ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tbeerbo...@apache.org
Subject ambari git commit: AMBARI-9767 - Provide setup-ldap option option to set referral method (tbeerbower)
Date Tue, 24 Feb 2015 15:50:48 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.0.0 5f31e2bf8 -> 828d85ddd


AMBARI-9767 - Provide setup-ldap option option to set referral method (tbeerbower)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/828d85dd
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/828d85dd
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/828d85dd

Branch: refs/heads/branch-2.0.0
Commit: 828d85ddd219d9ccd1b5f210554fdc2d8d7adccb
Parents: 5f31e2b
Author: tbeerbower <tbeerbower@hortonworks.com>
Authored: Tue Feb 24 10:46:46 2015 -0500
Committer: tbeerbower <tbeerbower@hortonworks.com>
Committed: Tue Feb 24 10:46:46 2015 -0500

----------------------------------------------------------------------
 .../server/configuration/Configuration.java     |  3 +
 .../authorization/LdapServerProperties.java     | 11 ++++
 .../security/ldap/AmbariLdapDataPopulator.java  | 28 ++++++++-
 .../main/python/ambari_server/setupSecurity.py  |  3 +
 .../ldap/AmbariLdapDataPopulatorTest.java       | 64 ++++++++++++++++++--
 .../src/test/python/TestAmbariServer.py         |  7 ++-
 6 files changed, 108 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/828d85dd/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index d859523..c5595e6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -140,6 +140,7 @@ public class Configuration {
   public static final String LDAP_GROUP_MEMEBERSHIP_ATTR_KEY = "authentication.ldap.groupMembershipAttr";
   public static final String LDAP_ADMIN_GROUP_MAPPING_RULES_KEY = "authorization.ldap.adminGroupMappingRules";
   public static final String LDAP_GROUP_SEARCH_FILTER_KEY = "authorization.ldap.groupSearchFilter";
+  public static final String LDAP_REFERRAL_KEY = "authentication.ldap.referral";
   public static final String SERVER_EC_CACHE_SIZE = "server.ecCacheSize";
   public static final String SERVER_STALE_CONFIG_CACHE_ENABLED_KEY = "server.cache.isStale.enabled";
   public static final String SERVER_PERSISTENCE_TYPE_KEY = "server.persistence.type";
@@ -285,6 +286,7 @@ public class Configuration {
   private static final String LDAP_GROUP_MEMBERSHIP_ATTR_DEFAULT = "member";
   private static final String LDAP_ADMIN_GROUP_MAPPING_RULES_DEFAULT = "Ambari Administrators";
   private static final String LDAP_GROUP_SEARCH_FILTER_DEFAULT = "";
+  private static final String LDAP_REFERRAL_DEFAULT = "follow";
 
   /**
    * !!! TODO: for development purposes only, should be changed to 'false'
@@ -969,6 +971,7 @@ public class Configuration {
         LDAP_ADMIN_GROUP_MAPPING_RULES_KEY, LDAP_ADMIN_GROUP_MAPPING_RULES_DEFAULT));
     ldapServerProperties.setGroupSearchFilter(properties.getProperty(
         LDAP_GROUP_SEARCH_FILTER_KEY, LDAP_GROUP_SEARCH_FILTER_DEFAULT));
+    ldapServerProperties.setReferralMethod(properties.getProperty(LDAP_REFERRAL_KEY, LDAP_REFERRAL_DEFAULT));
 
     if (properties.containsKey(LDAP_GROUP_BASE_KEY) ||
         properties.containsKey(LDAP_GROUP_OBJECT_CLASS_KEY) ||

http://git-wip-us.apache.org/repos/asf/ambari/blob/828d85dd/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
index ddb3670..df314f1 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
@@ -36,6 +36,7 @@ public class LdapServerProperties {
   private String managerPassword;
   private String baseDN;
   private String dnAttribute;
+  private String referralMethod;
 
   //LDAP group properties
   private String groupBase;
@@ -225,6 +226,14 @@ public class LdapServerProperties {
     this.dnAttribute = dnAttribute;
   }
 
+  public void setReferralMethod(String referralMethod) {
+    this.referralMethod = referralMethod;
+  }
+
+  public String getReferralMethod() {
+    return referralMethod;
+  }
+
   @Override
   public boolean equals(Object obj) {
     if (this == obj) return true;
@@ -260,6 +269,7 @@ public class LdapServerProperties {
         that.groupSearchFilter) : that.groupSearchFilter != null) return false;
     if (dnAttribute != null ? !dnAttribute.equals(
         that.dnAttribute) : that.dnAttribute != null) return false;
+    if (referralMethod != null ? !referralMethod.equals(that.referralMethod) : that.referralMethod
!= null) return false;
 
     return true;
   }
@@ -283,6 +293,7 @@ public class LdapServerProperties {
     result = 31 * result + (adminGroupMappingRules != null ? adminGroupMappingRules.hashCode()
: 0);
     result = 31 * result + (groupSearchFilter != null ? groupSearchFilter.hashCode() : 0);
     result = 31 * result + (dnAttribute != null ? dnAttribute.hashCode() : 0);
+    result = 31 * result + (referralMethod != null ? referralMethod.hashCode() : 0);
     return result;
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/828d85dd/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
index 05494e3..d4d3916 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
@@ -583,7 +583,7 @@ public class AmbariLdapDataPopulator {
       LOG.info("Reloading properties");
       ldapServerProperties = properties;
 
-      final LdapContextSource ldapContextSource = new LdapContextSource();
+      final LdapContextSource ldapContextSource = createLdapContextSource();
       final List<String> ldapUrls = ldapServerProperties.getLdapUrls();
       ldapContextSource.setUrls(ldapUrls.toArray(new String[ldapUrls.size()]));
 
@@ -599,11 +599,35 @@ public class AmbariLdapDataPopulator {
         throw new UsernameNotFoundException("LDAP Context Source not loaded", e);
       }
 
-      ldapTemplate = new LdapTemplate(ldapContextSource);
+      ldapContextSource.setReferral(ldapServerProperties.getReferralMethod());
+
+      ldapTemplate = createLdapTemplate(ldapContextSource);
+
+      ldapTemplate.setIgnorePartialResultException(true);
     }
     return ldapTemplate;
   }
 
+  /**
+   * LdapContextSource factory method.
+   *
+   * @return new context source
+   */
+  protected LdapContextSource createLdapContextSource() {
+    return new LdapContextSource();
+  }
+
+  /**
+   * LdapTemplate factory method.
+   *
+   * @param ldapContextSource  the LDAP context source
+   *
+   * @return new LDAP template
+   */
+  protected LdapTemplate createLdapTemplate(LdapContextSource ldapContextSource) {
+    return new LdapTemplate(ldapContextSource);
+  }
+
   //
   // ContextMapper implementations
   //

http://git-wip-us.apache.org/repos/asf/ambari/blob/828d85dd/ambari-server/src/main/python/ambari_server/setupSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index 71b246d..18e703e 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -54,6 +54,7 @@ REGEX_IP_ADDRESS = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-
 REGEX_HOSTNAME = "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$"
 REGEX_HOSTNAME_PORT = "^(.*:[0-9]{1,5}$)"
 REGEX_TRUE_FALSE = "^(true|false)?$"
+REGEX_REFERRAL = "^(follow|ignore)?$"
 REGEX_ANYTHING = ".*"
 
 CLIENT_SECURITY_KEY = "client.security"
@@ -539,6 +540,7 @@ def init_ldap_properties_list_reqd(properties):
     LdapPropTemplate(properties, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}:
", REGEX_TRUE_FALSE, False, "false"),
     LdapPropTemplate(properties, "authentication.ldap.usernameAttribute", "User name attribute*
{0}: ", REGEX_ANYTHING, False, "uid"),
     LdapPropTemplate(properties, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING,
False),
+    LdapPropTemplate(properties, "authentication.ldap.referral", "Referral method [follow/ignore]
{0}: ", REGEX_REFERRAL, True),
     LdapPropTemplate(properties, "authentication.ldap.bindAnonymously" "Bind anonymously*
[true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
   ]
   return ldap_properties
@@ -556,6 +558,7 @@ def init_ldap_properties_list_reqd(properties):
     LdapPropTemplate(properties, "authentication.ldap.groupMembershipAttr", "Group member
attribute* {0}: ", REGEX_ANYTHING, False, "memberUid"),
     LdapPropTemplate(properties, "authentication.ldap.dnAttribute", "Distinguished name attribute*
{0}: ", REGEX_ANYTHING, False, "dn"),
     LdapPropTemplate(properties, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING,
False),
+    LdapPropTemplate(properties, "authentication.ldap.referral", "Referral method [follow/ignore]
{0}: ", REGEX_REFERRAL, True),
     LdapPropTemplate(properties, "authentication.ldap.bindAnonymously", "Bind anonymously*
[true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
   ]
   return ldap_properties

http://git-wip-us.apache.org/repos/asf/ambari/blob/828d85dd/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
index ea5570e..b06ab09 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
@@ -47,23 +47,47 @@ import org.springframework.ldap.core.AttributesMapper;
 import org.springframework.ldap.core.ContextMapper;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.core.support.LdapContextSource;
 
 import static junit.framework.Assert.*;
 import static org.easymock.EasyMock.*;
+import static org.easymock.EasyMock.createNiceMock;
 
 public class AmbariLdapDataPopulatorTest {
-  public static class AmbariLdapDataPopulatorTestInstance extends AmbariLdapDataPopulator
{
-
+  public static class AmbariLdapDataPopulatorTestInstance extends TestAmbariLdapDataPopulator
{
     public AmbariLdapDataPopulatorTestInstance(Configuration configuration, Users users)
{
       super(configuration, users);
     }
 
-    private LdapTemplate ldapTemplate;
-
     @Override
     protected LdapTemplate loadLdapTemplate() {
       return ldapTemplate;
     }
+  }
+
+  public static class TestAmbariLdapDataPopulator extends AmbariLdapDataPopulator {
+
+    protected LdapTemplate ldapTemplate;
+    private LdapContextSource ldapContextSource;
+
+    public TestAmbariLdapDataPopulator(Configuration configuration, Users users) {
+      super(configuration, users);
+    }
+
+    @Override
+    protected LdapContextSource createLdapContextSource() {
+      return ldapContextSource;
+    }
+
+    @Override
+    protected LdapTemplate createLdapTemplate(LdapContextSource ldapContextSource) {
+      this.ldapContextSource = ldapContextSource;
+      return ldapTemplate;
+    }
+
+    public void setLdapContextSource(LdapContextSource ldapContextSource) {
+      this.ldapContextSource = ldapContextSource;
+    }
 
     public void setLdapTemplate(LdapTemplate ldapTemplate) {
       this.ldapTemplate = ldapTemplate;
@@ -76,6 +100,10 @@ public class AmbariLdapDataPopulatorTest {
     public void setLdapServerProperties(LdapServerProperties ldapServerProperties) {
       this.ldapServerProperties = ldapServerProperties;
     }
+
+    public LdapContextSource getLdapContextSource() {
+      return ldapContextSource;
+    }
   }
 
   @Test
@@ -98,6 +126,34 @@ public class AmbariLdapDataPopulatorTest {
   }
 
   @Test
+  public void testReferralMethod() {
+    final Configuration configuration = createNiceMock(Configuration.class);
+    final Users users = createNiceMock(Users.class);
+    LdapContextSource ldapContextSource = createNiceMock(LdapContextSource.class);
+
+    List<String> ldapUrls = Collections.singletonList("url");
+
+    LdapTemplate ldapTemplate = createNiceMock(LdapTemplate.class);
+    LdapServerProperties ldapServerProperties = createNiceMock(LdapServerProperties.class);
+    expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).anyTimes();
+    expect(ldapServerProperties.getLdapUrls()).andReturn(ldapUrls).anyTimes();
+    expect(ldapServerProperties.getReferralMethod()).andReturn("follow");
+    ldapContextSource.setReferral("follow");
+    ldapTemplate.setIgnorePartialResultException(true);
+
+    replay(ldapTemplate, configuration, ldapServerProperties, ldapContextSource);
+
+    final TestAmbariLdapDataPopulator populator = new TestAmbariLdapDataPopulator(configuration,
users);
+    populator.setLdapContextSource(ldapContextSource);
+    populator.setLdapTemplate(ldapTemplate);
+    populator.setLdapServerProperties(ldapServerProperties);
+
+    populator.loadLdapTemplate();
+
+    verify(ldapTemplate, configuration, ldapServerProperties, ldapContextSource);
+  }
+
+  @Test
   public void testIsLdapEnabled_reallyEnabled() {
     final Configuration configuration = createNiceMock(Configuration.class);
     final Users users = createNiceMock(Users.class);

http://git-wip-us.apache.org/repos/asf/ambari/blob/828d85dd/ambari-server/src/test/python/TestAmbariServer.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py
index 8bf7409..a06ba63 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -5480,7 +5480,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
     }
 
     get_ambari_properties_method.return_value = configs
-    raw_input_mock.side_effect = ['a:3', 'b:b', 'hody', 'b:2', 'false', 'user', 'uid', 'group',
'cn', 'member', 'dn', 'base', 'true']
+    raw_input_mock.side_effect = ['a:3', 'b:b', 'hody', 'b:2', 'false', 'user', 'uid', 'group',
'cn', 'member', 'dn', 'base', 'follow', 'true']
     set_silent(False)
     get_YN_input_method.return_value = True
 
@@ -5498,6 +5498,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
         "authentication.ldap.groupMembershipAttr": "member",
         "authentication.ldap.dnAttribute": "dn",
         "authentication.ldap.baseDn": "base",
+        "authentication.ldap.referral": "follow",
         "authentication.ldap.bindAnonymously": "true",
         "client.security": "ldap",
         "ambari.ldap.isConfigured": "true"
@@ -5511,7 +5512,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
     self.assertTrue(8, raw_input_mock.call_count)
 
     raw_input_mock.reset_mock()
-    raw_input_mock.side_effect = ['a:3', '', 'b:2', 'false', 'user', 'uid', 'group', 'cn',
'member', 'dn', 'base', 'true']
+    raw_input_mock.side_effect = ['a:3', '', 'b:2', 'false', 'user', 'uid', 'group', 'cn',
'member', 'dn', 'base', 'follow', 'true']
 
     setup_ldap()
 
@@ -5526,6 +5527,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
         "authentication.ldap.groupMembershipAttr": "member",
         "authentication.ldap.dnAttribute": "dn",
         "authentication.ldap.baseDn": "base",
+        "authentication.ldap.referral": "follow",
         "authentication.ldap.bindAnonymously": "true",
         "client.security": "ldap",
         "ambari.ldap.isConfigured": "true"
@@ -5623,6 +5625,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
         "authentication.ldap.groupMembershipAttr": "test",
         "authentication.ldap.groupNamingAttr": "test",
         "authentication.ldap.dnAttribute": "test",
+        "authentication.ldap.referral": "test",
         "client.security": "ldap", \
         LDAP_MGR_PASSWORD_PROPERTY: "ldap-password.dat",
         "ambari.ldap.isConfigured": "true"


Mime
View raw message