ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-12337. Kerberos: LDAP error updating and removing service principals in AD (rlevas)
Date Thu, 09 Jul 2015 01:00:38 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.1 05a4358ea -> c267b45bc


AMBARI-12337. Kerberos: LDAP error updating and removing service principals in AD (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c267b45b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c267b45b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c267b45b

Branch: refs/heads/branch-2.1
Commit: c267b45bc6ffadce7c3b49d06f3ea0bc50634ce6
Parents: 05a4358
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Wed Jul 8 21:00:33 2015 -0400
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Wed Jul 8 21:00:33 2015 -0400

----------------------------------------------------------------------
 .../kerberos/ADKerberosOperationHandler.java    | 22 +++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/c267b45b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
index 7f82cfd..33350c0 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
@@ -33,6 +33,7 @@ import org.apache.velocity.exception.ResourceNotFoundException;
 import javax.naming.AuthenticationException;
 import javax.naming.CommunicationException;
 import javax.naming.Context;
+import javax.naming.InvalidNameException;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
@@ -71,11 +72,16 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler
{
   private String ldapUrl = null;
 
   /**
-   * A String containing the DN of the container to create new account in
+   * A String containing the DN of the container for managing Active Directory accounts
    */
   private String principalContainerDn = null;
 
   /**
+   * The LdapName of the container for managing Active Directory accounts
+   */
+  private LdapName principalContainerLdapName = null;
+
+  /**
    * A String containing the Velocity template to use to generate the JSON structure declaring
the
    * attributes to use to create new Active Directory accounts.
    * <p/>
@@ -147,6 +153,12 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler
{
       throw new KerberosLDAPContainerException("principalContainerDn not provided");
     }
 
+    try {
+      this.principalContainerLdapName = new LdapName(principalContainerDn);
+    } catch (InvalidNameException e) {
+      throw new KerberosLDAPContainerException("principalContainerDn is not a valid LDAP
name", e);
+    }
+
     setAdministratorCredentials(administratorCredentials);
     setDefaultRealm(realm);
     setKeyEncryptionTypes(translateEncryptionTypes(kerberosConfiguration.get(KERBEROS_ENV_ENCRYPTION_TYPES),
"\\s+"));
@@ -302,7 +314,7 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler
{
 
     try {
       Rdn rdn = new Rdn("cn", cn);
-      LdapName name = new LdapName(principalContainerDn);
+      LdapName name = new LdapName(principalContainerLdapName.getRdns());
       name.add(name.size(), rdn);
       ldapContext.createSubcontext(name, attributes);
     } catch (NamingException ne) {
@@ -340,7 +352,7 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler
{
 
       if (dn != null) {
         ldapContext.modifyAttributes(
-            dn,
+            new LdapName(dn),
             new ModificationItem[]{
                 new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd",
String.format("\"%s\"", password).getBytes("UTF-16LE")))
             }
@@ -381,7 +393,7 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler
{
       String dn = findPrincipalDN(deconstructPrincipal.getNormalizedPrincipal());
 
       if (dn != null) {
-        ldapContext.destroySubcontext(dn);
+        ldapContext.destroySubcontext(new LdapName(dn));
       }
     } catch (NamingException e) {
       throw new KerberosOperationException(String.format("Can not remove principal %s: %s",
principal, e.getMessage()), e);
@@ -545,7 +557,7 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler
{
 
       try {
         results = ldapContext.search(
-            principalContainerDn,
+            principalContainerLdapName,
             String.format("(userPrincipalName=%s)", normalizedPrincipal),
             searchControls
         );


Mime
View raw message