Details
Critical Description
- Configure CB Server with LDAP authentication
- Create a ldap group and add a user to the the group in ldap.
- Add ldap group to CBServer. Create a bucket in CB Server
- Grant the ldap a 'admin' role
Now connect via SDK and create a document, failed with
Traceback (most recent call last):
File "test.py", line 9, in <module>
cb.upsert('u:king_arthur6', {'name': 'Arthur', 'email': 'kingarthur@couchbase.com', 'interests': ['Holy Grail', 'African Swallows']})
File "/Library/Python/2.7/site-packages/couchbase/bucket.py", line 406, in upsert
replicate_to=replicate_to)
couchbase.exceptions.LCB_0x54 (generated, catch: CouchbaseInputError): <Key=u'u:king_arthur6', RC=0x54[Not authorized for operation], Operational Error, Results=1, C Source=(src/multiresult.c,316), Context=Authorization failure: can't execute SET operation without the Upsert privilege, Ref=4f12397c-d33f-4017-2e14-a54970557256>
- Note that the user has admin role from ldap group
- Note that internal user with admin is able to upsert
*
Attachments
Issue Links
- depends on
-
MB-32653 External users roles cache invalidation command
-
- Closed
-