tchiotludo
commented
3 years ago Can you share the configuration files please to have a direct reproduction please ?
Closed apellegr06 closed 3 years ago
tchiotludo
commented
3 years ago Can you share the configuration files please to have a direct reproduction please ?
apellegr06
commented
3 years ago Here is my config :
micronaut:
server:
port: 8081
security:
enabled: true
ldap:
default:
enabled: true
context:
server: 'ldaps://xxxxxxxxxx:636'
managerDn: 'uid=xxxxxxxxxx,ou=xxxxxxxxxxxxxx,dc=xxxxxxxxx,dc=xx'
managerPassword: 'xxxxxxx'
search:
base: 'dc=xxxxxxxxx,dc=xx'
groups:
enabled: true
base: 'ou=xxxxx,dc=xxxxxxxxx,dc=xx'
akhq:
server:
base-path: "" # if behind a reverse proxy, path to kafkahq without trailing slash (optional). Example: kafkahq is
# behind a reverse proxy with url http://my-server/kafkahq, set base-path: "/kafkahq".
# Not needed if you're behind a reverse proxy with subdomain http://kafkahq.my-server/
access-log: # Access log configuration (optional)
enabled: true # true by default
name: org.akhq.log.access # Logger name
format: "[Date: {}] [Duration: {} ms] [Url: {} {}] [Status: {}] [Ip: {}] [User: {}]" # Logger format
# default kafka properties for each clients, available for admin / producer / consumer (optional)
clients-defaults:
consumer:
properties:
isolation.level: read_committed
default.api.timeout.ms: 60000
# list of kafka cluster available for kafkahq
connections:
# ---- [ ADD CLUSTER CONNECTION AFTER THIS LINE ] ----
XXXXXXXXXXXXX:
properties:
bootstrap.servers: "xxxxxxxxxxxxxxxxxxxxxx"
security.protocol: SASL_PLAINTEXT
sasl.jaas.config: com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="xxxxxxxxxxxx" storeKey=true useTicketCache=false serviceName="kafka" principal="xxxxxx";
pagination:
page-size: 25 # number of elements per page (default : 25)
threads: 16 # Number of parallel threads to resolve page
# Topic list display options (optional)
topic:
retention: 172800000 # default retention period when creating topic
partition: 3 # default number of partition when creating topic
replication: 3 # default number of replicas when creating topic
internal-regexps: # list of regexp to be considered as internal (internal topic can't be deleted or updated)
- "^_.*$"
- "^.*_schemas$"
- "^.*connect-config$"
- "^.*connect-offsets$1"
- "^.*connect-status$"
stream-regexps: # list of regexp to be considered as internal stream topic
- "^.*-changelog$"
- "^.*-repartition$"
- "^.*-rekey$"
skip-consumer-groups: false # Skip loading consumer group information when showing topics
skip-last-record: false # Skip loading last record date information when showing topics
# Topic display data options (optional)
topic-data:
size: 50 # max record per page (default: 50)
poll-timeout: 1000 # The time, in milliseconds, spent waiting in poll if data is not available in the buffer.
# Ui Global Options (optional)
ui-options:
topic:
default-view: HIDE_INTERNAL # default list view (ALL, HIDE_INTERNAL, HIDE_INTERNAL_STREAM, HIDE_STREAM). Overrides default
skip-consumer-groups: false # Skip loading consumer group information when showing topics. Overrides default
skip-last-record: true # Skip loading last record date information when showing topics. Overrides default
topic-data:
sort: NEWEST # default sort order (OLDEST, NEWEST) (default: OLDEST). Overrides default
# Auth & Roles (optional)
security:
default-group: no-roles # Default groups for all the user even unlogged user
# Groups definition
groups:
- name: admin # Group name
roles: # roles for the group
- topic/read
- topic/insert
- topic/delete
- topic/config/update
- node/read
- topic/data/read
- topic/data/insert
- topic/data/delete
- group/read
- group/delete
- group/offsets/update
attributes:
# Regexp to filter topic available for group
topics-filter-regexp: ".*"
- name: exploit # Group name
roles: # roles for the group
- topic/read
- node/read
- topic/data/read
- group/read
attributes:
# Regexp to filter topic available for group
topics-filter-regexp: "TOPIC.EXPLOIT.001"
# Basic auth configuration
basic-auth:
- username: admin
password: 7163948be1bf17e36c189ed4548962026ac45f65c4d0004a698d53730baa5197
groups:
- no-groups
# Ldap Groups configuration (when using ldap)
ldap:
groups:
- name: gr_admin
groups:
- admin
- name: gr_exploit
groups:
- exploit
Please format or join as file please
apellegr06
commented
3 years ago it's now formatted
apellegr06
commented
3 years ago Very strange, without changing nothing sometimes I succeed to connect ! And after disconnecting it doesn't work again
tchiotludo
commented
3 years ago Can you try with last dev version please ?
I think you are hitting this issue #526
apellegr06
commented
3 years ago Yes I can, but I think I have to change the format of my yml file no ? If it's the case, I don't understand the new format.
tchiotludo
commented
3 years ago Yes, the same than before a map of groups instead of list of groups, like at the application example there is admin group for example
apellegr06
commented
3 years ago I test the dev version after adapting the config file but the behavior is the same. I will try to target the problem in the config file because it seems to be not so simple as I said.
apellegr06
commented
3 years ago I have a clue, maybe the length of the field topics-filter-regexp. What is the limit for this field ?
tchiotludo
commented
3 years ago no limits as I know :thinking:
apellegr06
commented
3 years ago It seems yes, I made several test and with 2636 characters it's ok, after not
apellegr06
commented
3 years ago is there a possibility to define a list of regex instead of a long unique one ?
tchiotludo
commented
3 years ago Strange behaviour here !
Can you try with multiline string ? https://yaml-multiline.info/ with a >- ?
apellegr06
commented
3 years ago If I put :
topics-filter-regexp: >- TOPIC1| TOPIC2
Only the TOPIC1 is available
tchiotludo
commented
3 years ago don't use enter, just trying with | because I think there is no limit on size
apellegr06
commented
3 years ago like that ?
topics-filter-regexp: "TOPIC1|TOPIC2"
tchiotludo
commented
3 years ago like that :
topics-filter-regexp: >-
TOPIC1|TOPIC2OK, so it's working with 2 topics but when I put the problematic line I obtain the same error
apellegr06
commented
3 years ago I don't have this problem in 0.12.0
tchiotludo
commented
3 years ago What is the exact error ? Can you share the topics-filter-regexp you are trying to have ?
apellegr06
commented
3 years ago When I'm on login page and click on "Login", I got "Wrong Username or Password", but it's the good one. It occurs only when the topics-filter-regexp of my ldap family have a value longer than 2636. And the regex is like that : "TOPIC1|TOPIC2|TOPIC2......"
tchiotludo
commented
3 years ago I have made some try to reproduce your issue and I'm not able. Can you make a new try with dev version please ? There is a fix maybe on that ? If it's not working, please send me a configuration files please.
apellegr06
commented
3 years ago Hi,
I finally install the last version of akhq (0.17.0) to do more testing and I still have the same issue. I succeed to do a light minimal configuration file to reproduce the behaviour :
micronaut:
ssl:
enabled: true
port: 8082
key-store:
path: file:yyyyyyy.p12
password: xxxxxxx
type: JKS
security:
enabled: true
akhq:
server:
base-path: ""
access-log:
enabled: true
name: org.kafkahq.log.access
format: "[Date: {}] [Duration: {} ms] [Url: {} {} {}] [Status: {}] [Ip: {}] [Length: {}] [Port: {}]"
clients-defaults:
consumer:
properties:
isolation.level: read_committed
default.api.timeout.ms: 60000
connections:
test:
properties:
bootstrap.servers: hostname:port
security.protocol: PLAINTEXT
pagination:
page-size: 25
threads: 16
topic:
retention: 172800000
partition: 3
replication: 3
default-view: HIDE_INTERNAL
internal-regexps:
- "^_.*$"
- "^.*_schemas$"
- "^.*connect-config$"
- "^.*connect-offsets$1"
- "^.*connect-status$"
stream-regexps:
- "^.*-changelog$"
- "^.*-repartition$"
- "^.*-rekey$"
topic-data:
sort: OLDEST
size: 50
poll-timeout: 1000
security:
default-group: admin
groups:
test1:
name: test1
roles:
- topic/read
- group/read
- topic/data/read
- topic/data/insert
- group/offsets/update
attributes:
topics-filter-regexp: "TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST"
test2:
name: test2
roles:
- topic/read
- group/read
- topic/data/read
- topic/data/insert
- group/offsets/update
attributes:
topics-filter-regexp: "TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST"
basic-auth:
- username: admin1
password: zzzzzzzz
groups:
- test1
- username: admin2
password: zzzzzzzz
groups:
- test2
With this configuration, if I try to connect with "admin1" it works fine. If I try to connect with "admin2" it failed with error "Wrong Username or Password!". And without connecting (so with defaut-group), it works fine.
For information, admin1 and admin2 users have the same password. And in my real usage topics-filter-regexp have a real list of topic, but I done the test with this above configuration for testing.
I hope with all these information you will find the problem.
Thanks
apellegr06
commented
3 years ago Hi,
Finally I now use the right jar file :)
And with this previous config file I got the same error when I try to connect. Also if I use the list for topics-filter-regexp, exactly with 67 lines of :
- "TEST"
With 66 it's ok !
tchiotludo
commented
3 years ago Please give me a docker compose file to reproduce the issue, I never have the issue on my side
apellegr06
commented
3 years ago I'm sorry, I don't know how to make a docker compose file, but I reproduce the same behaviour on a docker instance by running this command : docker run -d -p 8080:8080 -v /tmp/kafkahq.yml:/app/application.yml tchiotludo/akhq:dev
with following /tmp/kafkahq.yml :
micronaut:
security:
enabled: true
akhq:
server:
access-log:
enabled: true
name: org.akhq.log.access
format: "[Date: {}] [Duration: {} ms] [Url: {} {}] [Status: {}] [Ip: {}] [User: {}]"
clients-defaults:
consumer:
properties:
isolation.level: read_committed
default.api.timeout.ms: 60000
connections:
TEST:
properties:
bootstrap.servers: "xxxxx"
security.protocol: PLAINTEXT
pagination:
page-size: 25
threads: 16
topic:
retention: 172800000
partition: 3
replication: 3
default-view: HIDE_INTERNAL
internal-regexps:
- "^_.*$"
- "^.*_schemas$"
- "^.*connect-config$"
- "^.*connect-offsets$1"
- "^.*connect-status$"
stream-regexps:
- "^.*-changelog$"
- "^.*-repartition$"
- "^.*-rekey$"
topic-data:
sort: OLDEST
size: 50
poll-timeout: 1000
security:
default-group: admin
groups:
test1:
name: test1
roles:
- topic/read
- group/read
- topic/data/read
- topic/data/insert
- group/offsets/update
attributes:
topics-filter-regexp: "TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST|TEST"
test2:
name: test2
roles:
- topic/read
- group/read
- topic/data/read
- topic/data/insert
- group/offsets/update
attributes:
topics-filter-regexp:
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
- "TEST"
basic-auth:
- username: admin1
password: xxxx
groups:
- test1
- username: admin2
password: xxxx
groups:
- test2
With admin1 login with old fashion topics-filter-regexp it works because I'm under the length limit (if I add some topics it failed). Adn with admin2 with new fashion topics-filter-regexp it failed because I'm over the number of element limit (if I remove some of tehm it works).
Normally you should have the same behaviour with the same docker file and same config yml file, no ?
Hi,
I have the ldap authentification configured and I have an issue since I update from 0.12.0 to 0.16.0
My user belong to two groups defined into the yml and the connection issue is related to that. If I remove one of the groups than I can connect, otherwise I have an error "Wrong Username or Password!" If I rollback to 0.12.0 I don't have this issue.
Regards Alain