[Bug] Ldap user cannot login Doris FE UI when Doris User not exist #46281

chh3-chan · 2025-01-02T07:16:53Z

Search before asking

I had searched in the issues and found no similar issues.

Version

doris-2.1.7-rc03

What's Wrong?

Search before asking:
This doc mentioned a user log in using mysql client after LDAP is enabled, please let me know if i missed some key config/document, many thanks!!
https://doris.apache.org/docs/1.2/admin-manual/privilege-ldap/ldap#ldap-authentication-detailed-explanation

I enable Ranger and LDAP in fe.conf, like what other user does in this issue (case 3)
I got a ldap user "hoihim", and i didn't create doris user "hoihim" as well.

When I use ldap user "hoihim" to login the doris fe by mysql client, it works fine.

But when I use ldap user "hoihim" to login the doris fe by fe-ui site, it shows internal error.

log in /fe/log/fe.log didn't show any hints

RuntimeLogger 2025-01-02 07:02:51,418 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] [DEBUG] 2025-01-02 07:02:51,418 method:org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356)
RuntimeLogger 2025-01-02 07:02:51,418 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] Got Ldap context on server 'ldap://(masked_ldap_url):389'
RuntimeLogger 2025-01-02 07:02:51,419 WARN (qtp1338916567-131|131) [RestApiExceptionHandler.unexpectedExceptionHandler():61] unexpected exception
java.lang.IllegalStateException: null
        at com.google.common.base.Preconditions.checkState(Preconditions.java:496) ~[guava-32.1.2-jre.jar:?]
        at org.apache.doris.httpv2.controller.BaseController.checkPassword(BaseController.java:238) ~[doris-fe.jar:1.2-SNAPSHOT]
        at org.apache.doris.httpv2.controller.BaseController.checkWithCookie(BaseController.java:69) ~[doris-fe.jar:1.2-SNAPSHOT]
        at org.apache.doris.httpv2.controller.BaseController.checkAuthWithCookie(BaseController.java:59) ~[doris-fe.jar:1.2-SNAPSHOT]
        at org.apache.doris.httpv2.controller.LoginController.login(LoginController.java:35) ~[doris-fe.jar:1.2-SNAPSHOT]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_352-352]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_352-352]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_352-352]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_352-352]
        at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-5.3.39.jar:5.3.39]
        at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) ~[spring-web-5.3.39.jar:5.3.39]
        at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) ~[spring-webmvc-5.3.39.jar:5.3.39]
        at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:903) ~[spring-webmvc-5.3.39.jar:5.3.39]
        at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:809) ~[spring-webmvc-5.3.39.jar:5.3.39]
        at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.3.39.jar:5.3.39]
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072) ~[spring-webmvc-5.3.39.jar:5.3.39]
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965) ~[spring-webmvc-5.3.39.jar:5.3.39]
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.39.jar:5.3.39]
        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) ~[spring-webmvc-5.3.39.jar:5.3.39]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) ~[javax.servlet-api-3.1.0.jar:3.1.0]
        at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.39.jar:5.3.39]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[javax.servlet-api-3.1.0.jar:3.1.0]
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1656) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:292) ~[websocket-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.apache.doris.httpv2.interceptor.ServletTraceIterceptor.doFilter(ServletTraceIterceptor.java:55) ~[doris-fe.jar:1.2-SNAPSHOT]
        at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.39.jar:5.3.39]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.39.jar:5.3.39]
        at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.39.jar:5.3.39]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.39.jar:5.3.39]
        at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.39.jar:5.3.39]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.39.jar:5.3.39]
        at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) ~[jetty-security-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505) ~[jetty-servlet-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) ~[jetty-server-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[jetty-io-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[jetty-io-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[jetty-io-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) ~[jetty-util-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) ~[jetty-util-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) ~[jetty-util-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) ~[jetty-util-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409) ~[jetty-util-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) ~[jetty-util-9.4.56.v20240826.jar:9.4.56.v20240826]
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) ~[jetty-util-9.4.56.v20240826.jar:9.4.56.v20240826]
        at java.lang.Thread.run(Thread.java:750) ~[?:1.8.0_352-352]
RuntimeLogger 2025-01-02 07:02:51,420 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] [DEBUG] 2025-01-02 07:02:51,420 method:org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:785)
RuntimeLogger 2025-01-02 07:02:51,420 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] write(array HeapByteBuffer@4ae21207[p=0,l=57,c=8000,r=57]={<<<{"msg":"Internal Error","...,"data":null,"count":0}>>>"total_ba...\x00\x00\x00\x00\x00\x00\x00})
RuntimeLogger 2025-01-02 07:02:51,420 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] [DEBUG] 2025-01-02 07:02:51,420 method:org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:843)
RuntimeLogger 2025-01-02 07:02:51,420 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] write(array) s=OPEN,api=BLOCKING,sc=false,e=null aggregated !flush DirectByteBuffer@9259583[p=0,l=57,c=32768,r=57]={<<<{"msg":"Internal Error","...,"data":null,"count":0}>>>"total_ba...\x00\x00\x00\x00\x00\x00\x00}
RuntimeLogger 2025-01-02 07:02:51,420 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] [DEBUG] 2025-01-02 07:02:51,420 method:org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:986)
RuntimeLogger 2025-01-02 07:02:51,420 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] sendResponse info=null content=DirectByteBuffer@9259583[p=0,l=57,c=32768,r=57]={<<<{"msg":"Internal Error","...,"data":null,"count":0}>>>"total_ba...\x00\x00\x00\x00\x00\x00\x00} complete=false committing=true callback=Blocker@306a21a4{null}
RuntimeLogger 2025-01-02 07:02:51,421 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] [DEBUG] 2025-01-02 07:02:51,420 method:org.eclipse.jetty.server.HttpChannel.commit(HttpChannel.java:1044)
RuntimeLogger 2025-01-02 07:02:51,421 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] COMMIT for /rest/v1/login on HttpChannelOverHttp@2ff17757{s=HttpChannelState@3804df39{s=HANDLING rs=BLOCKING os=COMMITTED is=IDLE awp=false se=false i=true al=0},r=1,c=false/false,a=HANDLING,uri=<doris_domain>:80/rest/v1/login,age=102}
RuntimeLogger 2025-01-02 07:02:51,421 INFO (qtp1338916567-131|131) [StreamEncoder.writeBytes():221] 200 null HTTP/1.1

And I cannot create Doris User "hoihim" since I enable both Ranger and LDAP too.

What You Expected?

ldap user can login the doris fe by fe-ui site while no doris user created

How to Reproduce?

No response

Anything Else?

No response

Are you willing to submit PR?

Yes I am willing to submit a PR!

Code of Conduct

I agree to follow this project's Code of Conduct

The text was updated successfully, but these errors were encountered:

ixzc · 2025-01-04T14:16:56Z

Doris WEBUI only support admin and root user.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] Ldap user cannot login Doris FE UI when Doris User not exist #46281

[Bug] Ldap user cannot login Doris FE UI when Doris User not exist #46281

chh3-chan commented Jan 2, 2025 •

edited

Loading

ixzc commented Jan 4, 2025 •

edited

Loading

[Bug] Ldap user cannot login Doris FE UI when Doris User not exist #46281

[Bug] Ldap user cannot login Doris FE UI when Doris User not exist #46281

Comments

chh3-chan commented Jan 2, 2025 • edited Loading

Search before asking

Version

What's Wrong?

What You Expected?

How to Reproduce?

Anything Else?

Are you willing to submit PR?

Code of Conduct

ixzc commented Jan 4, 2025 • edited Loading

chh3-chan commented Jan 2, 2025 •

edited

Loading

ixzc commented Jan 4, 2025 •

edited

Loading