Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 61913200D1F for ; Fri, 13 Oct 2017 17:54:35 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 6017F160BED; Fri, 13 Oct 2017 15:54:35 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5F0B1160BE5 for ; Fri, 13 Oct 2017 17:54:33 +0200 (CEST) Received: (qmail 11254 invoked by uid 500); 13 Oct 2017 15:54:32 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 11233 invoked by uid 99); 13 Oct 2017 15:54:32 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Oct 2017 15:54:32 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 29A2CDFBD7; Fri, 13 Oct 2017 15:54:29 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: lpuskas@apache.org To: commits@ambari.apache.org Date: Fri, 13 Oct 2017 15:54:39 -0000 Message-Id: In-Reply-To: <410aae0969204dcdaaab6594d0251a04@git.apache.org> References: <410aae0969204dcdaaab6594d0251a04@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [11/33] ambari git commit: AMBARI-21307 Draft implementation of the group related attributes archived-at: Fri, 13 Oct 2017 15:54:35 -0000 AMBARI-21307 Draft implementation of the group related attributes Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/86e105f8 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/86e105f8 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/86e105f8 Branch: refs/heads/feature-branch-AMBARI-21307 Commit: 86e105f8d7ae76318132f2e3ff8f3833c0af14b2 Parents: 8d2e134 Author: lpuskas Authored: Tue Aug 8 13:54:29 2017 +0200 Committer: lpuskas Committed: Fri Oct 13 17:20:49 2017 +0200 ---------------------------------------------------------------------- .../server/ldap/AmbariLdapConfiguration.java | 22 +- .../ldap/LdapConfigurationValidatorService.java | 34 +-- .../apache/ambari/server/ldap/LdapModule.java | 4 +- .../server/ldap/service/AmbariLdapFacade.java | 25 +- .../ldap/service/LdapConnectionService.java | 35 +++ .../ambari/server/ldap/service/LdapFacade.java | 9 +- .../ad/AdLdapConfigurationValidatorService.java | 177 -------------- ...efaultLdapConfigurationValidatorService.java | 232 +++++++++++++++++++ .../ad/DefaultLdapConnectionService.java | 63 +++++ .../service/ad/LdapConfigurationConverter.java | 50 ---- ...AdLdapConfigurationValidatorServiceTest.java | 129 ----------- ...ltLdapConfigurationValidatorServiceTest.java | 156 +++++++++++++ 12 files changed, 552 insertions(+), 384 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java index 519f400..a6ff80b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java @@ -53,7 +53,7 @@ public class AmbariLdapConfiguration { GROUP_OBJECT_CLASS("ambari.ldap.group.object.class"), GROUP_NAME_ATTRIBUTE("ambari.ldap.group.name.attribute"), GROUP_MEMBER_ATTRIBUTE("ambari.ldap.group.member.attribute"), - GROUP_SEARCH_BASE("ambari.ldap.group.member.attribute"), + GROUP_SEARCH_BASE("ambari.ldap.group.search.base"), DN_ATTRIBUTE("authentication.ldap.dnAttribute"); private String propertyName; @@ -126,4 +126,24 @@ public class AmbariLdapConfiguration { return (String) configurationValue(LdapConfigProperty.USER_NAME_ATTRIBUTE); } + public String userSearchBase() { + return (String) configurationValue(LdapConfigProperty.USER_SEARCH_BASE); + } + + public String groupObjectClass() { + return (String) configurationValue(LdapConfigProperty.GROUP_OBJECT_CLASS); + } + + public String groupNameAttribute() { + return (String) configurationValue(LdapConfigProperty.GROUP_NAME_ATTRIBUTE); + } + + public String groupMemberAttribute() { + return (String) configurationValue(LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE); + } + + public String groupSearchBase() { + return (String) configurationValue(LdapConfigProperty.GROUP_SEARCH_BASE); + } + } http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java index 4667721..7efa3b7 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java @@ -14,8 +14,11 @@ package org.apache.ambari.server.ldap; +import java.util.Set; + import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.ldap.service.AmbariLdapException; +import org.apache.directory.ldap.client.api.LdapConnection; /** * Collection of operations for validating ldap configuration. @@ -26,27 +29,32 @@ public interface LdapConfigurationValidatorService { /** * Tests the connection based on the provided configuration. * - * @param configuration the ambari ldap configuration instance + * @param ldapConnection connection instance + * @param configuration the ambari ldap configuration instance * @throws AmbariLdapException if the connection is not possible */ - void checkConnection(AmbariLdapConfiguration configuration) throws AmbariLdapException; + void checkConnection(LdapConnection ldapConnection, AmbariLdapConfiguration configuration) throws AmbariLdapException; + /** - * Checks whether the group related LDAP attributes in the configuration are correct. + * Implements LDAP user related configuration settings validation logic. + * Implementers communicate with the LDAP server (search, bind) to validate attributes in the provided configuration + * instance * - * @param configuration the configuration instance holding the available properties - * @throws AmbariException if the attributes are not valid + * @param ldapConnection connection instance used to connect to the LDAP server + * @param testUserName the test username + * @param testPassword the test password + * @param configuration the available ldap configuration + * @return The DN of the found user entry + * @throws AmbariException if the connection couldn't be estabilisheds */ - void checkGroupAttributes(AmbariLdapConfiguration configuration) throws AmbariException; + String checkUserAttributes(LdapConnection ldapConnection, String testUserName, String testPassword, AmbariLdapConfiguration configuration) throws AmbariLdapException; /** - * Tries to connect to the LDAP server with the given credentials. - * Primarily used for testing the user before performing other operations (eg. attribute detection)s + * Checks whether the group related LDAP attributes in the configuration are correct. * - * @param username the username - * @param password the password - * @param configuration the available ldap configuration - * @throws AmbariException if the connection couldn't be estabilished + * @throws AmbariException if the attributes are not valid */ - void checkUserAttributes(String username, String password, AmbariLdapConfiguration configuration) throws AmbariException; + Set checkGroupAttributes(LdapConnection ldapConnection, String userDn, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException; + } http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java index 625ce8b..545f220 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java @@ -17,7 +17,7 @@ package org.apache.ambari.server.ldap; import org.apache.ambari.server.ldap.service.AmbariLdapFacade; import org.apache.ambari.server.ldap.service.LdapFacade; -import org.apache.ambari.server.ldap.service.ad.AdLdapConfigurationValidatorService; +import org.apache.ambari.server.ldap.service.ad.DefaultLdapConfigurationValidatorService; import com.google.inject.AbstractModule; import com.google.inject.assistedinject.FactoryModuleBuilder; @@ -30,7 +30,7 @@ public class LdapModule extends AbstractModule { @Override protected void configure() { bind(LdapFacade.class).to(AmbariLdapFacade.class); - bind(LdapConfigurationValidatorService.class).to(AdLdapConfigurationValidatorService.class); + bind(LdapConfigurationValidatorService.class).to(DefaultLdapConfigurationValidatorService.class); install(new FactoryModuleBuilder().build(LdapConfigurationFactory.class)); } http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java index abd028a..abb464b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java @@ -16,13 +16,14 @@ package org.apache.ambari.server.ldap.service; import java.util.Map; +import java.util.Set; import javax.inject.Inject; import javax.inject.Singleton; -import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.ldap.AmbariLdapConfiguration; import org.apache.ambari.server.ldap.LdapConfigurationValidatorService; +import org.apache.directory.ldap.client.api.LdapConnection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -51,17 +52,21 @@ public class AmbariLdapFacade implements LdapFacade { private LdapConfigurationValidatorService ldapConfigurationValidatorService; @Inject + private LdapConnectionService ldapConnectionService; + + @Inject public AmbariLdapFacade() { } @Override - public void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException { + public void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException { try { LOGGER.info("Validating LDAP connection related configuration based on: {}", ambariLdapConfiguration); - ldapConfigurationValidatorService.checkConnection(ambariLdapConfiguration); + LdapConnection connection = ldapConnectionService.createLdapConnection(ambariLdapConfiguration); + ldapConfigurationValidatorService.checkConnection(connection, ambariLdapConfiguration); } catch (AmbariLdapException e) { LOGGER.error("Validating LDAP connection configuration failed", e); - throw new AmbariException("Validating LDAP connection configuration failed", e); + throw e; } LOGGER.info("Validating LDAP connection related configuration: SUCCESS"); } @@ -74,7 +79,7 @@ public class AmbariLdapFacade implements LdapFacade { } @Override - public void checkLdapAttibutes(Map parameters, AmbariLdapConfiguration ldapConfiguration) throws AmbariException { + public void checkLdapAttibutes(Map parameters, AmbariLdapConfiguration ldapConfiguration) throws AmbariLdapException { String userName = getTestUserNameFromParameters(parameters); String testUserPass = getTestUserPasswordFromParameters(parameters); @@ -82,8 +87,14 @@ public class AmbariLdapFacade implements LdapFacade { throw new IllegalArgumentException("No test user available for testing LDAP attributes"); } - LOGGER.info("Testing LDAP attributes with test user: {}", userName); - ldapConfigurationValidatorService.checkUserAttributes(userName, testUserPass, ldapConfiguration); + LdapConnection ldapConnection = ldapConnectionService.createLdapConnection(ldapConfiguration); + + LOGGER.info("Testing LDAP user attributes with test user: {}", userName); + String userDn = ldapConfigurationValidatorService.checkUserAttributes(ldapConnection, userName, testUserPass, ldapConfiguration); + + LOGGER.info("Testing LDAP group attributes with test user dn: {}", userDn); + Set groups = ldapConfigurationValidatorService.checkGroupAttributes(ldapConnection, userDn, ldapConfiguration); + } http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java new file mode 100644 index 0000000..50ee8ed --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java @@ -0,0 +1,35 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service; + +import org.apache.ambari.server.ldap.AmbariLdapConfiguration; +import org.apache.directory.ldap.client.api.LdapNetworkConnection; + +/** + * Contract defining factory methods for creating LDAP connection instances. + * Implementers contain the logic of creating different connection instances and the afferent boilerplate code. + */ +public interface LdapConnectionService { + + /** + * Creates an LdapConnection instance based on the provided configuration + * + * @param ambariLdapConfiguration configuration instance with information for creating the connection instance + * @return a set up LdapConnection instance + */ + LdapNetworkConnection createLdapConnection(AmbariLdapConfiguration ambariLdapConfiguration); + + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java index 38553f0..7bb1198 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java @@ -16,7 +16,6 @@ package org.apache.ambari.server.ldap.service; import java.util.Map; -import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.ldap.AmbariLdapConfiguration; /** @@ -29,9 +28,9 @@ public interface LdapFacade { * Tests the connection to the LDAP server based on the provided configuration. * * @param ambariLdapConfiguration the available ldap related configuration - * @throws AmbariException if the connection fails or other problems occur during the operation + * @throws AmbariLdapException if the connection fails or other problems occur during the operation */ - void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException; + void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException; /** @@ -46,7 +45,7 @@ public interface LdapFacade { * * @param parameters a map of property name and value pairs holding information to facilitate checking the attributes * @param ambariLdapConfiguration configutration instance with available attributes - * @throws AmbariException if the attribute checking fails + * @throws AmbariLdapException if the attribute checking fails */ - void checkLdapAttibutes(Map parameters, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException; + void checkLdapAttibutes(Map parameters, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException; } http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java deleted file mode 100644 index 11e8655..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.ldap.service.ad; - -import java.io.IOException; -import java.util.List; - -import javax.inject.Inject; -import javax.inject.Singleton; - -import org.apache.ambari.server.AmbariException; -import org.apache.ambari.server.ldap.AmbariLdapConfiguration; -import org.apache.ambari.server.ldap.LdapConfigurationValidatorService; -import org.apache.ambari.server.ldap.service.AmbariLdapException; -import org.apache.directory.api.ldap.model.cursor.EntryCursor; -import org.apache.directory.api.ldap.model.cursor.SearchCursor; -import org.apache.directory.api.ldap.model.entry.Entry; -import org.apache.directory.api.ldap.model.message.SearchScope; -import org.apache.directory.api.ldap.model.name.Dn; -import org.apache.directory.ldap.client.api.LdapConnectionConfig; -import org.apache.directory.ldap.client.api.LdapNetworkConnection; -import org.apache.directory.ldap.client.api.search.FilterBuilder; -import org.apache.directory.shared.ldap.constants.SchemaConstants; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Lists; - -/** - * Implementation of the validation logic using the Apache Directory API. - */ -@Singleton -public class AdLdapConfigurationValidatorService implements LdapConfigurationValidatorService { - - private static final Logger LOGGER = LoggerFactory.getLogger(AdLdapConfigurationValidatorService.class); - - @Inject - private LdapConfigurationConverter ldapConfigurationConverter; - - /** - * Facilitating the instantiation - */ - @Inject - public AdLdapConfigurationValidatorService() { - } - - @Override - public void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException { - try { - LOGGER.info("Testing the connection based on the configuration: {}", ambariLdapConfiguration); - - LdapConnectionConfig connectionConfig = ldapConfigurationConverter.getLdapConnectionConfig(ambariLdapConfiguration); - LdapNetworkConnection connection = new LdapNetworkConnection(connectionConfig); - - if (ambariLdapConfiguration.bindAnonimously()) { - LOGGER.debug("Binding anonimously ..."); - connection.bind(); - } else { - LOGGER.debug("Binding with manager DN and manager password ..."); - connection.bind(ambariLdapConfiguration.managerDn(), ambariLdapConfiguration.managerPassword()); - } - - if (connection.isConnected()) { - LOGGER.info("Successfully connected to the LDAP server."); - } - - connection.close(); - - } catch (Exception e) { - LOGGER.warn("Could not bind to the LDAP server base don the provided configuration ..."); - throw new AmbariLdapException(e); - } - } - - - /** - * Checks the user attributes provided in the configuration instance by issuing a search for a (known) test user in the LDAP. - * Attributes are considered correct if there is at least one entry found. - * - * Invalid attributes are signaled by throwing an exception. - * - * @param username the username - * @param password the password - * @param ambariLdapConfiguration configuration instance holding ldap configuration details - * @throws AmbariException if the attributes are not valid or any errors occurs - */ - @Override - public void checkUserAttributes(String username, String password, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException { - LdapNetworkConnection connection = null; - SearchCursor searchCursor = null; - try { - LOGGER.info("Checking user attributes for user {} r ...", username); - - LdapConnectionConfig connectionConfig = ldapConfigurationConverter.getLdapConnectionConfig(ambariLdapConfiguration); - connection = new LdapNetworkConnection(connectionConfig); - - - if (!ambariLdapConfiguration.bindAnonimously()) { - LOGGER.debug("Anonimous binding not supported, binding with the manager detailas..."); - connection.bind(ambariLdapConfiguration.managerDn(), ambariLdapConfiguration.managerPassword()); - } else { - LOGGER.debug("Binding anonimously ..."); - connection.bind(); - } - - if (!connection.isConnected()) { - LOGGER.error("Not connected to the LDAP server. Connection instance: {}", connection); - throw new IllegalStateException("The connection to the LDAP server is not alive"); - } - - // set up a filter based on the provided attributes - String filter = FilterBuilder.and( - FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()), - FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), username)) - .toString(); - - LOGGER.info("Searching for the user: {} using the search filter: {}", username, filter); - EntryCursor entryCursor = connection.search(new Dn(ambariLdapConfiguration.baseDn()), filter, SearchScope.SUBTREE); - - // collecting search result entries - List users = Lists.newArrayList(); - for (Entry entry : entryCursor) { - users.add(entry); - } - - // there should be at least one user found - if (users.isEmpty()) { - String msg = String.format("There are no users found using the filter: [ %s ]. Try changing the attribute values", filter); - LOGGER.error(msg); - throw new Exception(msg); - } - - LOGGER.info("Attibute validation succeeded. Filter: {}", filter); - - } catch (Exception e) { - - LOGGER.error("Error while checking user attributes."); - throw new AmbariException("Error while checking user attributes", e); - - } finally { - - LOGGER.debug("Closing the connection and searchresult ..."); - - if (null != searchCursor) { - searchCursor.close(); - } - - if (null != connection) { - try { - connection.close(); - } catch (IOException e) { - LOGGER.error("Exception occurred while closing the connection", e); - } - } - - } - } - - @Override - public void checkGroupAttributes(AmbariLdapConfiguration configuration) throws AmbariException { - - } - - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java new file mode 100644 index 0000000..838ef4c --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java @@ -0,0 +1,232 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service.ad; + +import java.io.IOException; +import java.util.List; +import java.util.Set; + +import javax.inject.Inject; +import javax.inject.Singleton; + +import org.apache.ambari.server.AmbariException; +import org.apache.ambari.server.ldap.AmbariLdapConfiguration; +import org.apache.ambari.server.ldap.LdapConfigurationValidatorService; +import org.apache.ambari.server.ldap.service.AmbariLdapException; +import org.apache.ambari.server.ldap.service.LdapConnectionService; +import org.apache.directory.api.ldap.codec.decorators.SearchResultEntryDecorator; +import org.apache.directory.api.ldap.model.cursor.EntryCursor; +import org.apache.directory.api.ldap.model.cursor.SearchCursor; +import org.apache.directory.api.ldap.model.entry.Entry; +import org.apache.directory.api.ldap.model.exception.LdapException; +import org.apache.directory.api.ldap.model.message.Response; +import org.apache.directory.api.ldap.model.message.SearchRequest; +import org.apache.directory.api.ldap.model.message.SearchRequestImpl; +import org.apache.directory.api.ldap.model.message.SearchScope; +import org.apache.directory.api.ldap.model.name.Dn; +import org.apache.directory.ldap.client.api.LdapConnection; +import org.apache.directory.ldap.client.api.LdapNetworkConnection; +import org.apache.directory.ldap.client.api.search.FilterBuilder; +import org.apache.directory.shared.ldap.constants.SchemaConstants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.Lists; +import com.google.common.collect.Sets; + +/** + * Implementation of the validation logic using the Apache Directory API. + */ +@Singleton +public class DefaultLdapConfigurationValidatorService implements LdapConfigurationValidatorService { + + private static final Logger LOGGER = LoggerFactory.getLogger(DefaultLdapConfigurationValidatorService.class); + + @Inject + private LdapConnectionService ldapConnectionService; + + /** + * Facilitating the instantiation + */ + @Inject + public DefaultLdapConfigurationValidatorService() { + } + + @Override + public void checkConnection(LdapConnection ldapConnection, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException { + try { + bind(ambariLdapConfiguration, ldapConnection); + } catch (LdapException e) { + LOGGER.error("Could not connect to the LDAP server", e); + throw new AmbariLdapException(e); + } + } + + + /** + * Checks the user attributes provided in the configuration instance by issuing a search for a (known) test user in the LDAP. + * Attributes are considered correct if there is at least one entry found. + * + * Invalid attributes are signaled by throwing an exception. + * + * @param testUserName the test username + * @param testPassword the test password + * @param ambariLdapConfiguration configuration instance holding ldap configuration details + * @throws AmbariException if the attributes are not valid or any errors occurs + */ + @Override + public String checkUserAttributes(LdapConnection ldapConnection, String testUserName, String testPassword, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException { + LdapNetworkConnection connection = null; + SearchCursor searchCursor = null; + String userDn = null; + try { + LOGGER.info("Checking user attributes for user {} r ...", testUserName); + + // bind anonimously or with manager data + bind(ambariLdapConfiguration, connection); + + // set up a filter based on the provided attributes + String filter = FilterBuilder.and( + FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()), + FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), testUserName)) + .toString(); + + LOGGER.info("Searching for the user: {} using the search filter: {}", testUserName, filter); + EntryCursor entryCursor = connection.search(new Dn(ambariLdapConfiguration.userSearchBase()), filter, SearchScope.SUBTREE); + + // collecting search result entries + List users = Lists.newArrayList(); + for (Entry entry : entryCursor) { + users.add(entry); + userDn = entry.getDn().getNormName(); + } + + // there should be at least one user found + if (users.isEmpty()) { + String msg = String.format("There are no users found using the filter: [ %s ]. Try changing the attribute values", filter); + LOGGER.error(msg); + throw new Exception(msg); + } + + LOGGER.info("Attibute validation succeeded. Filter: {}", filter); + + } catch (Exception e) { + + LOGGER.error("User attributes validation failed.", e); + throw new AmbariLdapException(e.getMessage(), e); + + } finally { + closeResources(connection, searchCursor); + } + return userDn; + } + + + @Override + public Set checkGroupAttributes(LdapConnection ldapConnection, String userDn, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException { + SearchCursor searchCursor = null; + Set groupResponses = Sets.newHashSet(); + + try { + LOGGER.info("Checking group attributes for user dn {} ...", userDn); + + bind(ambariLdapConfiguration, ldapConnection); + + // set up a filter based on the provided attributes + String filter = FilterBuilder.and( + FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.groupObjectClass()), + FilterBuilder.equal(ambariLdapConfiguration.groupMemberAttribute(), userDn) + ).toString(); + + LOGGER.info("Searching for the groups the user dn: {} is member of using the search filter: {}", userDn, filter); + + // assemble a search request + SearchRequest searchRequest = new SearchRequestImpl(); + searchRequest.setFilter(filter); + searchRequest.setBase(new Dn(ambariLdapConfiguration.groupSearchBase())); + searchRequest.setScope(SearchScope.SUBTREE); + searchRequest.addAttributes(ambariLdapConfiguration.groupMemberAttribute(), ambariLdapConfiguration.groupNameAttribute()); + + // perform the search + searchCursor = ldapConnection.search(searchRequest); + + for (Response response : searchCursor) { + groupResponses.add(response); + } + + } catch (Exception e) { + + LOGGER.error("User attributes validation failed.", e); + throw new AmbariLdapException(e.getMessage(), e); + + } finally { + + closeResources(ldapConnection, searchCursor); + + } + + return processGroupResults(groupResponses, ambariLdapConfiguration); + } + + private void bind(AmbariLdapConfiguration ambariLdapConfiguration, LdapConnection connection) throws LdapException { + LOGGER.info("Connecting to LDAP ...."); + if (!ambariLdapConfiguration.bindAnonimously()) { + LOGGER.debug("Anonimous binding not supported, binding with the manager detailas..."); + connection.bind(ambariLdapConfiguration.managerDn(), ambariLdapConfiguration.managerPassword()); + } else { + LOGGER.debug("Binding anonimously ..."); + connection.bind(); + } + + if (!connection.isConnected()) { + LOGGER.error("Not connected to the LDAP server. Connection instance: {}", connection); + throw new IllegalStateException("The connection to the LDAP server is not alive"); + } + LOGGER.info("Connected to LDAP."); + } + + + private Set processGroupResults(Set groupResponses, AmbariLdapConfiguration ambariLdapConfiguration) { + Set groupStrSet = Sets.newHashSet(); + for (Response response : groupResponses) { + Entry entry = ((SearchResultEntryDecorator) response).getEntry(); + groupStrSet.add(entry.get(ambariLdapConfiguration.groupNameAttribute()).get().getString()); + } + + LOGGER.debug("Extracted group names from group search responses: {}", groupStrSet); + return groupStrSet; + } + + private void closeResources(LdapConnection connection, SearchCursor searchCursor) { + LOGGER.debug("Housekeeping: closing the connection and the search cursor ..."); + + if (null != searchCursor) { + // this method is idempotent + searchCursor.close(); + } + + if (null != connection) { + try { + connection.close(); + } catch (IOException e) { + LOGGER.error("Exception occurred while closing the connection", e); + } + } + } + +} + + + http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java new file mode 100644 index 0000000..b5559d9 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java @@ -0,0 +1,63 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service.ad; + +import javax.inject.Singleton; + +import org.apache.ambari.server.ldap.AmbariLdapConfiguration; +import org.apache.ambari.server.ldap.service.LdapConnectionService; +import org.apache.directory.ldap.client.api.LdapConnectionConfig; +import org.apache.directory.ldap.client.api.LdapNetworkConnection; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +@Singleton +public class DefaultLdapConnectionService implements LdapConnectionService { + + private static final Logger LOGGER = LoggerFactory.getLogger(DefaultLdapConnectionService.class); + + @Override + public LdapNetworkConnection createLdapConnection(AmbariLdapConfiguration ambariLdapConfiguration) { + LOGGER.debug("Creating ldap connection instance from: {}", ambariLdapConfiguration); + return new LdapNetworkConnection(getLdapConnectionConfig(ambariLdapConfiguration)); + } + + private LdapConnectionConfig getLdapConnectionConfig(AmbariLdapConfiguration ambariAmbariLdapConfiguration) { + LOGGER.debug("Creating a configuration instance based on the ambari configuration: {}", ambariAmbariLdapConfiguration); + + LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig(); + ldapConnectionConfig.setLdapHost(ambariAmbariLdapConfiguration.ldapServerHost()); + ldapConnectionConfig.setLdapPort(ambariAmbariLdapConfiguration.ldapServerPort()); + ldapConnectionConfig.setUseSsl(ambariAmbariLdapConfiguration.useSSL()); + + //todo set the other values as required + return ldapConnectionConfig; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java deleted file mode 100644 index a8839f1..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.ldap.service.ad; - -import javax.inject.Singleton; - -import org.apache.ambari.server.ldap.AmbariLdapConfiguration; -import org.apache.directory.ldap.client.api.LdapConnectionConfig; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Converts between ambari specific ldap types and the 3rd party ldap library - */ -@Singleton -public class LdapConfigurationConverter { - - private static final Logger LOGGER = LoggerFactory.getLogger(LdapConfigurationConverter.class); - - /** - * Creates a {@link LdapConnectionConfig} instance based on the provided ambari specific configurations - * - * @param ambariAmbariLdapConfiguration - * @return - */ - public LdapConnectionConfig getLdapConnectionConfig(AmbariLdapConfiguration ambariAmbariLdapConfiguration) { - LOGGER.debug("Creating a configuration instance based on the ambari configuration: {}", ambariAmbariLdapConfiguration); - - LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig(); - ldapConnectionConfig.setLdapHost(ambariAmbariLdapConfiguration.ldapServerHost()); - ldapConnectionConfig.setLdapPort(ambariAmbariLdapConfiguration.ldapServerPort()); - ldapConnectionConfig.setUseSsl(ambariAmbariLdapConfiguration.useSSL()); - - //todo set the other values as required - return ldapConnectionConfig; - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java deleted file mode 100644 index 0f57099..0000000 --- a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.ldap.service.ad; - -import static org.junit.Assert.assertNotNull; - -import java.util.Map; - -import org.apache.ambari.server.AmbariException; -import org.apache.ambari.server.ldap.AmbariLdapConfiguration; -import org.apache.ambari.server.ldap.LdapConfigurationValidatorService; -import org.apache.directory.api.ldap.model.cursor.EntryCursor; -import org.apache.directory.api.ldap.model.cursor.SearchCursor; -import org.apache.directory.api.ldap.model.entry.Entry; -import org.apache.directory.api.ldap.model.message.Response; -import org.apache.directory.api.ldap.model.message.SearchRequest; -import org.apache.directory.api.ldap.model.message.SearchRequestImpl; -import org.apache.directory.api.ldap.model.message.SearchResultEntry; -import org.apache.directory.api.ldap.model.message.SearchScope; -import org.apache.directory.api.ldap.model.name.Dn; -import org.apache.directory.ldap.client.api.LdapConnection; -import org.apache.directory.ldap.client.api.LdapConnectionConfig; -import org.apache.directory.ldap.client.api.LdapNetworkConnection; -import org.apache.directory.ldap.client.api.search.FilterBuilder; -import org.apache.directory.shared.ldap.constants.SchemaConstants; -import org.junit.Test; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Maps; - -public class AdLdapConfigurationValidatorServiceTest { - private static final Logger LOGGER = LoggerFactory.getLogger(AdLdapConfigurationValidatorService.class); - private static final String TEST_USER = "Jocika10"; - - LdapConfigurationValidatorService ldapConfigurationValidatorService = new AdLdapConfigurationValidatorService(); - - - @Test - public void testCheckAttributes() throws Exception { - - // WHEN - LdapConnectionConfig config = new LdapConnectionConfig(); - config.setLdapHost("localhost"); - config.setLdapPort(389); - LdapConnection connection = new LdapNetworkConnection(config); - - // THEN - connection.anonymousBind(); - - - EntryCursor cursor = connection.search("dc=dev,dc=local", "(objectclass=*)", SearchScope.ONELEVEL); - - for (Entry entry : cursor) { - assertNotNull(entry); - System.out.println(entry); - } - - cursor.close(); - - } - - @Test - public void testCheckUserAttributes() throws Exception { - Map ldapPropsMap = Maps.newHashMap(); - - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), true); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "localhost"); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389"); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=dev,dc=local"); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT); - - AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap); - - - try { - LOGGER.info("Authenticating user {} against the LDAP server ...", TEST_USER); - LdapConfigurationConverter ldapConfigurationConverter = new LdapConfigurationConverter(); - - LdapConnectionConfig connectionConfig = ldapConfigurationConverter.getLdapConnectionConfig(ambariLdapConfiguration); - LdapNetworkConnection connection = new LdapNetworkConnection(connectionConfig); - - String filter = FilterBuilder.and( - FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()), - FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), TEST_USER)) - .toString(); - - SearchRequest searchRequest = new SearchRequestImpl(); - searchRequest.setBase(new Dn(ambariLdapConfiguration.baseDn())); - searchRequest.setFilter(filter); - searchRequest.setScope(SearchScope.SUBTREE); - - LOGGER.info("loking up user: {} based on the filtr: {}", TEST_USER, filter); - - connection.bind(); - SearchCursor searchCursor = connection.search(searchRequest); - - while (searchCursor.next()) { - Response response = searchCursor.get(); - - // process the SearchResultEntry - if (response instanceof SearchResultEntry) { - Entry resultEntry = ((SearchResultEntry) response).getEntry(); - System.out.println(resultEntry); - } - } - - searchCursor.close(); - - } catch (Exception e) { - throw new AmbariException("Error during user authentication check", e); - } - - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java new file mode 100644 index 0000000..5c9d304 --- /dev/null +++ b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java @@ -0,0 +1,156 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service.ad; + +import static org.junit.Assert.assertNotNull; + +import java.util.Map; + +import org.apache.ambari.server.AmbariException; +import org.apache.ambari.server.ldap.AmbariLdapConfiguration; +import org.apache.ambari.server.ldap.LdapConfigurationValidatorService; +import org.apache.ambari.server.ldap.service.LdapConnectionService; +import org.apache.directory.api.ldap.model.cursor.EntryCursor; +import org.apache.directory.api.ldap.model.cursor.SearchCursor; +import org.apache.directory.api.ldap.model.entry.Entry; +import org.apache.directory.api.ldap.model.message.Response; +import org.apache.directory.api.ldap.model.message.SearchRequest; +import org.apache.directory.api.ldap.model.message.SearchRequestImpl; +import org.apache.directory.api.ldap.model.message.SearchResultEntry; +import org.apache.directory.api.ldap.model.message.SearchScope; +import org.apache.directory.api.ldap.model.name.Dn; +import org.apache.directory.ldap.client.api.LdapConnection; +import org.apache.directory.ldap.client.api.LdapConnectionConfig; +import org.apache.directory.ldap.client.api.LdapNetworkConnection; +import org.apache.directory.ldap.client.api.search.FilterBuilder; +import org.apache.directory.shared.ldap.constants.SchemaConstants; +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.Maps; + +public class DefaultLdapConfigurationValidatorServiceTest { + private static final Logger LOGGER = LoggerFactory.getLogger(DefaultLdapConfigurationValidatorService.class); + private static final String TEST_USER = "einstein"; + + LdapConfigurationValidatorService ldapConfigurationValidatorService = new DefaultLdapConfigurationValidatorService(); + + + @Test + public void testCheckAttributes() throws Exception { + + // WHEN + LdapConnectionConfig config = new LdapConnectionConfig(); + config.setLdapHost("localhost"); + config.setLdapPort(389); + LdapConnection connection = new LdapNetworkConnection(config); + + // THEN + connection.anonymousBind(); + + + EntryCursor cursor = connection.search("dc=dev,dc=local", "(objectclass=*)", SearchScope.ONELEVEL); + + for (Entry entry : cursor) { + assertNotNull(entry); + System.out.println(entry); + } + + cursor.close(); + + } + + @Test + public void testCheckUserAttributes() throws Exception { + Map ldapPropsMap = Maps.newHashMap(); + + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), false); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "ldap.forumsys.com"); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389"); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=example,dc=com"); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_OBJECT_CLASS.propertyName(), SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_NAME_ATTRIBUTE.propertyName(), SchemaConstants.CN_AT); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE.propertyName(), SchemaConstants.UNIQUE_MEMBER_AT); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT); + + AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap); + + + try { + LOGGER.info("Authenticating user {} against the LDAP server ...", TEST_USER); + LdapConnectionService connectionService = new DefaultLdapConnectionService(); + LdapNetworkConnection connection = connectionService.createLdapConnection(ambariLdapConfiguration); + + String filter = FilterBuilder.and( + FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()), + FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), TEST_USER)) + .toString(); + + SearchRequest searchRequest = new SearchRequestImpl(); + searchRequest.setBase(new Dn(ambariLdapConfiguration.baseDn())); + searchRequest.setFilter(filter); + searchRequest.setScope(SearchScope.SUBTREE); + + LOGGER.info("loking up user: {} based on the filtr: {}", TEST_USER, filter); + + connection.bind(); + SearchCursor searchCursor = connection.search(searchRequest); + + while (searchCursor.next()) { + Response response = searchCursor.get(); + + // process the SearchResultEntry + if (response instanceof SearchResultEntry) { + Entry resultEntry = ((SearchResultEntry) response).getEntry(); + System.out.println(resultEntry); + } + } + + searchCursor.close(); + + } catch (Exception e) { + throw new AmbariException("Error during user authentication check", e); + } + + } + + @Test + public void testRetrieveGorupsForuser() throws Exception { + // GIVEN + Map ldapPropsMap = Maps.newHashMap(); + + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), "true"); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "ldap.forumsys.com"); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389"); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=example,dc=com"); + + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT); + + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_OBJECT_CLASS.propertyName(), SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_NAME_ATTRIBUTE.propertyName(), SchemaConstants.CN_AT); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE.propertyName(), SchemaConstants.UNIQUE_MEMBER_AT); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_SEARCH_BASE.propertyName(), "dc=example,dc=com"); + + + AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap); + LdapConnectionService connectionService = new DefaultLdapConnectionService(); + LdapNetworkConnection ldapConnection = connectionService.createLdapConnection(ambariLdapConfiguration); + + ldapConfigurationValidatorService.checkGroupAttributes(ldapConnection, "uid=einstein,dc=example,dc=com", ambariLdapConfiguration); + } +} \ No newline at end of file