ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Review Request 30105: Add the ability to append a random value to values in LDAP attributes when generating principals in Active Directory
Date Wed, 21 Jan 2015 03:55:40 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30105/
-----------------------------------------------------------

Review request for Ambari, John Speidel, Nate Cole, and Robert Nettleton.


Bugs: AMBARI-9209
    https://issues.apache.org/jira/browse/AMBARI-9209


Repository: ambari


Description
-------

Add ability to append a random value to values in LDAP attributes when generating principals
in Active Directory.

For example the `cn` and `sAMAccountName` attributes must be unique.  In some caes the `cn`
is not allowed to have `/` characters and in all cases the `sAMAccountName` is not allow to
have `/` characters. Therefore to generate values for these attributes, the _instance_ part
of the principal needs to be stripped off and a random string needs to be appended. 

This can be seen where the principal is `nn/c6501.ambari.apache.org@EXAMPLE.COM`.  The `cn`
would typically be `nn/c6501.ambari.apache.org`.  Providing for a random string would allow
the `cn` value to be something like `nn-ythnskdtarsjko5fsdfdsb`. Since the `sAMAccountName`
can be at most 20 characters, it would be `nn-ythnskdtarsjko5fs`.

Since the generation of the attributes and values is done using a Velocity template, this
random string will need to be generated and stored in the Velocity engine context before processing
the template.

The solution is to generate and binhex a MD5 hash of the normalized principal.  This can be
used as the unique value.  The velocity variable this is set to is `principal_digest`.


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
20f7e60 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DeconstructedPrincipal.java
PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
7a9233b 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
85ae018 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
6a89dbb 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/DeconstructedPrincipalTest.java
PRE-CREATION 

Diff: https://reviews.apache.org/r/30105/diff/


Testing
-------

Manual Testing

Updated and new test cases:

#Jenkins test results

Running org.apache.ambari.server.serveraction.kerberos.DeconstructedPrincipalTest
Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.1 sec

Running org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandlerTest
Tests run: 10, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 0.742 sec

Complete ambari-server test results
Tests run: 2575, Failures: 0, Errors: 0, Skipped: 15

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 57:50 min
[INFO] Finished at: 2015-01-21T03:29:08+00:00
[INFO] Final Memory: 44M/468M
[INFO] ------------------------------------------------------------------------


Thanks,

Robert Levas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message