Password decrypting and LDAP

Österlund Berry Mon, 23 Jan 2017 22:39:06 -0800

Hello

I'm trying to connect out Kylin installation to an LDAP server, as we are 
required to have that before we put any solution into production. But I'm 
facing a problem. When I start Kylin, this is what I get in the log.


2017-01-24 07:12:06,110 WARN  [localhost-startStop-1] 
support.XmlWebApplicationContext:487 : Exception encountered during context 
initialization - cancelling refresh attempt: 
org.springframework.beans.factory.BeanDefinitionStoreException: Invalid bean 
definition with name 'ldapSource' defined in class path resource 
[kylinSecurity.xml]: Input length must be multiple of 16 when decrypting with 
padded cipher; nested exception is java.lang.RuntimeException: Input length 
must be multiple of 16 when decrypting with padded cipher
2017-01-24 07:12:06,111 ERROR [localhost-startStop-1] context.ContextLoader:331 
: Context initialization failed
org.springframework.beans.factory.BeanDefinitionStoreException: Invalid bean 
definition with name 'ldapSource' defined in class path resource 
[kylinSecurity.xml]: Input length must be multiple of 16 when decrypting with 
padded cipher; nested exception is java.lang.RuntimeException: Input length 
must be multiple of 16 when decrypting with padded cipher
        at 
org.springframework.beans.factory.config.PlaceholderConfigurerSupport.doProcessProperties(PlaceholderConfigurerSupport.java:209)
        at 
org.springframework.beans.factory.config.PropertyPlaceholderConfigurer.processProperties(PropertyPlaceholderConfigurer.java:222)
        at 
org.springframework.beans.factory.config.PropertyResourceConfigurer.postProcessBeanFactory(PropertyResourceConfigurer.java:84)
        at 
org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:699)
        at 
org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:674)
        at 
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:461)
        at 
org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
        at 
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
        at 
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
        at 
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5068)
        at 
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5584)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
        at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
        at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
        at 
org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1092)
        at 
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1984)
        at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.RuntimeException: Input length must be multiple of 16 when 
decrypting with padded cipher
        at 
org.apache.kylin.rest.security.PasswordPlaceholderConfigurer.decrypt(PasswordPlaceholderConfigurer.java:84)
        at 
org.apache.kylin.rest.security.PasswordPlaceholderConfigurer.resolvePlaceholder(PasswordPlaceholderConfigurer.java:90)
        at 
org.springframework.beans.factory.config.PropertyPlaceholderConfigurer.resolvePlaceholder(PropertyPlaceholderConfigurer.java:162)
        at 
org.springframework.beans.factory.config.PropertyPlaceholderConfigurer$PropertyPlaceholderConfigurerResolver.resolvePlaceholder(PropertyPlaceholderConfigurer.java:272)
        at 
org.springframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:146)
        at 
org.springframework.util.PropertyPlaceholderHelper.replacePlaceholders(PropertyPlaceholderHelper.java:125)
        at 
org.springframework.beans.factory.config.PropertyPlaceholderConfigurer$PlaceholderResolvingStringValueResolver.resolveStringValue(PropertyPlaceholderConfigurer.java:257)
        at 
org.springframework.beans.factory.config.BeanDefinitionVisitor.resolveStringValue(BeanDefinitionVisitor.java:282)
        at 
org.springframework.beans.factory.config.BeanDefinitionVisitor.resolveValue(BeanDefinitionVisitor.java:204)
        at 
org.springframework.beans.factory.config.BeanDefinitionVisitor.visitPropertyValues(BeanDefinitionVisitor.java:141)
        at 
org.springframework.beans.factory.config.BeanDefinitionVisitor.visitBeanDefinition(BeanDefinitionVisitor.java:82)
        at 
org.springframework.beans.factory.config.PlaceholderConfigurerSupport.doProcessProperties(PlaceholderConfigurerSupport.java:206)
        ... 21 more
Caused by: javax.crypto.IllegalBlockSizeException: Input length must be 
multiple of 16 when decrypting with padded cipher
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:934)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845)
        at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
       at javax.crypto.Cipher.doFinal(Cipher.java:2165)
        at 
org.apache.kylin.rest.security.PasswordPlaceholderConfigurer.decrypt(PasswordPlaceholderConfigurer.java:81)



This is the ldap part of the configuration file
ldap.server=ldap://<FULL HOSTNAME>:389
ldap.username=<FULL DN TO USER>
ldap.password=70tIoIdndG4eYPU5XWsqxNZZ9VlKAwKj19JR6vfEphw=

# LDAP user account directory;
ldap.user.searchBase=<VALID DN>
ldap.user.searchPattern=(memberOf=<VALID GROUP>)
ldap.user.groupSearchBase=<GROUP SEARCH BASE>

All parameters are used in other LDAP integrations (Like SSSD, Ambari, Ranger, 
Atlas....) so I know that those are right. I got the hashed password by running 
this command. By the way, the 
org.apache.kylin.rest.security.PasswordPlaceholderConfigurer class gets 
classNotFound exception if I run it with Java 1.8. Just so you know.... 1.7 
works better

cd /opt/kylin-1.6.0/tomcat/webapps/kylin/WEB-INF/lib
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.x86_64/bin/java 
-classpath 
kylin-server-base-1.6.0.jar:spring-beans-3.2.17.RELEASE.jar:spring-core-3.2.17.RELEASE.jar:commons-codec-1.7.jar
 org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES <PASSWORD 18 
CHARS LONG>

If I understand everything correctly, Kylin is executed with the Java versions 
that HBase is running. And the version I have is 1.8.0_112
Can anybody give me some info on how to solve this problem? I really like to 
install Kylin on our production servers so I can play with real data

Best Regards
Berry Österlund
Sweden

Password decrypting and LDAP

Reply via email to