maybe you can list the created ACLs and cross-check the permissions. On Thu, Oct 5, 2017 at 9:51 AM, Ted Yu <yuzhih...@gmail.com> wrote:
> From the example off: > https://cwiki.apache.org/confluence/display/KAFKA/ > Kafka+Authorization+Command+Line+Interface > > it seems following 'User:', the formation is te...@example.com > > Can you double check ? > > On Wed, Oct 4, 2017 at 8:55 PM, Awadhesh Gupta <awadhesh.in...@gmail.com> > wrote: > > > Hi, > > > > I am working on Kafka Authorization using Kafka-ACL. I had enabled the > > aithorization configuring following in server.properties file > > > > authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer > > super.users=User:CN=pxrdc.myhost.com > > > > I executed following command to add ACL on topic test > > > > ./bin/kafka-acls.sh --authorizer > > kafka.security.auth.SimpleAclAuthorizer –authorizer-properties > > zookeeper.connect=localhost:12181 \ > > –add –allow-principal User:CN=pxrdc.myhost.com \ > > --operation All –topic test > > > > Now, when I publish messages to Kafkabroker, I am getting following error > > > > $ bin/sasl-kafka-console-producer.sh --broker-list localhost:19092 > --topic > > test --producer.config config/client-sasl.properties > > >message1 > > [2017-10-05 16:09:52,001] WARN Error while fetching metadata with > > correlation id 1 : {test=UNKNOWN_TOPIC_OR_PARTITION} > > (org.apache.kafka.clients.NetworkClient) > > [2017-10-05 16:09:52,001] WARN Error while fetching metadata with > > correlation id 3 : {test=UNKNOWN_TOPIC_OR_PARTITION} > > (org.apache.kafka.clients.NetworkClient) > > > > > > If I open kafka-authorizer.log, I am seeing error for the same User to > not > > have access of Principal "User:CN=pxrdc.myhost.com" > > > > Want to understand if any specific configuration also needs to be added > to > > make it work. > > > > Thanks' > > Awadhesh > > >
