way to escape the '&' character in the configuration file?

Highlighted
Cloudera Employee
Posts: 88
Registered: ‎02-18-2014

Re: LDAP role mapping issue

Hello Liran,

 

My guess is that Spring Boot, which Altus Director uses extensively, is stripping out the ampersand when reading the last component of the property key, "R&D". According to Spring documentation, it should be possible to surround the key value with square brackets to preserve all of the characters.

 

https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html

 

So, hopefully one of these alternatives works:

 

[lp.security.ldapConfig.activeDirectory.roleMapping.R&D]: ADMIN
# or
lp.security.ldapConfig.activeDirectory.roleMapping.[R&D]: ADMIN
New Contributor
Posts: 2
Registered: ‎02-03-2019

Re: LDAP role mapping issue

@Bill HavankiThank you very much!

 

Using the following worked as expected:

lp.security.ldapConfig.activeDirectory.roleMapping.[R&D]: ADMIN