Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

knox/Ldap integration

Labels:
avatar
author-rank amol_08
Guru

Created ‎04-03-2018 07:27 AM

I am trying to integrate Knox with Ldap but i have some doubts on the same .Please help me out . Please find below queries on the same :

1. I can see below property under /etc/knox/conf/topologies/admin.xml file

<role>authentication</role> <name>ShiroProvider</name> <enabled>true</enabled>

what is shiroProvider , can we customize it ? where does it exist ldap server end or knox ?

2. value of main.ldapRealm.contextFactory.authenticationMechanism is set to Simple and in documentation it is mentioned as well Apache Knox supports only simple authentication. What does it really mean , what is here contextFactory and main.ldapRealm.contextFactory.authenticationMechanism value simple ? what does simple refer to ?

3. urls./** : authcBasic

what does it really signify

I have gone through below link below but not much understanding , please help me on this .

https://developer.ibm.com/hadoop/2016/08/03/ldap-integration-with-apache-knox/

4. How to deny access to the user which is present already in the main.ldapRealm.userDnTemplate .

Thanks in advance

2,751 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎04-05-2018 07:30 AM

@Anurag Mishra LDAP authentication is configured by adding a "ShiroProvider" authentication provider to the cluster's topology file. When enabled, the Knox Gateway uses Apache Shiro (org.apache.shiro.realm.ldap.JndiLdapRealm) to authenticate users against the configured LDAP store.

Please go through this document link

1. Shiro Provider is Knox side code and integrated. You need not worry about it's internal and change admin.xml (Admin topology) i.e. for Knox Administrators to proper LDAP/AD related values. For general usage, use default topology for services integration.
2. Read above documentation.
3. Read above documentation.

4. Make a group of users, you want to give access and whitelist them using ACL.

View solution in original post

2,235 Views
4 REPLIES 4

avatar
author-rank amol_08
Guru

Created ‎04-04-2018 06:34 PM

@Jay Kumar SenSharma

Hi jay could you please help me on this ?

2,235 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎04-04-2018 06:57 PM

@Anurag Mishra

This is the ultimate reference for knox. I am sure you will get the above questions answered with examples

knox_ldap

2,235 Views

avatar
author-rank Shelton
Master Mentor

Created ‎04-05-2018 07:26 AM

@Anurag Mishra

If your question got answered or resolved by that link please "Accept" and close this thread .

Thank you

2,235 Views
0 Kudos

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎04-05-2018 07:30 AM

@Anurag Mishra LDAP authentication is configured by adding a "ShiroProvider" authentication provider to the cluster's topology file. When enabled, the Knox Gateway uses Apache Shiro (org.apache.shiro.realm.ldap.JndiLdapRealm) to authenticate users against the configured LDAP store.

Please go through this document link

1. Shiro Provider is Knox side code and integrated. You need not worry about it's internal and change admin.xml (Admin topology) i.e. for Knox Administrators to proper LDAP/AD related values. For general usage, use default topology for services integration.
2. Read above documentation.
3. Read above documentation.

4. Make a group of users, you want to give access and whitelist them using ACL.

2,236 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements