[GitHub] zeppelin pull request #2414: [ZEPPELIN-2657] Add group search filter option ...

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] zeppelin pull request #2414: [ZEPPELIN-2657] Add group search filter option ...

prabhjyotsingh
GitHub user VipinRathor opened a pull request:

    https://github.com/apache/zeppelin/pull/2414

    [ZEPPELIN-2657] Add group search filter option to LdapRealm

    ### What is this PR for?
    Problem:
    While performing LDAP authentication, current Shiro module does a group=* search while trying to get group-to-role mapping for any LDAP user. On a large LDAP directory, this is a serious problem which might render RolesByGroup feature not working as expected.
   
    Fix:
    Currently while doing LDAP authentication, there is no available option to limit the group search results to the only groups that user is interested in. This bug addresses the same and adds group search filter to Shiro configuration for LdapRealm which will allow user to define a search filter and limit the group search results.
   
   
    ### What type of PR is it?
    Improvement
   
   
    ### What is the Jira issue?
    * [ZEPPELIN-2657] https://issues.apache.org/jira/browse/ZEPPELIN-2657
   
   
    ### How should this be tested?
    1. Use org.apache.zeppelin.realm.LdapRealm as Shiro realm
    2. In the shiro_ini configruation, define a group search filter like this:
    ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(member={0}))
    or
    ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(cn=zeppelin-users*))
    3. Also define other LdapRealm parameters as necessary like rolesByGroup etc.
    4. When an LDAP user, who is part of the group that matches filter above, logs in, then the roles are applied. If the LDAP user is not part these defined groups, then the roles are not applied.
   
    ### Questions:
    * Does the licenses files need update? N/A
    * Is there breaking changes for older versions? N/A
    * Does this needs documentation? N/A


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/VipinRathor/zeppelin ZEPPELIN-2657

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2414.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2414
   
----
commit 1ef7d6413af8bfefcbeeac33f3a0b33411f479c7
Author: Vipin Rathor <[hidden email]>
Date:   2017-06-15T19:13:21Z

    ZEPPELIN-2657 Add group search filter option to LdapRealm
   
    This commit adds a new option to LdapReam to limit group search in LDAP.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] zeppelin issue #2414: [ZEPPELIN-2657] Add group search filter option to Ldap...

prabhjyotsingh
Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/2414
 
    @VipinRathor can you setup your Travis for this? https://zeppelin.apache.org/contribution/contributions.html#continuous-integration


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] zeppelin issue #2414: [ZEPPELIN-2657] Add group search filter option to Ldap...

prabhjyotsingh
In reply to this post by prabhjyotsingh
Github user VipinRathor commented on the issue:

    https://github.com/apache/zeppelin/pull/2414
 
    @gss2002 & @weand,
    Can you please help with review? Thanks.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] zeppelin pull request #2414: [ZEPPELIN-2657] Add group search filter option ...

prabhjyotsingh
In reply to this post by prabhjyotsingh
Github user VipinRathor closed the pull request at:

    https://github.com/apache/zeppelin/pull/2414


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] zeppelin pull request #2414: [ZEPPELIN-2657] Add group search filter option ...

prabhjyotsingh
In reply to this post by prabhjyotsingh
GitHub user VipinRathor reopened a pull request:

    https://github.com/apache/zeppelin/pull/2414

    [ZEPPELIN-2657] Add group search filter option to LdapRealm

    ### What is this PR for?
    Problem:
    While performing LDAP authentication, current Shiro module does a group=* search while trying to get group-to-role mapping for any LDAP user. On a large LDAP directory, this is a serious problem which might render RolesByGroup feature not working as expected.
   
    Fix:
    Currently while doing LDAP authentication, there is no available option to limit the group search results to the only groups that user is interested in. This bug addresses the same and adds group search filter to Shiro configuration for LdapRealm which will allow user to define a search filter and limit the group search results.
   
   
    ### What type of PR is it?
    Improvement
   
   
    ### What is the Jira issue?
    * [ZEPPELIN-2657] https://issues.apache.org/jira/browse/ZEPPELIN-2657
   
   
    ### How should this be tested?
    1. Use org.apache.zeppelin.realm.LdapRealm as Shiro realm
    2. In the shiro_ini configruation, define a group search filter like this:
    ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(member={0}))
    or
    ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(cn=zeppelin-users*))
    3. Also define other LdapRealm parameters as necessary like rolesByGroup etc.
    4. When an LDAP user, who is part of the group that matches filter above, logs in, then the roles are applied. If the LDAP user is not part these defined groups, then the roles are not applied.
   
    ### Questions:
    * Does the licenses files need update? N/A
    * Is there breaking changes for older versions? N/A
    * Does this needs documentation? N/A


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/VipinRathor/zeppelin ZEPPELIN-2657

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2414.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2414
   
----
commit ba0412c8bcc57dd8e8efb25419c151c6b699d74d
Author: Vipin Rathor <[hidden email]>
Date:   2017-06-15T19:13:21Z

    ZEPPELIN-2657 Add group search filter option to LdapRealm
   
    This commit adds a new option to LdapReam to limit group search in LDAP.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] zeppelin issue #2414: [ZEPPELIN-2657] Add group search filter option to Ldap...

prabhjyotsingh
In reply to this post by prabhjyotsingh
Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/2414
 
    Tried on local LGTM.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] zeppelin issue #2414: [ZEPPELIN-2657] Add group search filter option to Ldap...

prabhjyotsingh
In reply to this post by prabhjyotsingh
Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/2414
 
    Merging this if no more discussion.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] zeppelin pull request #2414: [ZEPPELIN-2657] Add group search filter option ...

prabhjyotsingh
In reply to this post by prabhjyotsingh
Github user asfgit closed the pull request at:

    https://github.com/apache/zeppelin/pull/2414


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---