ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oleew...@apache.org
Subject ambari git commit: AMBARI-18198. Doc updates about ldap sync related properties (oleewere)
Date Mon, 22 Aug 2016 10:39:28 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk e74ecc9a5 -> 56fe3368b


AMBARI-18198. Doc updates about ldap sync related properties (oleewere)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/56fe3368
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/56fe3368
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/56fe3368

Branch: refs/heads/trunk
Commit: 56fe3368bcfee0fb58b1bd1635d0285d1274667f
Parents: e74ecc9
Author: oleewere <oleewere@gmail.com>
Authored: Thu Aug 18 17:22:50 2016 +0200
Committer: oleewere <oleewere@gmail.com>
Committed: Mon Aug 22 12:37:31 2016 +0200

----------------------------------------------------------------------
 ambari-server/docs/configuration/index.md       |  8 +++----
 .../server/configuration/Configuration.java     | 24 ++++++++++++--------
 2 files changed, 18 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/56fe3368/ambari-server/docs/configuration/index.md
----------------------------------------------------------------------
diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md
index 311def5..18234d0 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -85,10 +85,10 @@ The following are the properties which can be used to configure Ambari.
 | authentication.ldap.primaryUrl | The LDAP URL used for connecting to an LDAP server when
authenticating users. This should include both the host name and port. |`localhost:33389`
| 
 | authentication.ldap.referral | Determines whether to follow LDAP referrals to other URLs
when the LDAP controller doesn't have the requested object. |`follow` | 
 | authentication.ldap.secondaryUrl | A second LDAP URL to use as a backup when authenticating
users. This should include both the host name and port. | | 
-| authentication.ldap.sync.groupMemberFilter | The default filter to use for syncing member
from LDAP. | | 
-| authentication.ldap.sync.groupMemberReplacePattern | The default regex pattern to use when
replacing the group member attribute ID value with a placeholder. This is used in cases where
a UID of an LDAP member is not a full CN or unique ID<br/><br/>The following are
examples of valid values:<ul><li>``${member}``</ul> | | 
-| authentication.ldap.sync.userMemberFilter | The default filter to use for syncing users
from LDAP. | | 
-| authentication.ldap.sync.userMemberReplacePattern | The default regex pattern to use when
replacing the user member attribute ID value with a placeholder. This is used in cases where
a UID of an LDAP member is not a full CN or unique ID<br/><br/>The following are
examples of valid values:<ul><li>``${member}``</ul> | | 
+| authentication.ldap.sync.groupMemberFilter | Filter to use for syncing group members of
a group from LDAP. (by default it is not used)<br/><br/>The following are examples
of valid values:<ul><li>`(&(objectclass=posixgroup)(cn={member}))`</ul>
| | 
+| authentication.ldap.sync.groupMemberReplacePattern | Regex pattern to use when replacing
the group member attribute ID value with a placeholder. This is used in cases where a UID
of an LDAP member is not a full CN or unique ID (e.g.: `member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache`)<br/><br/>The
following are examples of valid values:<ul><li>`(?<sid>.*);(?<guid>.*);(?<member>.*)`</ul>
| | 
+| authentication.ldap.sync.userMemberFilter | Filter to use for syncing user members of a
group from LDAP (by default it is not used).<br/><br/>The following are examples
of valid values:<ul><li>`(&(objectclass=posixaccount)(uid={member}))`</ul>
| | 
+| authentication.ldap.sync.userMemberReplacePattern | Regex pattern to use when replacing
the user member attribute ID value with a placeholder. This is used in cases where a UID of
an LDAP member is not a full CN or unique ID (e.g.: `member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache`)<br/><br/>The
following are examples of valid values:<ul><li>`(?<sid>.*);(?<guid>.*);(?<member>.*)`</ul>
| | 
 | authentication.ldap.useSSL | Determines whether to use LDAP over SSL (LDAPS). |`false`
| 
 | authentication.ldap.userBase | The filter used when searching for users in LDAP. |`ou=people,dc=ambari,dc=apache,dc=org`
| 
 | authentication.ldap.userObjectClass | The class to which user objects in LDAP belong. |`person`
| 

http://git-wip-us.apache.org/repos/asf/ambari/blob/56fe3368/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 8ab9091..3c37789 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -1055,41 +1055,45 @@ public class Configuration {
       "authentication.ldap.pagination.enabled", "true");
 
   /**
-   * The default regex pattern to use when replacing the user member attribute
+   * Regex pattern to use when replacing the user member attribute
    * ID value with a placeholder. This is used in cases where a UID of an LDAP
    * member is not a full CN or unique ID.
    */
   @Markdown(
-      description = "The default regex pattern to use when replacing the user member attribute
ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a
full CN or unique ID",
-      examples = { "`${member}`" })
+      description = "Regex pattern to use when replacing the user member attribute ID value
with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or
unique ID (e.g.: `member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache`)",
+      examples = { "(?<sid>.*);(?<guid>.*);(?<member>.*)" })
   public static final ConfigurationProperty<String> LDAP_SYNC_USER_MEMBER_REPLACE_PATTERN
= new ConfigurationProperty<>(
       "authentication.ldap.sync.userMemberReplacePattern",
       LDAP_SYNC_MEMBER_REPLACE_PATTERN_DEFAULT);
 
   /**
-   * The default regex pattern to use when replacing the group member attribute
+   * Regex pattern to use when replacing the group member attribute
    * ID value with a placeholder. This is used in cases where a UID of an LDAP
    * member is not a full CN or unique ID.
    */
   @Markdown(
-      description = "The default regex pattern to use when replacing the group member attribute
ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a
full CN or unique ID",
-      examples = { "`${member}`" })
+      description = "Regex pattern to use when replacing the group member attribute ID value
with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or
unique ID (e.g.: `member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache`)",
+      examples = { "(?<sid>.*);(?<guid>.*);(?<member>.*)" })
   public static final ConfigurationProperty<String> LDAP_SYCN_GROUP_MEMBER_REPLACE_PATTERN
= new ConfigurationProperty<>(
       "authentication.ldap.sync.groupMemberReplacePattern",
       LDAP_SYNC_MEMBER_REPLACE_PATTERN_DEFAULT);
 
   /**
-   * The default filter to use for syncing users from LDAP.
+   * Filter to use for syncing user members of group from LDAP. (by default it is not used)
    */
-  @Markdown(description = "The default filter to use for syncing users from LDAP.")
+  @Markdown(
+    description = "Filter to use for syncing user members of a group from LDAP (by default
it is not used).",
+    examples = {"(&(objectclass=posixaccount)(uid={member}))"})
   public static final ConfigurationProperty<String> LDAP_SYNC_USER_MEMBER_FILTER =
new ConfigurationProperty<>(
       "authentication.ldap.sync.userMemberFilter",
       LDAP_SYNC_MEMBER_FILTER_DEFAULT);
 
   /**
-   * The default filter to use for syncing member from LDAP.
+   * Filter to use for syncing group members of a group from LDAP. (by default it is not
used)
    */
-  @Markdown(description = "The default filter to use for syncing member from LDAP.")
+  @Markdown(
+    description = "Filter to use for syncing group members of a group from LDAP. (by default
it is not used)",
+    examples = {"(&(objectclass=posixgroup)(cn={member}))"})
   public static final ConfigurationProperty<String> LDAP_SYNC_GROUP_MEMBER_FILTER =
new ConfigurationProperty<>(
       "authentication.ldap.sync.groupMemberFilter",
       LDAP_SYNC_MEMBER_FILTER_DEFAULT);


Mime
View raw message