ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nc...@apache.org
Subject [44/50] [abbrv] ambari git commit: AMBARI-18860. LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled (BE).(vbrodetskyi)
Date Mon, 14 Nov 2016 18:27:57 GMT
AMBARI-18860. LDAPS must be used to communicate with an Active Directory when Kerberos is being
enabled (BE).(vbrodetskyi)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5d7824ea
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5d7824ea
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5d7824ea

Branch: refs/heads/branch-dev-patch-upgrade
Commit: 5d7824ea3e6689e910ebc03b9bfe408cd4d30a15
Parents: f1200b7
Author: Vitaly Brodetskyi <vbrodetskyi@hortonworks.com>
Authored: Sun Nov 13 21:49:58 2016 +0200
Committer: Vitaly Brodetskyi <vbrodetskyi@hortonworks.com>
Committed: Sun Nov 13 21:49:58 2016 +0200

----------------------------------------------------------------------
 .../kerberos/ADKerberosOperationHandler.java          |  3 +++
 .../kerberos/ADKerberosOperationHandlerTest.java      | 14 ++++++++++++++
 2 files changed, 17 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/5d7824ea/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
index 48e04f4..32efa3e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
@@ -149,6 +149,9 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler
{
     if (this.ldapUrl == null) {
       throw new KerberosKDCConnectionException("ldapUrl not provided");
     }
+    if (!this.ldapUrl.startsWith("ldaps://")) {
+      throw new KerberosKDCConnectionException("ldapUrl is not valid ldaps URL");
+    }
 
     this.principalContainerDn = kerberosConfiguration.get(KERBEROS_ENV_PRINCIPAL_CONTAINER_DN);
     if (this.principalContainerDn == null) {

http://git-wip-us.apache.org/repos/asf/ambari/blob/5d7824ea/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
index 52cd372..a2304b8 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
@@ -91,6 +91,20 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
     handler.close();
   }
 
+  @Test(expected = KerberosKDCConnectionException.class)
+  public void testOpenExceptionNoLdaps() throws Exception {
+    PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, "hello");
+    KerberosOperationHandler handler = new ADKerberosOperationHandler();
+    Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
+      {
+        put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, "ldap://this_wont_work");
+        put(ADKerberosOperationHandler.KERBEROS_ENV_PRINCIPAL_CONTAINER_DN, DEFAULT_PRINCIPAL_CONTAINER_DN);
+      }
+    };
+    handler.open(kc, DEFAULT_REALM, kerberosEnvMap);
+    handler.close();
+  }
+
   @Test(expected = KerberosAdminAuthenticationException.class)
   public void testTestAdministratorCredentialsIncorrectAdminPassword() throws Exception {
     PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, "wrong");


Mime
View raw message