ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Nettleton" <rnettle...@hortonworks.com>
Subject Re: Review Request 30105: Add the ability to append a random value to values in LDAP attributes when generating principals in Active Directory
Date Wed, 21 Jan 2015 15:14:21 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30105/#review68920
-----------------------------------------------------------

Ship it!


Ship It!

- Robert Nettleton


On Jan. 21, 2015, 3:55 a.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30105/
> -----------------------------------------------------------
> 
> (Updated Jan. 21, 2015, 3:55 a.m.)
> 
> 
> Review request for Ambari, John Speidel, Nate Cole, and Robert Nettleton.
> 
> 
> Bugs: AMBARI-9209
>     https://issues.apache.org/jira/browse/AMBARI-9209
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Add ability to append a random value to values in LDAP attributes when generating principals
in Active Directory.
> 
> For example the `cn` and `sAMAccountName` attributes must be unique.  In some caes the
`cn` is not allowed to have `/` characters and in all cases the `sAMAccountName` is not allow
to have `/` characters. Therefore to generate values for these attributes, the _instance_
part of the principal needs to be stripped off and a random string needs to be appended. 
> 
> This can be seen where the principal is `nn/c6501.ambari.apache.org@EXAMPLE.COM`.  The
`cn` would typically be `nn/c6501.ambari.apache.org`.  Providing for a random string would
allow the `cn` value to be something like `nn-ythnskdtarsjko5fsdfdsb`. Since the `sAMAccountName`
can be at most 20 characters, it would be `nn-ythnskdtarsjko5fs`.
> 
> Since the generation of the attributes and values is done using a Velocity template,
this random string will need to be generated and stored in the Velocity engine context before
processing the template.
> 
> The solution is to generate and binhex a MD5 hash of the normalized principal.  This
can be used as the unique value.  The velocity variable this is set to is `principal_digest`.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
20f7e60 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DeconstructedPrincipal.java
PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
7a9233b 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
85ae018 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
6a89dbb 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/DeconstructedPrincipalTest.java
PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/30105/diff/
> 
> 
> Testing
> -------
> 
> Manual Testing
> 
> Updated and new test cases:
> 
> #Jenkins test results
> 
> Running org.apache.ambari.server.serveraction.kerberos.DeconstructedPrincipalTest
> Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.1 sec
> 
> Running org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandlerTest
> Tests run: 10, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 0.742 sec
> 
> Complete ambari-server test results
> Tests run: 2575, Failures: 0, Errors: 0, Skipped: 15
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 57:50 min
> [INFO] Finished at: 2015-01-21T03:29:08+00:00
> [INFO] Final Memory: 44M/468M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message