Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

ldap users accessing knox

Highlighted

ldap users accessing knox

I change some of properties in admin.xml file to sync with ldap users but I have doubt once ldap user is synced under some ou then under its all the user would be able to access know but I want to give access to some of the users only.

Is there some file in knox in which after adding the users those users only would be able to access know or would be able to different services via know .

I can see below property in the xml file :

<provider>
                <role>authentication</role>
                <name>ShiroProvider</name>
                <enabled>true</enabled> 

<param>

here authentication is set to ShiroProvider , is there some shiro files in the knox where we can add the users and these users would be able to access via knox ?

1 REPLY 1

Re: ldap users accessing knox

Contributor

Hi @Anurag Mishra,

Knox doesn't sync users or groups, it queries the LDAP every time a user logs in to Knox.

If I understood correctly your question, you can achieve user access control via Ranger to the different services that Knox supports.

Nevertheless, you can also limit the LDAP query that Knox does via OU, DC, etc. check the example below:

https://knox.apache.org/books/knox-0-12-0/user-guide.html#Advanced+LDAP+Authentication

Also, you can limit the access to certain services via "proxyuser".

Gonçalo

Don't have an account?
Coming from Hortonworks? Activate your account here