ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lpus...@apache.org
Subject [11/33] ambari git commit: AMBARI-21307 Draft implementation of the group related attributes
Date Fri, 13 Oct 2017 15:54:39 GMT
AMBARI-21307 Draft implementation of the group related attributes


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/86e105f8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/86e105f8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/86e105f8

Branch: refs/heads/feature-branch-AMBARI-21307
Commit: 86e105f8d7ae76318132f2e3ff8f3833c0af14b2
Parents: 8d2e134
Author: lpuskas <lpuskas@apache.org>
Authored: Tue Aug 8 13:54:29 2017 +0200
Committer: lpuskas <lpuskas@apache.org>
Committed: Fri Oct 13 17:20:49 2017 +0200

----------------------------------------------------------------------
 .../server/ldap/AmbariLdapConfiguration.java    |  22 +-
 .../ldap/LdapConfigurationValidatorService.java |  34 +--
 .../apache/ambari/server/ldap/LdapModule.java   |   4 +-
 .../server/ldap/service/AmbariLdapFacade.java   |  25 +-
 .../ldap/service/LdapConnectionService.java     |  35 +++
 .../ambari/server/ldap/service/LdapFacade.java  |   9 +-
 .../ad/AdLdapConfigurationValidatorService.java | 177 --------------
 ...efaultLdapConfigurationValidatorService.java | 232 +++++++++++++++++++
 .../ad/DefaultLdapConnectionService.java        |  63 +++++
 .../service/ad/LdapConfigurationConverter.java  |  50 ----
 ...AdLdapConfigurationValidatorServiceTest.java | 129 -----------
 ...ltLdapConfigurationValidatorServiceTest.java | 156 +++++++++++++
 12 files changed, 552 insertions(+), 384 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
index 519f400..a6ff80b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
@@ -53,7 +53,7 @@ public class AmbariLdapConfiguration {
     GROUP_OBJECT_CLASS("ambari.ldap.group.object.class"),
     GROUP_NAME_ATTRIBUTE("ambari.ldap.group.name.attribute"),
     GROUP_MEMBER_ATTRIBUTE("ambari.ldap.group.member.attribute"),
-    GROUP_SEARCH_BASE("ambari.ldap.group.member.attribute"),
+    GROUP_SEARCH_BASE("ambari.ldap.group.search.base"),
     DN_ATTRIBUTE("authentication.ldap.dnAttribute");
 
     private String propertyName;
@@ -126,4 +126,24 @@ public class AmbariLdapConfiguration {
     return (String) configurationValue(LdapConfigProperty.USER_NAME_ATTRIBUTE);
   }
 
+  public String userSearchBase() {
+    return (String) configurationValue(LdapConfigProperty.USER_SEARCH_BASE);
+  }
+
+  public String groupObjectClass() {
+    return (String) configurationValue(LdapConfigProperty.GROUP_OBJECT_CLASS);
+  }
+
+  public String groupNameAttribute() {
+    return (String) configurationValue(LdapConfigProperty.GROUP_NAME_ATTRIBUTE);
+  }
+
+  public String groupMemberAttribute() {
+    return (String) configurationValue(LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE);
+  }
+
+  public String groupSearchBase() {
+    return (String) configurationValue(LdapConfigProperty.GROUP_SEARCH_BASE);
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java
index 4667721..7efa3b7 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java
@@ -14,8 +14,11 @@
 
 package org.apache.ambari.server.ldap;
 
+import java.util.Set;
+
 import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.ldap.service.AmbariLdapException;
+import org.apache.directory.ldap.client.api.LdapConnection;
 
 /**
  * Collection of operations for validating ldap configuration.
@@ -26,27 +29,32 @@ public interface LdapConfigurationValidatorService {
   /**
    * Tests the connection based on the provided configuration.
    *
-   * @param configuration the ambari ldap configuration instance
+   * @param ldapConnection connection instance
+   * @param configuration  the ambari ldap configuration instance
    * @throws AmbariLdapException if the connection is not possible
    */
-  void checkConnection(AmbariLdapConfiguration configuration) throws AmbariLdapException;
+  void checkConnection(LdapConnection ldapConnection, AmbariLdapConfiguration configuration) throws AmbariLdapException;
+
 
   /**
-   * Checks whether the group related LDAP attributes in the configuration are correct.
+   * Implements LDAP user related configuration settings validation logic.
+   * Implementers communicate with the LDAP server (search, bind) to validate attributes in the provided configuration
+   * instance
    *
-   * @param configuration the configuration instance holding the available properties
-   * @throws AmbariException if the attributes are not valid
+   * @param ldapConnection connection instance used to connect to the LDAP server
+   * @param testUserName   the test username
+   * @param testPassword   the test password
+   * @param configuration  the available ldap configuration
+   * @return The DN of the found user entry
+   * @throws AmbariException if the connection couldn't be estabilisheds
    */
-  void checkGroupAttributes(AmbariLdapConfiguration configuration) throws AmbariException;
+  String checkUserAttributes(LdapConnection ldapConnection, String testUserName, String testPassword, AmbariLdapConfiguration configuration) throws AmbariLdapException;
 
   /**
-   * Tries to connect to the LDAP server with the given credentials.
-   * Primarily used for testing the user before performing other operations (eg. attribute detection)s
+   * Checks whether the group related LDAP attributes in the configuration are correct.
    *
-   * @param username      the username
-   * @param password      the password
-   * @param configuration the available ldap configuration
-   * @throws AmbariException if the connection couldn't be estabilished
+   * @throws AmbariException if the attributes are not valid
    */
-  void checkUserAttributes(String username, String password, AmbariLdapConfiguration configuration) throws AmbariException;
+  Set<String> checkGroupAttributes(LdapConnection ldapConnection, String userDn, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
+
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
index 625ce8b..545f220 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
@@ -17,7 +17,7 @@ package org.apache.ambari.server.ldap;
 
 import org.apache.ambari.server.ldap.service.AmbariLdapFacade;
 import org.apache.ambari.server.ldap.service.LdapFacade;
-import org.apache.ambari.server.ldap.service.ad.AdLdapConfigurationValidatorService;
+import org.apache.ambari.server.ldap.service.ad.DefaultLdapConfigurationValidatorService;
 
 import com.google.inject.AbstractModule;
 import com.google.inject.assistedinject.FactoryModuleBuilder;
@@ -30,7 +30,7 @@ public class LdapModule extends AbstractModule {
   @Override
   protected void configure() {
     bind(LdapFacade.class).to(AmbariLdapFacade.class);
-    bind(LdapConfigurationValidatorService.class).to(AdLdapConfigurationValidatorService.class);
+    bind(LdapConfigurationValidatorService.class).to(DefaultLdapConfigurationValidatorService.class);
 
     install(new FactoryModuleBuilder().build(LdapConfigurationFactory.class));
   }

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
index abd028a..abb464b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
@@ -16,13 +16,14 @@
 package org.apache.ambari.server.ldap.service;
 
 import java.util.Map;
+import java.util.Set;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
 
-import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
 import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
+import org.apache.directory.ldap.client.api.LdapConnection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -51,17 +52,21 @@ public class AmbariLdapFacade implements LdapFacade {
   private LdapConfigurationValidatorService ldapConfigurationValidatorService;
 
   @Inject
+  private LdapConnectionService ldapConnectionService;
+
+  @Inject
   public AmbariLdapFacade() {
   }
 
   @Override
-  public void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException {
+  public void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
     try {
       LOGGER.info("Validating LDAP connection related configuration based on: {}", ambariLdapConfiguration);
-      ldapConfigurationValidatorService.checkConnection(ambariLdapConfiguration);
+      LdapConnection connection = ldapConnectionService.createLdapConnection(ambariLdapConfiguration);
+      ldapConfigurationValidatorService.checkConnection(connection, ambariLdapConfiguration);
     } catch (AmbariLdapException e) {
       LOGGER.error("Validating LDAP connection configuration failed", e);
-      throw new AmbariException("Validating LDAP connection configuration failed", e);
+      throw e;
     }
     LOGGER.info("Validating LDAP connection related configuration: SUCCESS");
   }
@@ -74,7 +79,7 @@ public class AmbariLdapFacade implements LdapFacade {
   }
 
   @Override
-  public void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ldapConfiguration) throws AmbariException {
+  public void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ldapConfiguration) throws AmbariLdapException {
     String userName = getTestUserNameFromParameters(parameters);
     String testUserPass = getTestUserPasswordFromParameters(parameters);
 
@@ -82,8 +87,14 @@ public class AmbariLdapFacade implements LdapFacade {
       throw new IllegalArgumentException("No test user available for testing LDAP attributes");
     }
 
-    LOGGER.info("Testing LDAP attributes with test user: {}", userName);
-    ldapConfigurationValidatorService.checkUserAttributes(userName, testUserPass, ldapConfiguration);
+    LdapConnection ldapConnection = ldapConnectionService.createLdapConnection(ldapConfiguration);
+
+    LOGGER.info("Testing LDAP user attributes with test user: {}", userName);
+    String userDn = ldapConfigurationValidatorService.checkUserAttributes(ldapConnection, userName, testUserPass, ldapConfiguration);
+
+    LOGGER.info("Testing LDAP group attributes with test user dn: {}", userDn);
+    Set<String> groups = ldapConfigurationValidatorService.checkGroupAttributes(ldapConnection, userDn, ldapConfiguration);
+
   }
 
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java
new file mode 100644
index 0000000..50ee8ed
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.ldap.service;
+
+import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+
+/**
+ * Contract defining factory methods for creating LDAP connection instances.
+ * Implementers contain the logic of creating different connection instances and the afferent boilerplate code.
+ */
+public interface LdapConnectionService {
+
+  /**
+   * Creates an LdapConnection instance based on the provided configuration
+   *
+   * @param ambariLdapConfiguration configuration instance with information for creating the connection instance
+   * @return a set up LdapConnection instance
+   */
+  LdapNetworkConnection createLdapConnection(AmbariLdapConfiguration ambariLdapConfiguration);
+
+
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
index 38553f0..7bb1198 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
@@ -16,7 +16,6 @@ package org.apache.ambari.server.ldap.service;
 
 import java.util.Map;
 
-import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
 
 /**
@@ -29,9 +28,9 @@ public interface LdapFacade {
    * Tests the connection to the LDAP server based on the provided configuration.
    *
    * @param ambariLdapConfiguration the available ldap related configuration
-   * @throws AmbariException if the connection fails or other problems occur during the operation
+   * @throws AmbariLdapException if the connection fails or other problems occur during the operation
    */
-  void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException;
+  void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
 
 
   /**
@@ -46,7 +45,7 @@ public interface LdapFacade {
    *
    * @param parameters              a map of property name and value pairs holding information to facilitate checking the attributes
    * @param ambariLdapConfiguration configutration instance with available attributes
-   * @throws AmbariException if the attribute checking fails
+   * @throws AmbariLdapException if the attribute checking fails
    */
-  void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException;
+  void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java
deleted file mode 100644
index 11e8655..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.ldap.service.ad;
-
-import java.io.IOException;
-import java.util.List;
-
-import javax.inject.Inject;
-import javax.inject.Singleton;
-
-import org.apache.ambari.server.AmbariException;
-import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
-import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
-import org.apache.ambari.server.ldap.service.AmbariLdapException;
-import org.apache.directory.api.ldap.model.cursor.EntryCursor;
-import org.apache.directory.api.ldap.model.cursor.SearchCursor;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.message.SearchScope;
-import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.ldap.client.api.LdapConnectionConfig;
-import org.apache.directory.ldap.client.api.LdapNetworkConnection;
-import org.apache.directory.ldap.client.api.search.FilterBuilder;
-import org.apache.directory.shared.ldap.constants.SchemaConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Lists;
-
-/**
- * Implementation of the validation logic using the Apache Directory API.
- */
-@Singleton
-public class AdLdapConfigurationValidatorService implements LdapConfigurationValidatorService {
-
-  private static final Logger LOGGER = LoggerFactory.getLogger(AdLdapConfigurationValidatorService.class);
-
-  @Inject
-  private LdapConfigurationConverter ldapConfigurationConverter;
-
-  /**
-   * Facilitating the instantiation
-   */
-  @Inject
-  public AdLdapConfigurationValidatorService() {
-  }
-
-  @Override
-  public void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
-    try {
-      LOGGER.info("Testing the connection based on the configuration: {}", ambariLdapConfiguration);
-
-      LdapConnectionConfig connectionConfig = ldapConfigurationConverter.getLdapConnectionConfig(ambariLdapConfiguration);
-      LdapNetworkConnection connection = new LdapNetworkConnection(connectionConfig);
-
-      if (ambariLdapConfiguration.bindAnonimously()) {
-        LOGGER.debug("Binding anonimously ...");
-        connection.bind();
-      } else {
-        LOGGER.debug("Binding with manager DN and manager password ...");
-        connection.bind(ambariLdapConfiguration.managerDn(), ambariLdapConfiguration.managerPassword());
-      }
-
-      if (connection.isConnected()) {
-        LOGGER.info("Successfully connected to the LDAP server.");
-      }
-
-      connection.close();
-
-    } catch (Exception e) {
-      LOGGER.warn("Could not bind to the LDAP server base don the provided configuration ...");
-      throw new AmbariLdapException(e);
-    }
-  }
-
-
-  /**
-   * Checks the user attributes provided in the configuration instance by issuing a search for a (known) test user in the LDAP.
-   * Attributes are considered correct if there is at least one entry found.
-   *
-   * Invalid attributes are signaled by throwing an exception.
-   *
-   * @param username                the username
-   * @param password                the password
-   * @param ambariLdapConfiguration configuration instance holding ldap configuration details
-   * @throws AmbariException if the attributes are not valid or any errors occurs
-   */
-  @Override
-  public void checkUserAttributes(String username, String password, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException {
-    LdapNetworkConnection connection = null;
-    SearchCursor searchCursor = null;
-    try {
-      LOGGER.info("Checking user attributes for user {} r ...", username);
-
-      LdapConnectionConfig connectionConfig = ldapConfigurationConverter.getLdapConnectionConfig(ambariLdapConfiguration);
-      connection = new LdapNetworkConnection(connectionConfig);
-
-
-      if (!ambariLdapConfiguration.bindAnonimously()) {
-        LOGGER.debug("Anonimous binding not supported, binding with the manager detailas...");
-        connection.bind(ambariLdapConfiguration.managerDn(), ambariLdapConfiguration.managerPassword());
-      } else {
-        LOGGER.debug("Binding anonimously ...");
-        connection.bind();
-      }
-
-      if (!connection.isConnected()) {
-        LOGGER.error("Not connected to the LDAP server. Connection instance: {}", connection);
-        throw new IllegalStateException("The connection to the LDAP server is not alive");
-      }
-
-      // set up a filter based on the provided attributes
-      String filter = FilterBuilder.and(
-        FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()),
-        FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), username))
-        .toString();
-
-      LOGGER.info("Searching for the user: {} using the search filter: {}", username, filter);
-      EntryCursor entryCursor = connection.search(new Dn(ambariLdapConfiguration.baseDn()), filter, SearchScope.SUBTREE);
-
-      // collecting search result entries
-      List<Entry> users = Lists.newArrayList();
-      for (Entry entry : entryCursor) {
-        users.add(entry);
-      }
-
-      // there should be at least one user found
-      if (users.isEmpty()) {
-        String msg = String.format("There are no users found using the filter: [ %s ]. Try changing the attribute values", filter);
-        LOGGER.error(msg);
-        throw new Exception(msg);
-      }
-
-      LOGGER.info("Attibute validation succeeded. Filter: {}", filter);
-
-    } catch (Exception e) {
-
-      LOGGER.error("Error while checking user attributes.");
-      throw new AmbariException("Error while checking user attributes", e);
-
-    } finally {
-
-      LOGGER.debug("Closing the connection and searchresult ...");
-
-      if (null != searchCursor) {
-        searchCursor.close();
-      }
-
-      if (null != connection) {
-        try {
-          connection.close();
-        } catch (IOException e) {
-          LOGGER.error("Exception occurred while closing the connection", e);
-        }
-      }
-
-    }
-  }
-
-  @Override
-  public void checkGroupAttributes(AmbariLdapConfiguration configuration) throws AmbariException {
-
-  }
-
-
-}

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java
new file mode 100644
index 0000000..838ef4c
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java
@@ -0,0 +1,232 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.ldap.service.ad;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Set;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
+import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
+import org.apache.ambari.server.ldap.service.AmbariLdapException;
+import org.apache.ambari.server.ldap.service.LdapConnectionService;
+import org.apache.directory.api.ldap.codec.decorators.SearchResultEntryDecorator;
+import org.apache.directory.api.ldap.model.cursor.EntryCursor;
+import org.apache.directory.api.ldap.model.cursor.SearchCursor;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.message.Response;
+import org.apache.directory.api.ldap.model.message.SearchRequest;
+import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
+import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.apache.directory.ldap.client.api.search.FilterBuilder;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
+
+/**
+ * Implementation of the validation logic using the Apache Directory API.
+ */
+@Singleton
+public class DefaultLdapConfigurationValidatorService implements LdapConfigurationValidatorService {
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(DefaultLdapConfigurationValidatorService.class);
+
+  @Inject
+  private LdapConnectionService ldapConnectionService;
+
+  /**
+   * Facilitating the instantiation
+   */
+  @Inject
+  public DefaultLdapConfigurationValidatorService() {
+  }
+
+  @Override
+  public void checkConnection(LdapConnection ldapConnection, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
+    try {
+      bind(ambariLdapConfiguration, ldapConnection);
+    } catch (LdapException e) {
+      LOGGER.error("Could not connect to the LDAP server", e);
+      throw new AmbariLdapException(e);
+    }
+  }
+
+
+  /**
+   * Checks the user attributes provided in the configuration instance by issuing a search for a (known) test user in the LDAP.
+   * Attributes are considered correct if there is at least one entry found.
+   *
+   * Invalid attributes are signaled by throwing an exception.
+   *
+   * @param testUserName            the test username
+   * @param testPassword            the test password
+   * @param ambariLdapConfiguration configuration instance holding ldap configuration details
+   * @throws AmbariException if the attributes are not valid or any errors occurs
+   */
+  @Override
+  public String checkUserAttributes(LdapConnection ldapConnection, String testUserName, String testPassword, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
+    LdapNetworkConnection connection = null;
+    SearchCursor searchCursor = null;
+    String userDn = null;
+    try {
+      LOGGER.info("Checking user attributes for user {} r ...", testUserName);
+
+      // bind anonimously or with manager data
+      bind(ambariLdapConfiguration, connection);
+
+      // set up a filter based on the provided attributes
+      String filter = FilterBuilder.and(
+        FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()),
+        FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), testUserName))
+        .toString();
+
+      LOGGER.info("Searching for the user: {} using the search filter: {}", testUserName, filter);
+      EntryCursor entryCursor = connection.search(new Dn(ambariLdapConfiguration.userSearchBase()), filter, SearchScope.SUBTREE);
+
+      // collecting search result entries
+      List<Entry> users = Lists.newArrayList();
+      for (Entry entry : entryCursor) {
+        users.add(entry);
+        userDn = entry.getDn().getNormName();
+      }
+
+      // there should be at least one user found
+      if (users.isEmpty()) {
+        String msg = String.format("There are no users found using the filter: [ %s ]. Try changing the attribute values", filter);
+        LOGGER.error(msg);
+        throw new Exception(msg);
+      }
+
+      LOGGER.info("Attibute validation succeeded. Filter: {}", filter);
+
+    } catch (Exception e) {
+
+      LOGGER.error("User attributes validation failed.", e);
+      throw new AmbariLdapException(e.getMessage(), e);
+
+    } finally {
+      closeResources(connection, searchCursor);
+    }
+    return userDn;
+  }
+
+
+  @Override
+  public Set<String> checkGroupAttributes(LdapConnection ldapConnection, String userDn, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
+    SearchCursor searchCursor = null;
+    Set<Response> groupResponses = Sets.newHashSet();
+
+    try {
+      LOGGER.info("Checking group attributes for user dn {} ...", userDn);
+
+      bind(ambariLdapConfiguration, ldapConnection);
+
+      // set up a filter based on the provided attributes
+      String filter = FilterBuilder.and(
+        FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.groupObjectClass()),
+        FilterBuilder.equal(ambariLdapConfiguration.groupMemberAttribute(), userDn)
+      ).toString();
+
+      LOGGER.info("Searching for the groups the user dn: {} is member of using the search filter: {}", userDn, filter);
+
+      // assemble a search request
+      SearchRequest searchRequest = new SearchRequestImpl();
+      searchRequest.setFilter(filter);
+      searchRequest.setBase(new Dn(ambariLdapConfiguration.groupSearchBase()));
+      searchRequest.setScope(SearchScope.SUBTREE);
+      searchRequest.addAttributes(ambariLdapConfiguration.groupMemberAttribute(), ambariLdapConfiguration.groupNameAttribute());
+
+      // perform the search
+      searchCursor = ldapConnection.search(searchRequest);
+
+      for (Response response : searchCursor) {
+        groupResponses.add(response);
+      }
+
+    } catch (Exception e) {
+
+      LOGGER.error("User attributes validation failed.", e);
+      throw new AmbariLdapException(e.getMessage(), e);
+
+    } finally {
+
+      closeResources(ldapConnection, searchCursor);
+
+    }
+
+    return processGroupResults(groupResponses, ambariLdapConfiguration);
+  }
+
+  private void bind(AmbariLdapConfiguration ambariLdapConfiguration, LdapConnection connection) throws LdapException {
+    LOGGER.info("Connecting to LDAP ....");
+    if (!ambariLdapConfiguration.bindAnonimously()) {
+      LOGGER.debug("Anonimous binding not supported, binding with the manager detailas...");
+      connection.bind(ambariLdapConfiguration.managerDn(), ambariLdapConfiguration.managerPassword());
+    } else {
+      LOGGER.debug("Binding anonimously ...");
+      connection.bind();
+    }
+
+    if (!connection.isConnected()) {
+      LOGGER.error("Not connected to the LDAP server. Connection instance: {}", connection);
+      throw new IllegalStateException("The connection to the LDAP server is not alive");
+    }
+    LOGGER.info("Connected to LDAP.");
+  }
+
+
+  private Set<String> processGroupResults(Set<Response> groupResponses, AmbariLdapConfiguration ambariLdapConfiguration) {
+    Set<String> groupStrSet = Sets.newHashSet();
+    for (Response response : groupResponses) {
+      Entry entry = ((SearchResultEntryDecorator) response).getEntry();
+      groupStrSet.add(entry.get(ambariLdapConfiguration.groupNameAttribute()).get().getString());
+    }
+
+    LOGGER.debug("Extracted group names from group search responses: {}", groupStrSet);
+    return groupStrSet;
+  }
+
+  private void closeResources(LdapConnection connection, SearchCursor searchCursor) {
+    LOGGER.debug("Housekeeping: closing the connection and the search cursor ...");
+
+    if (null != searchCursor) {
+      // this method is idempotent
+      searchCursor.close();
+    }
+
+    if (null != connection) {
+      try {
+        connection.close();
+      } catch (IOException e) {
+        LOGGER.error("Exception occurred while closing the connection", e);
+      }
+    }
+  }
+
+}
+
+
+

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java
new file mode 100644
index 0000000..b5559d9
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.ldap.service.ad;
+
+import javax.inject.Singleton;
+
+import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
+import org.apache.ambari.server.ldap.service.LdapConnectionService;
+import org.apache.directory.ldap.client.api.LdapConnectionConfig;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Singleton
+public class DefaultLdapConnectionService implements LdapConnectionService {
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(DefaultLdapConnectionService.class);
+
+  @Override
+  public LdapNetworkConnection createLdapConnection(AmbariLdapConfiguration ambariLdapConfiguration) {
+    LOGGER.debug("Creating ldap connection instance from: {}", ambariLdapConfiguration);
+    return new LdapNetworkConnection(getLdapConnectionConfig(ambariLdapConfiguration));
+  }
+
+  private LdapConnectionConfig getLdapConnectionConfig(AmbariLdapConfiguration ambariAmbariLdapConfiguration) {
+    LOGGER.debug("Creating a configuration instance based on the ambari configuration: {}", ambariAmbariLdapConfiguration);
+
+    LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
+    ldapConnectionConfig.setLdapHost(ambariAmbariLdapConfiguration.ldapServerHost());
+    ldapConnectionConfig.setLdapPort(ambariAmbariLdapConfiguration.ldapServerPort());
+    ldapConnectionConfig.setUseSsl(ambariAmbariLdapConfiguration.useSSL());
+
+    //todo set the other values as required
+    return ldapConnectionConfig;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java
deleted file mode 100644
index a8839f1..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.ldap.service.ad;
-
-import javax.inject.Singleton;
-
-import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
-import org.apache.directory.ldap.client.api.LdapConnectionConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Converts between ambari specific ldap types and the 3rd party ldap library
- */
-@Singleton
-public class LdapConfigurationConverter {
-
-  private static final Logger LOGGER = LoggerFactory.getLogger(LdapConfigurationConverter.class);
-
-  /**
-   * Creates a {@link LdapConnectionConfig} instance based on the provided ambari specific configurations
-   *
-   * @param ambariAmbariLdapConfiguration
-   * @return
-   */
-  public LdapConnectionConfig getLdapConnectionConfig(AmbariLdapConfiguration ambariAmbariLdapConfiguration) {
-    LOGGER.debug("Creating a configuration instance based on the ambari configuration: {}", ambariAmbariLdapConfiguration);
-
-    LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
-    ldapConnectionConfig.setLdapHost(ambariAmbariLdapConfiguration.ldapServerHost());
-    ldapConnectionConfig.setLdapPort(ambariAmbariLdapConfiguration.ldapServerPort());
-    ldapConnectionConfig.setUseSsl(ambariAmbariLdapConfiguration.useSSL());
-
-    //todo set the other values as required
-    return ldapConnectionConfig;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java
deleted file mode 100644
index 0f57099..0000000
--- a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.ldap.service.ad;
-
-import static org.junit.Assert.assertNotNull;
-
-import java.util.Map;
-
-import org.apache.ambari.server.AmbariException;
-import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
-import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
-import org.apache.directory.api.ldap.model.cursor.EntryCursor;
-import org.apache.directory.api.ldap.model.cursor.SearchCursor;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.message.Response;
-import org.apache.directory.api.ldap.model.message.SearchRequest;
-import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
-import org.apache.directory.api.ldap.model.message.SearchResultEntry;
-import org.apache.directory.api.ldap.model.message.SearchScope;
-import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.LdapConnectionConfig;
-import org.apache.directory.ldap.client.api.LdapNetworkConnection;
-import org.apache.directory.ldap.client.api.search.FilterBuilder;
-import org.apache.directory.shared.ldap.constants.SchemaConstants;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Maps;
-
-public class AdLdapConfigurationValidatorServiceTest {
-  private static final Logger LOGGER = LoggerFactory.getLogger(AdLdapConfigurationValidatorService.class);
-  private static final String TEST_USER = "Jocika10";
-
-  LdapConfigurationValidatorService ldapConfigurationValidatorService = new AdLdapConfigurationValidatorService();
-
-
-  @Test
-  public void testCheckAttributes() throws Exception {
-
-    // WHEN
-    LdapConnectionConfig config = new LdapConnectionConfig();
-    config.setLdapHost("localhost");
-    config.setLdapPort(389);
-    LdapConnection connection = new LdapNetworkConnection(config);
-
-    // THEN
-    connection.anonymousBind();
-
-
-    EntryCursor cursor = connection.search("dc=dev,dc=local", "(objectclass=*)", SearchScope.ONELEVEL);
-
-    for (Entry entry : cursor) {
-      assertNotNull(entry);
-      System.out.println(entry);
-    }
-
-    cursor.close();
-
-  }
-
-  @Test
-  public void testCheckUserAttributes() throws Exception {
-    Map<String, Object> ldapPropsMap = Maps.newHashMap();
-
-    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), true);
-    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "localhost");
-    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389");
-    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=dev,dc=local");
-    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC);
-    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT);
-
-    AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap);
-
-
-    try {
-      LOGGER.info("Authenticating user {} against the LDAP server ...", TEST_USER);
-      LdapConfigurationConverter ldapConfigurationConverter = new LdapConfigurationConverter();
-
-      LdapConnectionConfig connectionConfig = ldapConfigurationConverter.getLdapConnectionConfig(ambariLdapConfiguration);
-      LdapNetworkConnection connection = new LdapNetworkConnection(connectionConfig);
-
-      String filter = FilterBuilder.and(
-        FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()),
-        FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), TEST_USER))
-        .toString();
-
-      SearchRequest searchRequest = new SearchRequestImpl();
-      searchRequest.setBase(new Dn(ambariLdapConfiguration.baseDn()));
-      searchRequest.setFilter(filter);
-      searchRequest.setScope(SearchScope.SUBTREE);
-
-      LOGGER.info("loking up user: {} based on the filtr: {}", TEST_USER, filter);
-
-      connection.bind();
-      SearchCursor searchCursor = connection.search(searchRequest);
-
-      while (searchCursor.next()) {
-        Response response = searchCursor.get();
-
-        // process the SearchResultEntry
-        if (response instanceof SearchResultEntry) {
-          Entry resultEntry = ((SearchResultEntry) response).getEntry();
-          System.out.println(resultEntry);
-        }
-      }
-
-      searchCursor.close();
-
-    } catch (Exception e) {
-      throw new AmbariException("Error during user authentication check", e);
-    }
-
-  }
-
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java
new file mode 100644
index 0000000..5c9d304
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java
@@ -0,0 +1,156 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.ldap.service.ad;
+
+import static org.junit.Assert.assertNotNull;
+
+import java.util.Map;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
+import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
+import org.apache.ambari.server.ldap.service.LdapConnectionService;
+import org.apache.directory.api.ldap.model.cursor.EntryCursor;
+import org.apache.directory.api.ldap.model.cursor.SearchCursor;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.message.Response;
+import org.apache.directory.api.ldap.model.message.SearchRequest;
+import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
+import org.apache.directory.api.ldap.model.message.SearchResultEntry;
+import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapConnectionConfig;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.apache.directory.ldap.client.api.search.FilterBuilder;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.Maps;
+
+public class DefaultLdapConfigurationValidatorServiceTest {
+  private static final Logger LOGGER = LoggerFactory.getLogger(DefaultLdapConfigurationValidatorService.class);
+  private static final String TEST_USER = "einstein";
+
+  LdapConfigurationValidatorService ldapConfigurationValidatorService = new DefaultLdapConfigurationValidatorService();
+
+
+  @Test
+  public void testCheckAttributes() throws Exception {
+
+    // WHEN
+    LdapConnectionConfig config = new LdapConnectionConfig();
+    config.setLdapHost("localhost");
+    config.setLdapPort(389);
+    LdapConnection connection = new LdapNetworkConnection(config);
+
+    // THEN
+    connection.anonymousBind();
+
+
+    EntryCursor cursor = connection.search("dc=dev,dc=local", "(objectclass=*)", SearchScope.ONELEVEL);
+
+    for (Entry entry : cursor) {
+      assertNotNull(entry);
+      System.out.println(entry);
+    }
+
+    cursor.close();
+
+  }
+
+  @Test
+  public void testCheckUserAttributes() throws Exception {
+    Map<String, Object> ldapPropsMap = Maps.newHashMap();
+
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), false);
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "ldap.forumsys.com");
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389");
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=example,dc=com");
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC);
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_OBJECT_CLASS.propertyName(), SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC);
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_NAME_ATTRIBUTE.propertyName(), SchemaConstants.CN_AT);
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE.propertyName(), SchemaConstants.UNIQUE_MEMBER_AT);
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT);
+
+    AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap);
+
+
+    try {
+      LOGGER.info("Authenticating user {} against the LDAP server ...", TEST_USER);
+      LdapConnectionService connectionService = new DefaultLdapConnectionService();
+      LdapNetworkConnection connection = connectionService.createLdapConnection(ambariLdapConfiguration);
+
+      String filter = FilterBuilder.and(
+        FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()),
+        FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), TEST_USER))
+        .toString();
+
+      SearchRequest searchRequest = new SearchRequestImpl();
+      searchRequest.setBase(new Dn(ambariLdapConfiguration.baseDn()));
+      searchRequest.setFilter(filter);
+      searchRequest.setScope(SearchScope.SUBTREE);
+
+      LOGGER.info("loking up user: {} based on the filtr: {}", TEST_USER, filter);
+
+      connection.bind();
+      SearchCursor searchCursor = connection.search(searchRequest);
+
+      while (searchCursor.next()) {
+        Response response = searchCursor.get();
+
+        // process the SearchResultEntry
+        if (response instanceof SearchResultEntry) {
+          Entry resultEntry = ((SearchResultEntry) response).getEntry();
+          System.out.println(resultEntry);
+        }
+      }
+
+      searchCursor.close();
+
+    } catch (Exception e) {
+      throw new AmbariException("Error during user authentication check", e);
+    }
+
+  }
+
+  @Test
+  public void testRetrieveGorupsForuser() throws Exception {
+    // GIVEN
+    Map<String, Object> ldapPropsMap = Maps.newHashMap();
+
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), "true");
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "ldap.forumsys.com");
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389");
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=example,dc=com");
+
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC);
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT);
+
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_OBJECT_CLASS.propertyName(), SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC);
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_NAME_ATTRIBUTE.propertyName(), SchemaConstants.CN_AT);
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE.propertyName(), SchemaConstants.UNIQUE_MEMBER_AT);
+    ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_SEARCH_BASE.propertyName(), "dc=example,dc=com");
+
+
+    AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap);
+    LdapConnectionService connectionService = new DefaultLdapConnectionService();
+    LdapNetworkConnection ldapConnection = connectionService.createLdapConnection(ambariLdapConfiguration);
+
+    ldapConfigurationValidatorService.checkGroupAttributes(ldapConnection, "uid=einstein,dc=example,dc=com", ambariLdapConfiguration);
+  }
+}
\ No newline at end of file


Mime
View raw message