I am using Apache Drill terminal interface (sqlline) to query various sources like hdfs (with dfs storage plugin). I have enabled impersonation property and Kerberos authentication and when I connect to
Drill (./sqlline -u "jdbc:drill:zk=<zookeper_quorum:port>;auth=kerberos") and execute a simple query which requires impersonation (show schemas;) it is failing with the error :
Error: Failure getting metadata: RESOURCE ERROR: Failed to create schema tree.
IOException: User: drill/primary#REALM is not allowed to impersonate
[Hint: Username is absent in connection URL or doesn't exist on Drillbit node. Please specify a username in connection URL which is present on Drillbit node.]
Any insights on what might be wrong ? The drillbit logs show the same error
Related
Hello
i am working on the IBM webseal authentication. i want to implement the webseal authentication into my application.
while configuring the runtime component i am getting the following error.
Unable to verify the management domain location DN in the
LDAP server: (secAuthority=Default).
If the location does not exist on the server, create it,
otherwise specify a different location that does exist.
Error: DPWAP0003I An error occurred while executing the command: /opt/PolicyDirector/sbin/PDMgr_config -s TRUE -y no -v TRUE -d CN=jony mittal,OU=dev,DC=dgad,DC=com -w XXXX -L 389 -C fips -D Default -m XXXX -l 1460 (0x1)
anyone please help me to resolve this issue.
thanks
When you are configuring ISAM/ISVA PD runtime, PDMgr_config will deploy its registry into your LDAP directory server. This requires modifying the schema of the LDAP server. To do this, it requires administrator rights on the directory. Commonly this will be an account such as cn=root, cn=admin, cn=DM, etc. depending on your directory server.
I believe what may work better for you, if you are configuring ISAM from scratch, is likely deploy using the internal/embedded LDAP. When configuring the runtime choose the local LDAP server option. You can set the credentials on the local/embedded LDAP server on the tab where you configure the runtime. Just set a password on it, then feed that password into the runtime configuration.
Then, if you are needing to tie into another directory, which I expect is the case since you are trying to do this now, then use basic user mode with a "federated registry" so you don't have to deploy the ISAM "registry" and hence do not have to modify the existing directory. This way you can authenticate and authorize users off an existing directory without having to modify that directory specifically to support ISAM.
Additional information here:
Embedded (local) LDAP server instructions
Configuring PD runtime
Basic user mode instructions
Setup federated repository
When I tried to access web I face this error in error log file.
[Error] SiteMinder Agent
Unable to load SiteMinder agent configuration object.
Check that you are using the right agent configuration object and that it exists in your policy server.
Seems like an ACO object corruption.
I am unable to connect http://localhost/phpmyadmin by using jmeter... i have placed mysql-connector-java-5.1.44-bin in lib folder of jmeter directory...
I am using WAMP Server
Error: Cannot create PoolableConnectionFactory (Unknown database 'phpmyadmin/')
Connection settings are as follows:
DB URL: jdbc:mysql://localhost/phpmyadmin/
JDBC Driver class: com.mysql.jdbc.Driver
Username:root
password:
It's not clear what you are trying to achieve, but you are surely confusing 2 things:
phpmyadmin is a web application. If your goal is to test that web application, you should be using HTTP Sampler. You cannot test web application using JDBC sampler.
If you want to test a database on your My SQL instance using JDBC sampler, you have to provide a name of valid database just as an error says. Typically instance of MySQL comes with a bunch of system databases, so you can use one of them, for example:
DB URL: jdbc:mysql://localhost/test
should work, since MySQL typically comes with test database pre-installed. Or you can create your own database and provide its name there.
If you want to load test phpMyAdmin web interface - remove JDBC Request sampler and switch to HTTP Request Sampler. Most probably you will also need to add a HTTP Authorization Manager configured to send the relevant credentials (default username is root with blank password, if it doesn't fit you can reset the password). See How to Use HTTP Basic Authentication in JMeter article for example Test Plan for logging into phpMyAdmin web interface
If you would like to continue playing with the JDBC Request sampler, the error you are getting states that phpmyadmin database is missing, you will need to create this database prior to attempting connecting to it using JMeter
I have an issue, I want to enable LDAP on my WAS, like in this article.
But in step number 4 (Test Connection), I always get this error message:
ErrorSECJ7340E: Exception raised trying to connect to LDAP server:
NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772]
I thought that, I must binding the connection or something related about the connection, but I don't know exactly.
Is there any solution for me?
This article talks about standalone ldap configuration. You should rather use LDAP in federated registry. Please follow this link for configuration - Configuring a single LDAP repository under Federated repositories
Based on the error you have, looks like your LDAP requires authenticated user. You need to provide bind user and bind user password.
See also:
LDAP repository settings
I am using Liferay 6.2 and I am trying to do LDAP Authentication. The LDAP Server is provided by another organization and I do not have access to any configuration, I just have credentials for a system account to look up the directory. When I try to log in Liferay with user credentials from the LDAP Server the authentication fails with the following error code:
13:54:05,738 ERROR [http-bio-8080-exec-3][LDAPAuth:341] Problem accessing LDAP server
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr:
DSID-0315270B, problem 2001 (NO_OBJECT), data 0, best match of:
'O=uni,C=de' remaining name 'ou=people,o=uni,c=de'
The same error that occurs when trying to log in with a user that does not exist in the LDAP directory. Nevertheless, the mapping still works. After trying to log in with valid user credentials there is an entry in the liferay database with the corresponding user data. Accessing Liferay is not possible though.
These are my settings in portal-ext.properties (Test LDAP connections returns success, connection settings are pseudonymised):
ldap.base.provider.url=ldaps://ldap.ldap-server
ldap.base.dn=ou=people,o=uni,c=de
ldap.security.principal=uid=prox,ou=prox,o=uni,c=de
ldap.security.credentials=secret
#auth.pipeline.enable.liferay.check=false
ldap.auth.enabled=true
ldap.auth.required=true
ldap.auth.method=bind
ldap.import.enabled=false
ldap.import.on.startup=false
ldap.import.interval=10
ldap.export.enabled=false
ldap.export.group.enabled=false
ldap.auth.search.filter=(uid=#screen_name#)
ldap.import.user.search.filter=(objectClass=inetOrgPerson)
ldap.attrs.transformer.impl=com.liferay.portal.security.ldap.DefaultAttributesTransformer
ldap.user.mappings=screenName=cn\npassword=userPassword\nfirstName=givenNam\nlastName=sn\njobTitle=title\ngroup=groupMembership
users.email.address.required=false
users.email.address.auto.suffix=#no-emailaddress.com
users.email.address.generator=com.liferay.portal.security.auth.DefaultEmailAddressGenerator
users.email.address.validator=com.liferay.portal.security.auth.DefaultEmailAddressValidator
ldap.password.policy.enabled=false
ldap.import.user.password.enabled=true
ldap.import.user.password.autogenerated=false
ldap.import.user.password.default=test
Check the FQDN on the LDAP side, including the prefixes (cn, ou, etc.), and ensure that it matches the directory configuration within Liferay.
You can try configuring it from the control panel it will be easier for you as it allows to check whether the connection is made or not. You can check the users are fetched or not and it doesnt even need a server restart.
It works now. There were two issues:
I changed ldap.base.dn=ou=people,o=uni,c=de to ldap.base.dn=o=uni,c=de and
ldap.import.user.search.filter=(objectClass=inetOrgPerson) to ldap.import.user.search.filter=(objectClass=*)