Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

LDAP role mapping issue

Highlighted

LDAP role mapping issue

New Contributor

I'm having problems using LDAP authentication with Director 6.x.x

Our users are under an LDAP group called 'R&D' so I've put the following line in the server configuration (alongside all the other needed LDAP configuration):

lp.security.ldapConfig.activeDirectory.roleMapping.R&D: ADMIN

 

But Director tries to map a group named RD to the ADMIN role (ignores the &), and thus returning 'forbidden' on login attempts:

INFO  [main] - - - - - c.c.launchpad.config.SecurityConfig: Overriding roleMapping={RD=ADMIN} (default={RD=ADMIN})

 

I've tested authentication with a temporary group named 'RnD' instead, and everything works as expected.

 

Is there any way to escape the '&' character in the configuration file?

2 REPLIES 2

Re: LDAP role mapping issue

Expert Contributor

Hello Liran,

 

My guess is that Spring Boot, which Altus Director uses extensively, is stripping out the ampersand when reading the last component of the property key, "R&D". According to Spring documentation, it should be possible to surround the key value with square brackets to preserve all of the characters.

 

https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html

 

So, hopefully one of these alternatives works:

 

[lp.security.ldapConfig.activeDirectory.roleMapping.R&D]: ADMIN
# or
lp.security.ldapConfig.activeDirectory.roleMapping.[R&D]: ADMIN

Re: LDAP role mapping issue

New Contributor

@Bill HavankiThank you very much!

 

Using the following worked as expected:

lp.security.ldapConfig.activeDirectory.roleMapping.[R&D]: ADMIN

 

Don't have an account?
Coming from Hortonworks? Activate your account here