ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sneet...@apache.org
Subject [1/4] incubator-ranger git commit: RANGER-001 : ranger-site changes
Date Wed, 29 Apr 2015 04:36:41 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master 101d17673 -> 91d1e1374


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/scripts/setup.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py
new file mode 100755
index 0000000..26078be
--- /dev/null
+++ b/unixauthservice/scripts/setup.py
@@ -0,0 +1,397 @@
+#!/usr/bin/python
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import re
+import StringIO
+import xml.etree.ElementTree as ET
+import ConfigParser
+import os,errno,sys,getopt
+from os import listdir
+from os.path import isfile, join, dirname, basename
+from urlparse import urlparse
+from time import gmtime, strftime, localtime
+from xml import etree
+import shutil
+import pwd, grp
+
+if (not 'JAVA_HOME' in os.environ):
+	print "ERROR: JAVA_HOME environment variable is not defined. Please define JAVA_HOME before
running this script"
+	sys.exit(1)
+
+debugLevel = 1
+generateXML = 0
+installPropDirName = '.'
+pidFolderName = '/var/run/ranger'
+logFolderName = '/var/log/ranger'
+initdDirName = '/etc/init.d'
+
+rangerBaseDirName = os.getcwd() #'/etc/ranger'
+usersyncBaseDirName = 'usersync'
+confBaseDirName = 'conf'
+confDistBaseDirName = 'conf.dist'
+certBaseDirName = 'cert'
+defaultCertFileName = 'unixauthservice.jks'
+
+outputFileName = 'ranger-ugsync-site.xml'
+installPropFileName = 'install.properties'
+defaultSiteXMLFileName = 'ranger-ugsync-default.xml'
+log4jFileName          = 'log4j.xml'
+install2xmlMapFileName = 'installprop2xml.properties'
+templateFileName = 'ranger-ugsync-template.xml'
+initdProgramName = 'ranger-usersync'
+PROP2ALIASMAP = { 'ranger.usersync.ldap.ldapbindpassword':'ldap.bind.password' ,
+				   'ranger.usersync.keystore.password':'usersync.ssl.key.password',
+				   'ranger.usersync.truststore.password':'usersync.ssl.truststore.password'}
+
+installTemplateDirName = join(installPropDirName,'templates')
+confDistDirName = join(installPropDirName, confDistBaseDirName)
+ugsyncLogFolderName = join(logFolderName, 'ugsync')
+nativeAuthFolderName = join(installPropDirName, 'native')
+nativeAuthProgramName = join(nativeAuthFolderName, 'credValidator.uexe')
+usersyncBaseDirFullName = join(rangerBaseDirName, usersyncBaseDirName)
+confFolderName = join(usersyncBaseDirFullName, confBaseDirName)
+localConfFolderName = join(installPropDirName, confBaseDirName)
+certFolderName = join(confFolderName, certBaseDirName)
+defaultKSFileName = join(certFolderName, defaultCertFileName)
+defaultKSPassword = 'UnIx529p'
+defaultDNAME = 'cn=unixauthservice,ou=authenticator,o=mycompany,c=US'
+
+unixUserProp = 'unix_user'
+unixGroupProp = 'unix_group'
+
+logFolderPermMode = 0770
+rootOwnerId = 0
+initPrefixList = ['S99', 'K00']
+
+SYNC_SOURCE_KEY  = 'SYNC_SOURCE'
+SYNC_INTERVAL_NEW_KEY = 'ranger.usersync.sleeptimeinmillisbetweensynccycle'
+SYNC_SOURCE_UNIX = 'unix'
+SYNC_SOURCE_LDAP = 'ldap'
+SYNC_SOURCE_LIST = [ SYNC_SOURCE_UNIX, SYNC_SOURCE_LDAP ]
+
+credUpdateClassName =  'org.apache.ranger.credentialapi.buildks'
+#credUpdateClassName =  'com.hortonworks.credentialapi.buildks'
+
+def archiveFile(originalFileName):
+    archiveDir = dirname(originalFileName)
+    archiveFileName = "." + basename(originalFileName) + "." + (strftime("%d%m%Y%H%M%S",
localtime()))
+    movedFileName = join(archiveDir,archiveFileName)
+    print "INFO: moving [%s] to [%s] ......." % (originalFileName,movedFileName)
+    os.rename(originalFileName, movedFileName)
+
+def getXMLConfigKeys(xmlFileName):
+    ret = []
+    tree = ET.parse(xmlFileName)
+    root = tree.getroot()
+    for config in root.iter('property'):
+        name = config.find('name').text
+        ret.append(name)
+    return ret
+
+def getXMLConfigMap(xmlFileName):
+    ret = {}
+    tree = ET.parse(xmlFileName)
+    root = tree.getroot()
+    for config in root.findall('property'):
+        name = config.find('name').text
+        val = config.find('value').text
+        ret[name] = val
+    return ret
+
+
+def getPropertiesConfigMap(configFileName):
+    ret = {}
+    config = StringIO.StringIO()
+    config.write('[dummysection]\n')
+    config.write(open(configFileName).read())
+    config.seek(0,os.SEEK_SET)
+    fcp = ConfigParser.ConfigParser()
+    fcp.optionxform = str
+    fcp.readfp(config)
+    for k,v in fcp.items('dummysection'):
+        ret[k] = v
+    return ret
+
+def getPropertiesKeyList(configFileName):
+    ret = []
+    config = StringIO.StringIO()
+    config.write('[dummysection]\n')
+    config.write(open(configFileName).read())
+    config.seek(0,os.SEEK_SET)
+    fcp = ConfigParser.ConfigParser()
+    fcp.optionxform = str
+    fcp.readfp(config)
+    for k,v in fcp.items('dummysection'):
+        ret.append(k)
+    return ret
+
+def writeXMLUsingProperties(xmlTemplateFileName,prop,xmlOutputFileName):
+    tree = ET.parse(xmlTemplateFileName)
+    root = tree.getroot()
+    for config in root.findall('property'):
+        name = config.find('name').text
+        if (name in prop.keys()):
+            config.find('value').text = prop[name]
+        else:
+            print "ERROR: key not found: %s" % (name)
+    if isfile(xmlOutputFileName):
+        archiveFile(xmlOutputFileName)
+    tree.write(xmlOutputFileName)
+
+def updateProppertyInJCKSFile(jcksFileName,propName,value):
+    fn = jcksFileName
+    if (value == ''):
+        value = ' '
+    cmd = "java -cp './lib/*' %s create '%s' -value '%s' -provider jceks://file%s 2>&1"
% (credUpdateClassName,propName,value,fn)
+    ret = os.system(cmd)
+    if (ret != 0):
+        print "ERROR: Unable update the JCKSFile(%s) for aliasName (%s)" % (fn,propName)
+        sys.exit(1)
+    return ret
+
+
+def convertInstallPropsToXML(props):
+	directKeyMap = getPropertiesConfigMap(join(installTemplateDirName,install2xmlMapFileName))
+	ret = {}
+	for k,v in props.iteritems():
+		if (k in directKeyMap.keys()):
+			newKey = directKeyMap[k]
+			ret[newKey] = v
+		else:
+			print "Direct Key not found:%s" % (k)
+
+	ret['ranger.usersync.sink.impl.class'] = 'org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder'
+	if (SYNC_SOURCE_KEY in ret):
+		syncSource = ret[SYNC_SOURCE_KEY]
+		if (syncSource == SYNC_SOURCE_UNIX):
+			ret['ranger.usersync.source.impl.class'] = 'org.apache.ranger.unixusersync.process.UnixUserGroupBuilder'
+			if (SYNC_INTERVAL_NEW_KEY not in ret or len(str(ret[SYNC_INTERVAL_NEW_KEY])) == 0):
+				ret[SYNC_INTERVAL_NEW_KEY] = '5'
+			#for key in ret.keys():
+			#	if (key.startswith("ranger.usersync.ldap") or key.startswith("ranger.usersync.group")
or key.startswith("ranger.usersync.paged")):
+			#		del ret[key]
+		elif (syncSource == SYNC_SOURCE_LDAP):
+			ret['ranger.usersync.source.impl.class'] = 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder'
+			if (SYNC_INTERVAL_NEW_KEY not in ret or len(str(ret[SYNC_INTERVAL_NEW_KEY])) == 0):
+				ret[SYNC_INTERVAL_NEW_KEY] = '60'
+		else:
+			print "ERROR: Invalid value (%s) defined for %s in install.properties. Only valid values
are %s" % (syncSource, SYNC_SOURCE_KEY,SYNC_SOURCE_LIST)
+			sys.exit(1)
+		del ret['SYNC_SOURCE']
+	else:
+		print "ERROR: No value defined for SYNC_SOURCE in install.properties. valid values are
%s" % (SYNC_SOURCE_KEY, SYNC_SOURCE_LIST)
+		sys.exit(1)
+
+	return ret
+
+def createUser(username,groupname):
+	cmd = "useradd -g %s %s -m" % (groupname,username)
+	ret = os.system(cmd)
+	if (ret != 0):
+		print "ERROR: os command execution (%s) failed. error code = %d " % (cmd, ret)
+		sys.exit(1)
+	try:
+		ret = pwd.getpwnam(username).pw_uid
+		return ret
+	except KeyError, e:
+		print "ERROR: Unable to create a new user account: %s with group %s - error [%s]" % (username,groupname,e)
+		sys.exit(1)
+
+def createGroup(groupname):
+	cmd = "groupadd %s" % (groupname)
+	ret = os.system(cmd)
+	if (ret != 0):
+		print "ERROR: os command execution (%s) failed. error code = %d " % (cmd, ret)
+		sys.exit(1)
+	try:
+		ret = grp.getgrnam(groupname).gr_gid
+		return ret
+	except KeyError, e:
+		print "ERROR: Unable to create a new group: %s" % (groupname,e)
+		sys.exit(1)
+
+def initializeInitD():
+	if (os.path.isdir(initdDirName)):
+		fn = join(installPropDirName,initdProgramName)
+		initdFn = join(initdDirName,initdProgramName)
+		shutil.copy(fn, initdFn)
+		os.chmod(initdFn,0550)
+		rcDirList = [ "/etc/rc2.d", "/etc/rc3.d", "/etc/rc.d/rc2.d", "/etc/rc.d/rc3.d" ]
+		for rcDir in rcDirList:
+			if (os.path.isdir(rcDir)):
+				for  prefix in initPrefixList:
+					scriptFn = prefix + initdProgramName
+					scriptName = join(rcDir, scriptFn)
+					if isfile(scriptName):
+						os.remove(scriptName)
+					#print "+ ln -sf %s %s" % (initdFn, scriptName)
+					os.symlink(initdFn,scriptName)
+		userSyncScriptName = "ranger-usersync-services.sh"
+		localScriptName = os.path.abspath(join(installPropDirName,userSyncScriptName))
+		ubinScriptName = join("/usr/bin",initdProgramName)
+		if isfile(ubinScriptName):
+			os.remove(ubinScriptName)
+		os.symlink(localScriptName,ubinScriptName)
+
+
+def createJavaKeystoreForSSL(fn,passwd):
+	cmd = "keytool -genkeypair -keyalg RSA -alias selfsigned -keystore '%s' -keypass '%s' -storepass
'%s' -validity 3600 -keysize 2048 -dname '%s'" % (fn, passwd, passwd, defaultDNAME)
+	ret = os.system(cmd)
+	if (ret != 0):
+		print "ERROR: unable to create JavaKeystore for SSL: file (%s)" % (fn)
+		sys.exit(1)
+	return ret
+
+
+def main():
+
+	dirList = [ rangerBaseDirName, usersyncBaseDirName, confFolderName, certFolderName ]
+	for dir in dirList:
+		if (not os.path.isdir(dir)):
+			os.makedirs(dir,0750)
+
+	defFileList = [ defaultSiteXMLFileName, log4jFileName ]
+	for defFile in defFileList:
+		fn = join(confDistDirName, defFile)
+		if ( isfile(fn) ):
+			shutil.copy(fn,join(confFolderName,defFile))
+
+	#
+	# Create JAVA_HOME setting in confFolderName
+	#
+	java_home_setter_fn = join(confFolderName, 'java_home.sh')
+	if isfile(java_home_setter_fn):
+		archiveFile(java_home_setter_fn)
+	jhf = open(java_home_setter_fn, 'w')
+	str = "export JAVA_HOME=%s\n" % os.environ['JAVA_HOME']
+	jhf.write(str)
+	jhf.close()
+	os.chmod(java_home_setter_fn,0750)
+
+
+	if (not os.path.isdir(localConfFolderName)):
+		os.symlink(confFolderName, localConfFolderName)
+
+	defaultProps = getXMLConfigMap(join(confFolderName,defaultSiteXMLFileName))
+	installProps = getPropertiesConfigMap(join(installPropDirName,installPropFileName))
+	modifiedInstallProps = convertInstallPropsToXML(installProps)
+
+	mergeProps = {}
+	mergeProps.update(defaultProps)
+	mergeProps.update(modifiedInstallProps)
+
+	localLogFolderName = mergeProps['ranger.usersync.logdir']
+	if (not os.path.isdir(localLogFolderName)):
+		if (localLogFolderName != ugsyncLogFolderName):
+			os.symlink(ugsyncLogFolderName, localLogFolderName)
+
+	if (not 'ranger.usersync.keystore.file' in mergeProps):
+		mergeProps['ranger.usersync.keystore.file'] = defaultKSFileName
+
+	ksFileName = mergeProps['ranger.usersync.keystore.file']
+
+	if (not isfile(ksFileName)):
+		mergeProps['ranger.usersync.keystore.password'] = defaultKSPassword
+		createJavaKeystoreForSSL(ksFileName, defaultKSPassword)
+
+
+
+
+	fn = join(installTemplateDirName,templateFileName)
+	outfn = join(confFolderName, outputFileName)
+	writeXMLUsingProperties(fn, mergeProps, outfn)
+
+	if ( os.path.isdir(logFolderName) ):
+		logStat = os.stat(logFolderName)
+		logStat.st_uid
+		logStat.st_gid
+		ownerName = pwd.getpwuid(logStat.st_uid).pw_name
+		groupName = pwd.getpwuid(logStat.st_uid).pw_name
+	else:
+		os.makedirs(logFolderName,logFolderPermMode)
+
+	if (not os.path.isdir(pidFolderName)):
+		os.makedirs(pidFolderName,logFolderPermMode)
+
+	if (not os.path.isdir(ugsyncLogFolderName)):
+		os.makedirs(ugsyncLogFolderName,logFolderPermMode)
+
+	if (unixUserProp in mergeProps):
+		ownerName = mergeProps[unixUserProp]
+	else:
+		print "ERROR: Property [%s] not defined." % (unixUserProp)
+		sys.exit(1)
+
+	if (unixGroupProp in mergeProps):
+		groupName = mergeProps[unixGroupProp]
+	else:
+		print "ERROR: Property [%s] not defined." % (unixGroupProp)
+		sys.exit(1)
+
+	try:
+		ownerId = pwd.getpwnam(ownerName).pw_uid
+	except KeyError, e:
+		ownerId = createUser(ownerName, groupName)
+
+	try:
+		groupId = grp.getgrnam(groupName).gr_gid
+	except KeyError, e:
+		groupId = createGroup(groupId)
+
+	os.chown(logFolderName,ownerId,groupId)
+	os.chown(ugsyncLogFolderName,ownerId,groupId)
+	os.chown(pidFolderName,ownerId,groupId)
+
+	initializeInitD()
+
+	#
+	# Add password to crypt path
+	#
+
+	cryptPath = mergeProps['ranger.usersync.credstore.filename']
+
+	for keyName,aliasName in PROP2ALIASMAP.iteritems() :
+		if (keyName in mergeProps):
+			keyPassword = mergeProps[keyName]
+			updateProppertyInJCKSFile(cryptPath,aliasName,keyPassword)
+		else:
+			updateProppertyInJCKSFile(cryptPath,aliasName," ")
+
+
+	fixPermList = [ "." ]
+	for d in dirList:
+		fixPermList.append(d)
+
+	for dir in fixPermList:
+		for root, dirs, files in os.walk(dir):
+			os.chown(root, ownerId, groupId)
+			os.chmod(root,0755)
+			for obj in dirs:
+				dn = join(root,obj)
+				os.chown(dn, ownerId, groupId)
+				os.chmod(dn, 0755)
+			for obj in files:
+				fn = join(root,obj)
+				os.chown(fn, ownerId, groupId)
+				os.chmod(fn, 0750)
+
+	if isfile(nativeAuthProgramName):
+		os.chown(nativeAuthProgramName, rootOwnerId, groupId)
+		os.chmod(nativeAuthProgramName, 04550)
+	else:
+		print "WARNING: Unix Authentication Program (%s) is not available for setting chmod(4550),
chown(%s:%s) " % (nativeAuthProgramName, "root", groupName)
+
+main()

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/setup.sh b/unixauthservice/scripts/setup.sh
index 858318c..ed64a36 100755
--- a/unixauthservice/scripts/setup.sh
+++ b/unixauthservice/scripts/setup.sh
@@ -15,371 +15,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-
-INSTALL_BASE=$PWD
-
-MOD_NAME="ranger-usersync"
-unix_user=ranger
-unix_group=ranger
-
-INSTALL_DIR=${INSTALL_BASE}
-pidf=/var/run/ranger
-curDt=`date '+%Y%m%d%H%M%S'`
-LOGFILE=setup.log.$curDt
-
-log() {
-   local prefix="[$(date +%Y/%m/%d\ %H:%M:%S)]: "
-   echo "${prefix} $@" >> $LOGFILE
-   echo "${prefix} $@"
-}
-
-mkdir -p ${pidf}
-chown -R ${unix_user} ${pidf}
-
-# Ensure that the user is root
-MY_ID=`id -u`
-if [ "${MY_ID}" -ne 0 ]
-then
-  echo "ERROR: You must run the installation as root user."
-  exit 1
-fi
-
-# Ensure JAVA_HOME is set
-if [ "${JAVA_HOME}" == "" ]
-then
-  echo "ERROR: JAVA_HOME environment property not defined, aborting installation"
-  exit 2
-fi
-
-
-# Grep configuration properties from install.properties
-cdir=`dirname $0`
-
-check_ret_status(){
-	if [ $1 -ne 0 ]; then
-		log "[E] $2";
-		exit 1;
-	fi
-}
-
-check_ret_status_for_groupadd(){
-# 9 is the response if the group exists
-    if [ $1 -ne 0 ] && [ $1 -ne 9 ]; then
-        log "[E] $2";
-        exit 1;
-    fi
-}
-
-setup_unix_user_group(){
-
-	log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group}";
-
-	groupadd ${unix_group}
-	check_ret_status_for_groupadd $? "Creating group ${unix_group} failed"
-
-	id -u ${unix_user} > /dev/null 2>&1
-
-	if [ $? -ne 0 ]
-	then
-	    log "[I] Creating new user and adding to group";
-        useradd ${unix_user} -g ${unix_group} -m
-		check_ret_status $? "useradd ${unix_user} failed"
-	else
-	    log "[I] User already exists, adding it to group";
-	    usermod -g ${unix_group} ${unix_user}
-	fi
-
-	log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group} DONE";
-}
-
-setup_unix_user_group
-
-POLICY_MGR_URL=`grep '^[ \t]*POLICY_MGR_URL[ \t]*=' ${cdir}/install.properties | awk -F=
'{ print $2 }' | sed -e 's:[ \t]*::g'`
-MIN_UNIX_USER_ID_TO_SYNC=`grep '^[ \t]*MIN_UNIX_USER_ID_TO_SYNC[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-
-logdir=`grep '^[ \t]*logdir[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' |
sed -e 's:[ \t]*::g'`
-
-SYNC_SOURCE=`grep '^[ \t]*SYNC_SOURCE[ \t]*=' ${cdir}/install.properties | awk -F= '{ print
$2 }' | sed -e 's:[ \t]*::g'`
-
-SYNC_INTERVAL=`grep '^[ \t]*SYNC_INTERVAL[ \t]*=' ${cdir}/install.properties | awk -F= '{
print $2 }' | sed -e 's:[ \t]*::g'`
-
-SYNC_LDAP_URL=`grep '^[ \t]*SYNC_LDAP_URL[ \t]*=' ${cdir}/install.properties | sed -e 's:^[
\t]*SYNC_LDAP_URL[ \t]*=[ \t]*::'`
-
-SYNC_LDAP_BIND_DN=`grep '^[ \t]*SYNC_LDAP_BIND_DN[ \t]*=' ${cdir}/install.properties | sed
-e 's:^[ \t]*SYNC_LDAP_BIND_DN[ \t]*=[ \t]*::'`
-
-SYNC_LDAP_BIND_PASSWORD=`grep '^[ \t]*SYNC_LDAP_BIND_PASSWORD[ \t]*=' ${cdir}/install.properties
| sed -e 's:^[ \t]*SYNC_LDAP_BIND_PASSWORD[ \t]*=[ \t]*::'`
-
-SYNC_LDAP_SEARCH_BASE=`grep '^[ \t]*SYNC_LDAP_SEARCH_BASE[ \t]*=' ${cdir}/install.properties
| sed -e 's:^[ \t]*SYNC_LDAP_SEARCH_BASE[ \t]*=[ \t]*::'`
-echo "$SYNC_LDAP_SEARCH_BASE"
-
-SYNC_LDAP_USER_SEARCH_BASE=`grep '^[ \t]*SYNC_LDAP_USER_SEARCH_BASE[ \t]*=' ${cdir}/install.properties
| sed -e 's:^[ \t]*SYNC_LDAP_USER_SEARCH_BASE[ \t]*=[ \t]*::'`
-
-SYNC_LDAP_USER_SEARCH_SCOPE=`grep '^[ \t]*SYNC_LDAP_USER_SEARCH_SCOPE[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-
-SYNC_LDAP_USER_OBJECT_CLASS=`grep '^[ \t]*SYNC_LDAP_USER_OBJECT_CLASS[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-
-SYNC_LDAP_USER_SEARCH_FILTER=`grep '^[ \t]*SYNC_LDAP_USER_SEARCH_FILTER[ \t]*=' ${cdir}/install.properties
| sed -e 's:^[ \t]*SYNC_LDAP_USER_SEARCH_FILTER[ \t]*=[ \t]*::'`
-
-SYNC_LDAP_USER_NAME_ATTRIBUTE=`grep '^[ \t]*SYNC_LDAP_USER_NAME_ATTRIBUTE[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-
-SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE=`grep '^[ \t]*SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE[ \t]*='
${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-
-SYNC_LDAP_USERNAME_CASE_CONVERSION=`grep '^[ \t]*SYNC_LDAP_USERNAME_CASE_CONVERSION[ \t]*='
${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-
-SYNC_LDAP_GROUPNAME_CASE_CONVERSION=`grep '^[ \t]*SYNC_LDAP_GROUPNAME_CASE_CONVERSION[ \t]*='
${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-
-SYNC_PAGED_RESULTS_ENABLED=`grep '^[ \t]*SYNC_PAGED_RESULTS_ENABLED[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-SYNC_PAGED_RESULTS_SIZE=`grep '^[ \t]*SYNC_PAGED_RESULTS_SIZE[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-
-
-SYNC_GROUP_SEARCH_ENABLED=`grep '^[ \t]*SYNC_GROUP_SEARCH_ENABLED[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-SYNC_GROUP_USER_MAP_SYNC_ENABLED=`grep '^[ \t]*SYNC_GROUP_USER_MAP_SYNC_ENABLED[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-
-SYNC_GROUP_SEARCH_BASE=`grep '^[ \t]*SYNC_GROUP_SEARCH_BASE[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-SYNC_GROUP_SEARCH_SCOPE=`grep '^[ \t]*SYNC_GROUP_SEARCH_SCOPE[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-SYNC_GROUP_OBJECT_CLASS=`grep '^[ \t]*SYNC_GROUP_OBJECT_CLASS[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-SYNC_LDAP_GROUP_SEARCH_FILTER=`grep '^[ \t]*SYNC_LDAP_GROUP_SEARCH_FILTER[ \t]*=' ${cdir}/install.properties
| sed -e 's:^[ \t]*SYNC_LDAP_GROUP_SEARCH_FILTER[ \t]*=[ \t]*::'`
-SYNC_GROUP_NAME_ATTRIBUTE=`grep '^[ \t]*SYNC_GROUP_NAME_ATTRIBUTE[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=`grep '^[ \t]*SYNC_GROUP_MEMBER_ATTRIBUTE_NAME[ \t]*=' ${cdir}/install.properties
| awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'`
-
-
-if [ "${SYNC_LDAP_USERNAME_CASE_CONVERSION}" == "" ]
-then
-    SYNC_LDAP_USERNAME_CASE_CONVERSION="none"
-fi
-
-if [ "${SYNC_LDAP_GROUPNAME_CASE_CONVERSION}" == "" ]
-then
-    SYNC_LDAP_GROUPNAME_CASE_CONVERSION="none"
-fi
-
-SYNC_LDAP_BIND_KEYSTOREPATH=`grep '^[ \t]*CRED_KEYSTORE_FILENAME[ \t]*=' ${cdir}/install.properties
| sed -e 's:^[ \t]*CRED_KEYSTORE_FILENAME[ \t]*=[ \t]*::'`
-
-SYNC_LDAP_BIND_ALIAS=ldap.bind.password
-
-if [ "${SYNC_INTERVAL}" != "" ]
-then
-    SYNC_INTERVAL=$((${SYNC_INTERVAL}*60*1000))
-else
-    SYNC_INTERVAL=$((5*60*1000))
-fi
-
-if [ "${SYNC_SOURCE}" == "" ]
-then
-  SYNC_SOURCE="org.apache.ranger.unixusersync.process.UnixUserGroupBuilder"
-elif [ "${SYNC_SOURCE}" == "unix" ]
-then
-  SYNC_SOURCE="org.apache.ranger.unixusersync.process.UnixUserGroupBuilder"
-elif [ "${SYNC_SOURCE}" == "ldap" ]
-then
-  SYNC_SOURCE="org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder"
-else
-  echo "Unsupported value for SYNC_SOURCE: ${SYNC_SOURCE}, supported values: ldap, unix,
default: unix"
-  exit 3
-fi
-
-
-if [ "${SYNC_SOURCE}" == "org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder" ]
-then
-
-  if [ "${SYNC_INTERVAL}" == "" ]
-  then
-    SYNC_INTERVAL=$((360*60*1000))
-  fi
-
-  if [ "${SYNC_LDAP_URL}" == "" ]
-  then
-    echo "SYNC_LDAP_URL must be specified when SYNC_SOURCE is ldap"
-    exit 4
-  fi
-
-  if [ "${SYNC_LDAP_BIND_DN}" == "" ]
-  then
-    echo "SYNC_LDAP_BIND_DN must be specified when SYNC_SOURCE is ldap"
-    exit 5
-  fi
-
-  if [ "${SYNC_LDAP_USER_SEARCH_BASE}" == "" ] && [ "${SYNC_LDAP_SEARCH_BASE}" ==
"" ]
-  then
-    echo "SYNC_LDAP_USER_SEARCH_BASE or SYNC_LDAP_SEARCH_BASE must be specified when SYNC_SOURCE
is ldap"
-    exit 6
-  fi
-
-  if [ "${SYNC_LDAP_USER_SEARCH_SCOPE}" == "" ]
-  then
-    SYNC_LDAP_USER_SEARCH_SCOPE="sub"
-  fi
-
-  if [ "${SYNC_LDAP_USER_SEARCH_SCOPE}" != "base" ] && [ "${SYNC_LDAP_USER_SEARCH_SCOPE}"
!= "one" ] && [ "${SYNC_LDAP_USER_SEARCH_SCOPE}" != "sub" ]
-  then
-    echo "Unsupported value for SYNC_LDAP_USER_SEARCH_SCOPE: ${SYNC_LDAP_USER_SEARCH_SCOPE},
supported values: base, one, sub"
-    exit 7
-  fi
-
-  if [ "${SYNC_LDAP_USER_OBJECT_CLASS}" == "" ]
-  then
-    SYNC_LDAP_USER_OBJECT_CLASS="person"
-  fi
-
-  if [ "${SYNC_LDAP_USER_NAME_ATTRIBUTE}" == "" ]
-  then
-    SYNC_LDAP_USER_NAME_ATTRIBUTE="cn"
-  fi
-
-  if [ "${SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE}" == "" ]
-  then
-    SYNC_LDAP_USER_NAME_ATTRIBUTE="memberof,ismemberof"
-  fi
-
-  # Store ldap bind password in credential store
-  if [[ "${SYNC_LDAP_BIND_ALIAS}" != ""  && "${SYNC_LDAP_BIND_KEYSTOREPATH}" != ""
]]
-  then
-    echo "Storing ldap bind password in credential store"
-	mkdir -p `dirname "${SYNC_LDAP_BIND_KEYSTOREPATH}"`
-	chown ${unix_user}:${unix_group} `dirname "${SYNC_LDAP_BIND_KEYSTOREPATH}"`
-	$JAVA_HOME/bin/java -cp "./lib/*" org.apache.ranger.credentialapi.buildks create $SYNC_LDAP_BIND_ALIAS
-value $SYNC_LDAP_BIND_PASSWORD -provider jceks://file$SYNC_LDAP_BIND_KEYSTOREPATH
-    SYNC_LDAP_BIND_PASSWORD="_"
-  fi
-
-fi
-# END Grep configuration properties from install.properties
-
-# changing ownership for ranger-usersync install directory
-if [ -d ${INSTALL_DIR} ]; then
-    chown -R ${unix_user}:${unix_group} ${INSTALL_DIR}
-fi
-
-
-# Create $INSTALL_DIR/conf/unixauthservice.properties
-
-if [ ! -d conf ]; then
-    #Manual install
-    log "[I] Copying conf.dist conf"
-    mkdir conf
-    cp conf.dist/* conf
-    chown ${unix_user}:${unix_group} conf
-    chmod 750 conf
-fi
-if [ ! -f conf/cert/unixauthservice.jks ] 
-then
-    if [ ! -d conf/cert ]
-    then
-        mkdir -p conf/cert
-    fi
-    ${JAVA_HOME}/bin/keytool -genkeypair -keyalg RSA -alias selfsigned -keystore conf/cert/unixauthservice.jks
\
-                             -keypass UnIx529p -storepass UnIx529p -validity 360 -keysize
2048 \
-                             -dname "cn=unixauthservice,ou=authenticator,o=mycompany,c=US"

-
-	chmod o-rwx conf/cert/unixauthservice.jks
-	chgrp ${unix_group} conf/cert/unixauthservice.jks
-
-fi
-
-echo "export JAVA_HOME=${JAVA_HOME}" > conf/java_home.sh
-chmod a+rx conf/java_home.sh
-
-if [ ! -d logs ]; then
-    #Manual install
-    log "[I] Creating logs folder"
-    mkdir logs
-    chown ${unix_user}:${unix_group} logs
-fi
-
-
-CFG_FILE="${cdir}/conf/unixauthservice.properties"
-NEW_CFG_FILE=${cdir}/conf/unixauthservice.properties.tmp
-
-if [ -f  ${CFG_FILE}  ]
-then
-    sed \
-	-e "s|^\( *usergroupSync.policymanager.baseURL *=\).*|\1 ${POLICY_MGR_URL}|" \
-	-e "s|^\( *usergroupSync.unix.minUserId *=\).*|\1 ${MIN_UNIX_USER_ID_TO_SYNC}|" \
-	-e "s|^\( *usergroupSync.sleepTimeInMillisBetweenSyncCycle *=\).*|\1 ${SYNC_INTERVAL}|"
\
-	-e "s|^\( *usergroupSync.source.impl.class *=\).*|\1 ${SYNC_SOURCE}|" \
-	-e "s|^\( *ldapGroupSync.ldapUrl *=\).*|\1 ${SYNC_LDAP_URL}|" \
-	-e "s|^\( *ldapGroupSync.ldapBindDn *=\).*|\1 ${SYNC_LDAP_BIND_DN}|" \
-	-e "s|^\( *ldapGroupSync.ldapBindPassword *=\).*|\1 ${SYNC_LDAP_BIND_PASSWORD}|" \
-	-e "s|^\( *ldapGroupSync.ldapBindKeystore *=\).*|\1 ${SYNC_LDAP_BIND_KEYSTOREPATH}|" \
-	-e "s|^\( *ldapGroupSync.ldapBindAlias *=\).*|\1 ${SYNC_LDAP_BIND_ALIAS}|" \
-	-e "s|^\( *ldapGroupSync.searchBase *=\).*|\1 ${SYNC_LDAP_SEARCH_BASE}|" \
-	-e "s|^\( *ldapGroupSync.userSearchScope *=\).*|\1 ${SYNC_LDAP_USER_SEARCH_SCOPE}|" \
-	-e "s|^\( *ldapGroupSync.userObjectClass *=\).*|\1 ${SYNC_LDAP_USER_OBJECT_CLASS}|" \
-	-e "s%^\( *ldapGroupSync.userSearchFilter *=\).*%\1 ${SYNC_LDAP_USER_SEARCH_FILTER}%" \
-	-e "s|^\( *ldapGroupSync.userNameAttribute *=\).*|\1 ${SYNC_LDAP_USER_NAME_ATTRIBUTE}|"
\
-	-e "s|^\( *ldapGroupSync.userGroupNameAttribute *=\).*|\1 ${SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE}|"
\
-	-e "s|^\( *ldapGroupSync.username.caseConversion *=\).*|\1 ${SYNC_LDAP_USERNAME_CASE_CONVERSION}|"
\
-	-e "s|^\( *ldapGroupSync.groupname.caseConversion *=\).*|\1 ${SYNC_LDAP_GROUPNAME_CASE_CONVERSION}|"
\
-	-e "s|^\( *logdir *=\).*|\1 ${logdir}|" \
-	-e "s|^\( *ldapGroupSync.pagedResultsEnabled *=\).*|\1 ${SYNC_PAGED_RESULTS_ENABLED}|" \
-	-e "s|^\( *ldapGroupSync.pagedResultsSize *=\).*|\1 ${SYNC_PAGED_RESULTS_SIZE}|" \
-	-e "s|^\( *ldapGroupSync.groupSearchEnabled *=\).*|\1 ${SYNC_GROUP_SEARCH_ENABLED}|" \
-	-e "s|^\( *ldapGroupSync.groupUserMapSyncEnabled *=\).*|\1 ${SYNC_GROUP_USER_MAP_SYNC_ENABLED}|"
\
-	-e "s|^\( *ldapGroupSync.groupSearchBase *=\).*|\1 ${SYNC_GROUP_SEARCH_BASE}|" \
-	-e "s|^\( *ldapGroupSync.groupSearchScope *=\).*|\1 ${SYNC_GROUP_SEARCH_SCOPE}|" \
-	-e "s|^\( *ldapGroupSync.groupObjectClass *=\).*|\1 ${SYNC_GROUP_OBJECT_CLASS}|" \
-	-e "s|^\( *ldapGroupSync.groupSearchFilter *=\).*|\1 ${SYNC_GROUP_SEARCH_FILTER}|" \
-	-e "s|^\( *ldapGroupSync.groupNameAttribute *=\).*|\1 ${SYNC_GROUP_NAME_ATTRIBUTE}|" \
-	-e "s|^\( *ldapGroupSync.groupMemberAttributeName *=\).*|\1 ${SYNC_GROUP_MEMBER_ATTRIBUTE_NAME}|"
\
-	${CFG_FILE} > ${NEW_CFG_FILE}
-
-    echo "<${logdir}> ${CFG_FILE} > ${NEW_CFG_FILE}"
-else
-    echo "ERROR: Required file, not found: ${CFG_FILE}, Aborting installation"
-    exit 8
-fi
-
-mv ${cdir}/conf/unixauthservice.properties ${cdir}/conf/unixauthservice.properties.${curDt}
-mv ${cdir}/conf/unixauthservice.properties.tmp ${cdir}/conf/unixauthservice.properties
-
-#END Create $INSTALL_DIR/conf/unixauthservice.properties
-
-#Update native exe
-#ranger-usersync/native/credValidator.uexe
-if [ -f ${cdir}/native/credValidator.uexe ]; then
-	chmod 750 ${cdir}/native/credValidator.uexe
-	chown root ${cdir}/native/credValidator.uexe
-	chgrp $unix_group ${cdir}/native/credValidator.uexe
-	chmod u+s ${cdir}/native/credValidator.uexe
-fi
-
-# Install the init.d process in /etc/init.d and create appropriate link to /etc/rc2.d folder
-if [ -d /etc/init.d ]
-then
-  cp ${cdir}/initd  /etc/init.d/${MOD_NAME}
-  chmod +x /etc/init.d/${MOD_NAME}
-
-  if [ -d /etc/rc2.d ]
-  then
-    echo "Creating boot script S99${MOD_NAME} in rc2.d directory .... "
-    ln -sf /etc/init.d/${MOD_NAME}  /etc/rc2.d/S99${MOD_NAME}
-    ln -sf /etc/init.d/${MOD_NAME}  /etc/rc2.d/K00${MOD_NAME}
-  fi
-  if [ -d /etc/rc3.d ]
-  then
-    echo "Creating boot script S99${MOD_NAME} in rc3.d directory .... "
-    ln -sf /etc/init.d/${MOD_NAME}  /etc/rc3.d/S99${MOD_NAME}
-    ln -sf /etc/init.d/${MOD_NAME}  /etc/rc3.d/K00${MOD_NAME}
-  fi
-
-  # SUSE has rc2.d and rc3.d under /etc/rc.d
-  if [ -d /etc/rc.d/rc2.d ]
-  then
-    echo "Creating boot script S99${MOD_NAME} in rc2.d directory .... "
-    ln -sf /etc/init.d/${MOD_NAME}  /etc/rc.d/rc2.d/S99${MOD_NAME}
-    ln -sf /etc/init.d/${MOD_NAME}  /etc/rc.d/rc2.d/K00${MOD_NAME}
-  fi
-  if [ -d /etc/rc.d/rc3.d ]
-  then
-    echo "Creating boot script S99${MOD_NAME} in rc3.d directory .... "
-    ln -sf /etc/init.d/${MOD_NAME}  /etc/rc.d/rc3.d/S99${MOD_NAME}
-    ln -sf /etc/init.d/${MOD_NAME}  /etc/rc.d/rc3.d/K00${MOD_NAME}
-  fi
-
-fi
-
-# Create SoftLink of ranger-usersync-services to /usr/bin/
-ln -sf ${INSTALL_DIR}/ranger-usersync-services.sh /usr/bin/${MOD_NAME}
-chmod ug+rx /usr/bin/${MOD_NAME}
-
-# Start the service
-#service ${MOD_NAME} start
+./setup.py

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/scripts/templates/installprop2xml.properties
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/templates/installprop2xml.properties b/unixauthservice/scripts/templates/installprop2xml.properties
new file mode 100644
index 0000000..f102b52
--- /dev/null
+++ b/unixauthservice/scripts/templates/installprop2xml.properties
@@ -0,0 +1,50 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+POLICY_MGR_URL =  ranger.usersync.policymanager.baseURL
+MIN_UNIX_USER_ID_TO_SYNC = ranger.usersync.unix.minUserId
+SYNC_INTERVAL = ranger.usersync.sleeptimeinmillisbetweensynccycle
+SYNC_LDAP_URL = ranger.usersync.ldap.url
+SYNC_LDAP_BIND_DN = ranger.usersync.ldap.binddn
+SYNC_LDAP_BIND_PASSWORD = ranger.usersync.ldap.ldapbindpassword
+CRED_KEYSTORE_FILENAME= ranger.usersync.credstore.filename
+SYNC_LDAP_SEARCH_BASE = ranger.usersync.ldap.searchBase
+SYNC_LDAP_USER_SEARCH_BASE = ranger.usersync.ldap.user.searchbase
+SYNC_LDAP_USER_SEARCH_SCOPE = ranger.usersync.ldap.user.searchscope
+SYNC_LDAP_USER_OBJECT_CLASS = ranger.usersync.ldap.user.objectclass
+SYNC_LDAP_USER_SEARCH_FILTER = ranger.usersync.ldap.user.searchfilter
+SYNC_LDAP_USER_NAME_ATTRIBUTE = ranger.usersync.ldap.user.nameattribute
+SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = ranger.usersync.ldap.user.groupnameattribute
+SYNC_LDAP_USERNAME_CASE_CONVERSION = ranger.usersync.ldap.username.caseconversion
+SYNC_LDAP_GROUPNAME_CASE_CONVERSION = ranger.usersync.ldap.groupname.caseconversion
+logdir=ranger.usersync.logdir
+SYNC_GROUP_SEARCH_ENABLED = ranger.usersync.group.searchenabled
+SYNC_GROUP_USER_MAP_SYNC_ENABLED = ranger.usersync.group.usermapsyncenabled
+SYNC_GROUP_SEARCH_BASE=ranger.usersync.group.searchbase
+SYNC_GROUP_SEARCH_SCOPE=ranger.usersync.group.searchscope
+SYNC_GROUP_OBJECT_CLASS=ranger.usersync.group.objectclass
+SYNC_LDAP_GROUP_SEARCH_FILTER=ranger.usersync.group.searchfilter
+SYNC_GROUP_NAME_ATTRIBUTE=ranger.usersync.group.nameattribute
+SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=ranger.usersync.group.memberattributename
+SYNC_PAGED_RESULTS_ENABLED=ranger.usersync.pagedresultsenabled
+SYNC_PAGED_RESULTS_SIZE=ranger.usersync.pagedresultssize
+SYNC_SOURCE = SYNC_SOURCE
+unix_user   = unix_user
+unix_group  = unix_group
+AUTH_SSL_KEYSTORE_FILE = ranger.usersync.keystore.file
+AUTH_SSL_KEYSTORE_PASSWORD = ranger.usersync.keystore.password
+AUTH_SSL_TRUSTSTORE_FILE = ranger.usersync.truststore.file
+AUTH_SSL_TRUSTSTORE_PASSWORD = ranger.usersync.truststore.password
+AUTH_SSL_ENABLED = ranger.usersync.enabled

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/scripts/templates/ranger-ugsync-template.xml
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/templates/ranger-ugsync-template.xml b/unixauthservice/scripts/templates/ranger-ugsync-template.xml
new file mode 100644
index 0000000..15a04dc
--- /dev/null
+++ b/unixauthservice/scripts/templates/ranger-ugsync-template.xml
@@ -0,0 +1,168 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+	<property>
+		<name>ranger.usersync.credstore.filename</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.enabled</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.group.memberattributename</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.group.nameattribute</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.group.objectclass</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.group.searchbase</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.group.searchenabled</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.group.searchfilter</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.group.searchscope</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.group.usermapsyncenabled</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.binddn</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.groupname.caseconversion</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.ldapbindpassword</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.searchBase</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.url</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.user.groupnameattribute</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.user.nameattribute</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.user.objectclass</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.user.searchbase</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.user.searchfilter</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.user.searchscope</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ldap.username.caseconversion</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.logdir</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.pagedresultsenabled</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.pagedresultssize</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.passwordvalidator.path</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.policymanager.baseURL</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.policymanager.maxrecordsperapicall</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.policymanager.mockrun</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.port</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.sink.impl.class</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.source.impl.class</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.ssl</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.unix.minUserId</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.keystore.file</name>
+		<value></value>
+	</property>
+	<property>
+		<name>ranger.usersync.truststore.file</name>
+		<value></value>
+	</property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/scripts/update_property.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/update_property.py b/unixauthservice/scripts/update_property.py
new file mode 100644
index 0000000..ba2aec8
--- /dev/null
+++ b/unixauthservice/scripts/update_property.py
@@ -0,0 +1,40 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import sys
+import os
+from xml.etree import ElementTree as ET
+
+def write_properties_to_xml(xml_path, property_name='', property_value=''):
+	if(os.path.isfile(xml_path)):
+		xml = ET.parse(xml_path)
+		root = xml.getroot()
+		for child in root.findall('property'):
+			name = child.find("name").text.strip()
+			if name == property_name:
+				child.find("value").text = property_value
+		xml.write(xml_path)
+		return 0
+	else:
+		return -1
+
+
+
+if __name__ == '__main__':
+	if(len(sys.argv) > 1):
+		parameter_name = sys.argv[1] if len(sys.argv) > 1  else None
+		parameter_value = sys.argv[2] if len(sys.argv) > 2  else None
+		ranger_admin_site_xml_path = sys.argv[3] if len(sys.argv) > 3  else None
+		write_properties_to_xml(ranger_admin_site_xml_path,parameter_name,parameter_value)

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
----------------------------------------------------------------------
diff --git a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
index 01ad7f4..e9e5272 100644
--- a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
+++ b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
@@ -41,9 +41,15 @@ import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.apache.log4j.Logger;
 import org.apache.ranger.usergroupsync.UserGroupSync;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 
 public class UnixAuthenticationService {
 
@@ -52,15 +58,15 @@ public class UnixAuthenticationService {
 	private static final String serviceName = "UnixAuthenticationService" ;
 	
 	private static final String SSL_ALGORITHM = "TLS" ;
-	private static final String REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM = "authServicePort" ;
-	private static final String SSL_KEYSTORE_PATH_PARAM = "keyStore" ;
-	private static final String SSL_KEYSTORE_PATH_PASSWORD_PARAM = "keyStorePassword" ;
-	private static final String SSL_TRUSTSTORE_PATH_PARAM = "trustStore" ;
-	private static final String SSL_TRUSTSTORE_PATH_PASSWORD_PARAM = "trustStorePassword" ;
-	private static final String CRED_VALIDATOR_PROG = "passwordValidatorPath" ;
+	private static final String REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM = "ranger.usersync.port"
;
+	private static final String SSL_KEYSTORE_PATH_PARAM = "ranger.usersync.keystore.file" ;
+	private static final String SSL_KEYSTORE_PATH_PASSWORD_PARAM = "ranger.usersync.keystore.password"
;
+	private static final String SSL_TRUSTSTORE_PATH_PARAM = "ranger.usersync.truststore.file"
;
+	private static final String SSL_TRUSTSTORE_PATH_PASSWORD_PARAM = "ranger.usersync.truststore.password"
;
+	private static final String CRED_VALIDATOR_PROG = "ranger.usersync.passwordvalidator.path"
;
 	private static final String ADMIN_USER_LIST_PARAM = "admin.users" ;
 	private static final String ADMIN_ROLE_LIST_PARAM = "admin.roleNames" ;
-	private static final String SSL_ENABLED_PARAM = "useSSL" ;
+	private static final String SSL_ENABLED_PARAM = "ranger.usersync.ssl" ;
 	
 	private String keyStorePath ;
 	private String keyStorePathPassword ;
@@ -127,11 +133,51 @@ public class UnixAuthenticationService {
 	//TODO: add more validation code
 	private void init() throws Throwable {
 		Properties prop = new Properties() ;
-		InputStream in = getFileInputStream("unixauthservice.properties") ;
+		InputStream in = getFileInputStream("ranger-ugsync-site.xml") ;
 
 		if (in != null) {
 			try {
-				prop.load(in);
+//				prop.load(in);
+				DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory
+						.newInstance();
+				xmlDocumentBuilderFactory.setIgnoringComments(true);
+				xmlDocumentBuilderFactory.setNamespaceAware(true);
+				DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory
+						.newDocumentBuilder();
+				Document xmlDocument = xmlDocumentBuilder.parse(in);
+				xmlDocument.getDocumentElement().normalize();
+
+				NodeList nList = xmlDocument
+						.getElementsByTagName("property");
+
+				for (int temp = 0; temp < nList.getLength(); temp++) {
+
+					Node nNode = nList.item(temp);
+
+					if (nNode.getNodeType() == Node.ELEMENT_NODE) {
+
+						Element eElement = (Element) nNode;
+
+						String propertyName = "";
+						String propertyValue = "";
+						if (eElement.getElementsByTagName("name").item(
+								0) != null) {
+							propertyName = eElement
+									.getElementsByTagName("name")
+									.item(0).getTextContent().trim();
+						}
+						if (eElement.getElementsByTagName("value")
+								.item(0) != null) {
+							propertyValue = eElement
+									.getElementsByTagName("value")
+									.item(0).getTextContent().trim();
+						}
+
+						LOG.info("Adding Property:[" + propertyName + "] Value:"+ propertyValue);
+						prop.put(propertyName, propertyValue);
+
+					}
+				}
 			}
 			finally {
 				try {


Mime
View raw message