ldap users accessing knox

amol_08 · ‎04-02-2018

I change some of properties in admin.xml file to sync with ldap users but I have doubt once ldap user is synced under some ou then under its all the user would be able to access know but I want to give access to some of the users only.

Is there some file in knox in which after adding the users those users only would be able to access know or would be able to different services via know .

I can see below property in the xml file :

<provider>
                <role>authentication</role>
                <name>ShiroProvider</name>
                <enabled>true</enabled>

<param>

here authentication is set to ShiroProvider , is there some shiro files in the knox where we can add the users and these users would be able to access via knox ?

gcunha · ‎04-03-2018

Hi @Anurag Mishra,

Knox doesn't sync users or groups, it queries the LDAP every time a user logs in to Knox.

If I understood correctly your question, you can achieve user access control via Ranger to the different services that Knox supports.

Nevertheless, you can also limit the LDAP query that Knox does via OU, DC, etc. check the example below:

https://knox.apache.org/books/knox-0-12-0/user-guide.html#Advanced+LDAP+Authentication

Also, you can limit the access to certain services via "proxyuser".

Gonçalo