ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject LDAP authentication
Date Thu, 15 Dec 2016 11:03:45 GMT
Hi all,

I've been experimenting with LDAP authentication with the Admin web app a
bit. It's fairly straightforward getting authentication to work. However,
what I'm wondering is if there is any way to automatically assign an
"admin" role to such a user?

The group/role configuration seems to be discarded by the code in
RangerAuthenticationProvider, which ends up setting the granted authorities
by calling "userMgr.getRolesByLoginId". However, as the userMgr object does
not know about this user (which is in LDAP) it never returns an admin role.

IMO there is a bug in the RangerAuthenticationProvider in that it should
check a configuration option for a list of groups that can be assigned
"Admin" roles, and if the authenticated user is a member of such a group,
then it is granted "ADMIN_ROLE".

WDYT or am I missing something?

Colm.


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message