ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From v..@apache.org
Subject [2/2] incubator-ranger git commit: RANGER-652: Adding support for ldap connection check tool
Date Sat, 10 Oct 2015 16:26:56 GMT
RANGER-652: Adding support for ldap connection check tool

Signed-off-by: Velmurugan Periasamy <vel@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a2c4bb29
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a2c4bb29
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a2c4bb29

Branch: refs/heads/master
Commit: a2c4bb2941cf5f1026c50e7bc35494231a7da65f
Parents: c22bdec
Author: spolavarapu1 <spolavarapu@hw12101.local>
Authored: Fri Oct 9 10:07:01 2015 -0700
Committer: Velmurugan Periasamy <vel@apache.org>
Committed: Sat Oct 10 12:25:41 2015 -0400

----------------------------------------------------------------------
 src/main/assembly/usersync.xml                  |  36 +
 .../ldapconfigcheck/conf/input.properties       |  63 ++
 .../ldapconfigchecktool/ldapconfigcheck/pom.xml | 130 +++
 .../ldapconfigcheck/scripts/run.sh              |  72 ++
 .../ldapconfigcheck/AuthenticationCheck.java    | 208 +++++
 .../ldapconfigcheck/CommandLineOptions.java     | 230 +++++
 .../ranger/ldapconfigcheck/LdapConfig.java      | 436 ++++++++++
 .../ldapconfigcheck/LdapConfigCheckMain.java    | 241 ++++++
 .../apache/ranger/ldapconfigcheck/UserSync.java | 860 +++++++++++++++++++
 9 files changed, 2276 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c4bb29/src/main/assembly/usersync.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/usersync.xml b/src/main/assembly/usersync.xml
index 8c2600e..161a443 100644
--- a/src/main/assembly/usersync.xml
+++ b/src/main/assembly/usersync.xml
@@ -134,6 +134,42 @@
             </includes>
             <fileMode>544</fileMode>
         </fileSet>
+	<fileSet>
+                <directoryMode>755</directoryMode>
+                <fileMode>755</fileMode>
+                <outputDirectory>/ldaptool</outputDirectory>
+                <directory>ugsync/ldapconfigchecktool/ldapconfigcheck/scripts</directory>
+            <includes>
+                <include>run.sh</include>
+            </includes>
+        </fileSet>
+	<fileSet>
+                <directoryMode>755</directoryMode>
+                <fileMode>644</fileMode>
+                <outputDirectory>/ldaptool/lib</outputDirectory>
+                <directory>ugsync/ldapconfigchecktool/ldapconfigcheck/target</directory>
+            <includes>
+                <include>ldapconfigcheck.jar</include>
+            </includes>
+	</fileSet>
+	<fileSet>
+                <directoryMode>755</directoryMode>
+                <fileMode>644</fileMode>
+                <outputDirectory>/ldaptool/conf</outputDirectory>
+                <directory>ugsync/ldapconfigchecktool/ldapconfigcheck/conf</directory>
+            <includes>
+                <include>input.properties</include>
+            </includes>
+        </fileSet>
+	<fileSet>
+                <directoryMode>755</directoryMode>
+                <fileMode>644</fileMode>
+                <outputDirectory>/ldaptool/output</outputDirectory>
+                <directory>ugsync/ldapconfigchecktool/ldapconfigcheck/conf</directory>
+		<excludes>
+                <exclude>input.properties</exclude>
+            </excludes>
+        </fileSet>
   </fileSets>
   <files>
       <file>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c4bb29/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties
----------------------------------------------------------------------
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties b/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties
new file mode 100755
index 0000000..dc6fc59
--- /dev/null
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties
@@ -0,0 +1,63 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Mandatory ldap configuration properties.
+ranger.usersync.ldap.url=
+ranger.usersync.ldap.binddn=
+ranger.usersync.ldap.ldapbindpassword=
+
+# Mandatory only for openLdap 
+ranger.usersync.ldap.user.searchbase=
+ranger.usersync.ldap.user.searchfilter=
+
+# For verifying authentication please provide sample username and password
+ranger.admin.auth.sampleuser=
+ranger.admin.auth.samplepassword=
+
+# Optional properties will be determined based on the above search
+# User attributes
+ranger.usersync.ldap.user.nameattribute=
+ranger.usersync.ldap.user.objectclass=
+ranger.usersync.ldap.user.groupnameattribute=
+
+# Group attributes
+ranger.usersync.group.searchenabled=false
+ranger.usersync.group.memberattributename=
+ranger.usersync.group.nameattribute=
+ranger.usersync.group.objectclass=
+ranger.usersync.group.searchbase=
+ranger.usersync.group.searchfilter=
+
+# Other UserSync related attributes
+ranger.usersync.ldap.authentication.mechanism=simple
+ranger.usersync.pagedresultsenabled=true
+ranger.usersync.pagedresultssize=500
+ranger.usersync.ldap.username.caseconversion=lower
+ranger.usersync.ldap.groupname.caseconversion=lower
+ranger.usersync.ldap.user.searchscope=sub
+ranger.usersync.group.searchscope=sub
+
+ranger.usersync.credstore.filename=
+ranger.usersync.ldap.bindalias=
+ranger.usersync.ldap.searchBase=
+ranger.usersync.group.usermapsyncenabled=false
+
+# Authentication properties
+ranger.authentication.method=
+ranger.ldap.ad.domain=
+ranger.ldap.user.dnpattern=
+ranger.ldap.group.roleattribute=
+ranger.ldap.group.searchbase=
+ranger.ldap.group.searchfilter=

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c4bb29/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
----------------------------------------------------------------------
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml b/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
new file mode 100644
index 0000000..a0971f2
--- /dev/null
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+      <groupId>org.apache.ranger</groupId>
+      <artifactId>ranger</artifactId>
+      <version>0.5.0</version>
+	  <relativePath>..</relativePath>
+    </parent>
+
+    <artifactId>ldapconfigcheck</artifactId>
+
+    <packaging>jar</packaging>
+    <name>Ldap Config Check Tool</name>
+    <description>Ldap configuration check tool</description>
+
+    <dependencies>
+      <dependency>
+      	<groupId>commons-cli</groupId>
+      	<artifactId>commons-cli</artifactId>
+      	<version>${commons.cli.version}</version>
+      </dependency>
+      <dependency>
+      	<groupId>commons-configuration</groupId>
+      	<artifactId>commons-configuration</artifactId>
+      	<version>${commons.configuration.version}</version>
+      </dependency>
+      <dependency>
+      	<groupId>commons-lang</groupId>
+      	<artifactId>commons-lang</artifactId>
+      	<version>${commons.lang.version}</version>
+      </dependency>
+      <dependency>
+      	<groupId>commons-logging</groupId>
+      	<artifactId>commons-logging</artifactId>
+      	<version>${commons.logging.version}</version>
+      </dependency>
+      <dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-beans</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-context</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-core</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-tx</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.ldap</groupId>
+		    <artifactId>spring-ldap-core</artifactId>
+		    <version>${spring-ldap-core.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.security</groupId>
+		    <artifactId>spring-security-core</artifactId>
+		    <version>${springframework.security.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.security</groupId>
+		    <artifactId>spring-security-ldap</artifactId>
+		    <version>${springframework.security.version}</version>
+		</dependency>
+      <dependency>
+	  	<groupId>org.apache.ranger</groupId>
+    	<artifactId>credentialbuilder</artifactId>
+    	<version>${project.version}</version>  	
+      </dependency>
+
+      <dependency>
+        <groupId>org.apache.ranger</groupId>
+        <artifactId>ranger-util</artifactId>
+        <version>${project.version}</version>
+      </dependency>
+
+    </dependencies>
+  <build>
+    <finalName>ldapconfigcheck</finalName>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-shade-plugin</artifactId>
+        <version>2.2</version>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>shade</goal>
+            </goals>
+            <configuration>
+              <transformers>
+                <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+                  <mainClass>org.apache.ranger.ldapconfigcheck.LdapConfigCheckMain</mainClass>
+                </transformer>
+              </transformers>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c4bb29/ugsync/ldapconfigchecktool/ldapconfigcheck/scripts/run.sh
----------------------------------------------------------------------
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/scripts/run.sh b/ugsync/ldapconfigchecktool/ldapconfigcheck/scripts/run.sh
new file mode 100755
index 0000000..787e216
--- /dev/null
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/scripts/run.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+AUTH=1
+
+usage() {
+  echo "usage: run.sh
+ -noauth         ignore authentication properties
+ -d <arg>   {all|users|groups}
+ -h                       show help.
+ -i <arg>            Input file name
+ -o <arg>            Output directory
+ -r <arg>             {all|users|groups}"
+  exit 1
+}
+
+cdir=`pwd`
+cp="${cdir}/lib/*:${cdir}/conf"
+OUTDIR="${cdir}/output/"
+JAVA_CMD="java -cp ${cdir}/lib/ldapconfigcheck.jar:${cp} org.apache.ranger.ldapconfigcheck.LdapConfigCheckMain"
+
+while getopts "i:o:d:r:noauthh" opt; do
+  case $opt in
+    i) INFILE=$OPTARG
+	JAVA_CMD="$JAVA_CMD -i $OPTARG"
+	;;
+    o) OUTDIR=$OPTARG
+	;;
+    d) DISCOVER=$OPTARG
+	JAVA_CMD="$JAVA_CMD -d $OPTARG"
+	;;
+    r) RETRIEVE=$OPTARG
+	JAVA_CMD="$JAVA_CMD -r $OPTARG"
+	;;
+    noauth) AUTH=0
+	JAVA_CMD="$JAVA_CMD -noauth"
+	;;
+    h) usage
+	;;
+    \?) echo -e \\n"Option -$OPTARG not allowed."
+	usage
+	;;
+  esac
+done
+
+JAVA_CMD="$JAVA_CMD -o $OUTDIR"
+
+echo "JAVA commnad = $JAVA_CMD"
+
+if [ "${JAVA_HOME}" != "" ]
+then
+	export JAVA_HOME
+	PATH="${JAVA_HOME}/bin:${PATH}"
+	export PATH
+fi
+
+cd ${cdir}
+$JAVA_CMD

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c4bb29/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/AuthenticationCheck.java
----------------------------------------------------------------------
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/AuthenticationCheck.java b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/AuthenticationCheck.java
new file mode 100644
index 0000000..f39f782
--- /dev/null
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/AuthenticationCheck.java
@@ -0,0 +1,208 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.ldapconfigcheck;
+
+import java.io.PrintStream;
+import java.util.ArrayList;
+import java.util.List;
+import org.springframework.ldap.core.support.LdapContextSource;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.ldap.authentication.BindAuthenticator;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
+
+
+public class AuthenticationCheck {
+    private String ldapUrl = null;
+    private String authMethod = "NONE";
+    private String adDomain = null;
+    private String userDnPattern = null;
+    private String roleAttribute = null;
+    private String groupSearchBase = null;
+    private String groupSearchFilter = null;
+
+    private PrintStream logFile = null;
+    private PrintStream ambariProps = null;
+    private PrintStream installProps = null;
+
+    public AuthenticationCheck(String ldapUrl, UserSync userSyncObj, PrintStream logFile,
+                               PrintStream ambariProps, PrintStream installProps) {
+
+        this.logFile = logFile;
+        this.ambariProps = ambariProps;
+        this.installProps = installProps;
+
+        if (userSyncObj.getUserNameAttribute().equalsIgnoreCase("sAMAccountName")) {
+            authMethod = "AD";
+        } else {
+            authMethod = "LDAP";
+        }
+        this.ldapUrl = ldapUrl;
+        adDomain = userSyncObj.getSearchBase();
+        userDnPattern = userSyncObj.getUserNameAttribute() + "={0}," + userSyncObj.getUserSearchBase();
+        roleAttribute = userSyncObj.getGroupNameAttrName();
+        groupSearchBase = userSyncObj.getGroupSearchBase();
+        groupSearchFilter = userSyncObj.getGroupMemberName() + "=" + userDnPattern;
+
+    }
+
+    public void discoverAuthProperties() {
+
+        ambariProps.println("\n# Possible values for authetication properties:");
+        installProps.println("\n# Possible values for authetication properties:");
+        if (authMethod.equalsIgnoreCase("AD")) {
+            installProps.println("xa_ldap_ad_url=" + ldapUrl);
+            installProps.println("xa_ldap_ad_domain=" + adDomain);
+        } else {
+            installProps.println("xa_ldap_url=" + ldapUrl);
+            installProps.println("xa_ldap_userDNpattern=" + userDnPattern);
+            installProps.println("xa_ldap_groupRoleAttribute=" + roleAttribute);
+            installProps.println("xa_ldap_groupSearchBase=" + groupSearchBase);
+            installProps.println("xa_ldap_groupSearchFilter=" + groupSearchFilter);
+        }
+
+        ambariProps.println("ranger.authentication.method=" + authMethod);
+        if (authMethod.equalsIgnoreCase("AD")) {
+            ambariProps.println("ranger.ldap.ad.url=" + ldapUrl);
+            ambariProps.println("ranger.ldap.ad.domain=" + adDomain);
+        } else {
+            ambariProps.println("ranger.ldap.url=" + ldapUrl);
+            ambariProps.println("ranger.ldap.user.dnpattern=" + userDnPattern);
+            ambariProps.println("ranger.ldap.group.roleattribute=" + roleAttribute);
+            ambariProps.println("ranger.ldap.group.searchbase=" + groupSearchBase);
+            ambariProps.println("ranger.ldap.group.searchfilter=" + groupSearchFilter);
+        }
+    }
+
+    public boolean isAuthenticated(String ldapUrl, String bindDn, String bindPassword, String userName,
+                                   String userPassword) {
+        boolean isAuthenticated = false;
+        //Verify Authentication
+        Authentication authentication;
+        if (authMethod.equalsIgnoreCase("AD")) {
+            authentication = getADBindAuthentication(ldapUrl, bindDn, bindPassword, userName, userPassword);
+        } else {
+            authentication = getLdapBindAuthentication(ldapUrl, bindDn, bindPassword, userName, userPassword);
+        }
+        if (authentication != null) {
+            isAuthenticated = authentication.isAuthenticated();
+        }
+
+        return isAuthenticated;
+    }
+
+    private Authentication getADBindAuthentication(String ldapUrl, String bindDn, String bindPassword,
+                                                   String userName, String userPassword) {
+        Authentication result = null;
+        try {
+            LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(ldapUrl);
+            ldapContextSource.setUserDn(bindDn);
+            ldapContextSource.setPassword(bindPassword);
+            ldapContextSource.setReferral("follow");
+            ldapContextSource.setCacheEnvironmentProperties(true);
+            ldapContextSource.setAnonymousReadOnly(false);
+            ldapContextSource.setPooled(true);
+            ldapContextSource.afterPropertiesSet();
+
+            String searchFilter="(sAMAccountName={0})";
+            FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(adDomain, searchFilter,ldapContextSource);
+            userSearch.setSearchSubtree(true);
+
+            BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
+            bindAuthenticator.setUserSearch(userSearch);
+            bindAuthenticator.afterPropertiesSet();
+
+            LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
+
+            if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
+                final List<GrantedAuthority> grantedAuths = new ArrayList<>();
+                grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
+                final UserDetails principal = new User(userName, userPassword, grantedAuths);
+                final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
+
+                result = ldapAuthenticationProvider.authenticate(finalAuthentication);
+            }
+
+        } catch (BadCredentialsException bce) {
+            logFile.println("ERROR: LDAP Authentication Failed. Please verify values for ranger.admin.auth.sampleuser and " +
+                    "ranger.admin.auth.samplepassword\n");
+        } catch (Exception e) {
+            logFile.println("ERROR: LDAP Authentication Failed: " + e);
+        }
+        return result;
+    }
+
+    private Authentication getLdapBindAuthentication(String ldapUrl, String bindDn, String bindPassword,
+                                                     String userName, String userPassword) {
+        Authentication result = null;
+        try {
+            LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(ldapUrl);
+            ldapContextSource.setUserDn(bindDn);
+            ldapContextSource.setPassword(bindPassword);
+            ldapContextSource.setReferral("follow");
+            ldapContextSource.setCacheEnvironmentProperties(false);
+            ldapContextSource.setAnonymousReadOnly(true);
+            ldapContextSource.setPooled(true);
+            ldapContextSource.afterPropertiesSet();
+
+            DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, groupSearchBase);
+            defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(roleAttribute);
+            defaultLdapAuthoritiesPopulator.setGroupSearchFilter(groupSearchFilter);
+            defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
+
+            String searchFilter="(uid={0})";
+            FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(adDomain, searchFilter,ldapContextSource);
+            userSearch.setSearchSubtree(true);
+
+            BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
+            bindAuthenticator.setUserSearch(userSearch);
+            String[] userDnPatterns = new String[] { userDnPattern };
+            bindAuthenticator.setUserDnPatterns(userDnPatterns);
+            bindAuthenticator.afterPropertiesSet();
+
+            LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator,defaultLdapAuthoritiesPopulator);
+
+            if (userName != null && userPassword != null && !userName.trim().isEmpty()&& !userPassword.trim().isEmpty()) {
+                final List<GrantedAuthority> grantedAuths = new ArrayList<>();
+                grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
+                final UserDetails principal = new User(userName, userPassword,grantedAuths);
+                final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
+
+                result = ldapAuthenticationProvider.authenticate(finalAuthentication);
+            }
+        } catch (BadCredentialsException bce) {
+            logFile.println("ERROR: LDAP Authentication Failed. Please verify values for ranger.admin.auth.sampleuser and " +
+                    "ranger.admin.auth.samplepassword\n");
+        } catch (Exception e) {
+            logFile.println("ERROR: LDAP Authentication Failed: " + e);
+        }
+        return result;
+    }
+}
+
+

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c4bb29/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/CommandLineOptions.java
----------------------------------------------------------------------
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/CommandLineOptions.java b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/CommandLineOptions.java
new file mode 100644
index 0000000..790330f
--- /dev/null
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/CommandLineOptions.java
@@ -0,0 +1,230 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.ldapconfigcheck;
+
+import org.apache.commons.cli.*;
+import java.io.Console;
+
+public class CommandLineOptions {
+
+    private String[] args = null;
+    private Options options = new Options();
+    private String input = null;
+    private String output = null;
+    private String discoverProperties;
+    private String retrieveValues = null;
+    private boolean isAuthEnabled = true;
+    private String ldapUrl = "";
+    private String bindDn = "";
+    private String bindPassword = "";
+    private String userSearchBase = "";
+    private String userSearchFilter = "";
+    private String authUser = "";
+    private String authPass = "";
+
+    public CommandLineOptions(String[] args) {
+        this.args = args;
+        options.addOption("h", "help", false, "show help.");
+        options.addOption("i", "inputfile", true, "Input file name");
+        options.addOption("o", "outputdir", true, "Output directory");
+        options.addOption("d", "discoverProperties", true, "{all|users|groups}");
+        options.addOption("r", "retrieve", true, "{all|users|groups}");
+        options.addOption("noauth", "noAuthentication", false, "Ignore authentication properties");
+    }
+
+    public void parse() {
+    	CommandLineParser parser = new BasicParser();
+        try {
+            CommandLine cmd = parser.parse(options, args);
+            if (cmd.hasOption("h")) {
+
+            }
+
+
+            if (cmd.hasOption("o")) {
+                output = cmd.getOptionValue("o");
+            } else {
+                System.out.println("Missing o option for output directory");
+                help();
+            }
+
+            if (cmd.hasOption("d")) {
+                discoverProperties = cmd.getOptionValue("d");
+                if (discoverProperties == null || (!discoverProperties.equalsIgnoreCase("all") &&
+                        !discoverProperties.equalsIgnoreCase("users") && !discoverProperties.equalsIgnoreCase("groups"))) {
+                    System.out.println("Unsupported value for option d");
+                    help();
+                }
+            }
+
+            if (cmd.hasOption("r")) {
+                retrieveValues = cmd.getOptionValue("r");
+                if (retrieveValues == null || (!retrieveValues.equalsIgnoreCase("all")
+                        && !retrieveValues.equalsIgnoreCase("users") && !retrieveValues.equalsIgnoreCase("groups"))) {
+                    System.out.println("Unsupported value for option r");
+                    help();
+                }
+            } else {
+                if (discoverProperties == null || discoverProperties.isEmpty()) {
+                    System.out.println("Default to discover all usersync properties");
+                    //help();
+                	// If "d" or "r" option is not specified, then default to discover all usersync properties
+                	discoverProperties = "all";
+                }
+            }
+
+            if (cmd.hasOption("noauth")) {
+                isAuthEnabled = false;
+            }
+            
+            if (cmd.hasOption("i")) {
+                input = cmd.getOptionValue("i");
+                if (input == null || input.isEmpty()) {
+                    System.out.println("Please specify the input properties file name");
+                    help();
+                }
+
+            } else {
+                // Read the properties from CLI and write to the input properties file.
+                input = LdapConfig.CONFIG_FILE;
+                readCLI();
+            }
+
+        } catch (ParseException pe) {
+            System.out.println("Failed to parse command line arguments " + pe);
+            help();
+        }
+    }
+
+    public void help() {
+        // This prints out some help
+        HelpFormatter formater = new HelpFormatter();
+        formater.printHelp("ldapConfigCheck", options);
+        System.exit(0);
+    }
+
+    public String getInput() {
+        return input;
+    }
+
+    public String getOutput() {
+
+        return output;
+    }
+
+    public String getDiscoverProperties() {
+        return discoverProperties;
+    }
+
+    public boolean isAuthEnabled() {
+        return isAuthEnabled;
+    }
+
+    public String getRetrieveValues() {
+        return retrieveValues;
+    }
+
+    private void readCLI() {
+        boolean repeat;
+        Console console = System.console();
+        do {
+            repeat = false;
+            System.out.print("Ldap url [ldap://ldap.example.com:389]: ");
+            ldapUrl = console.readLine();
+            if (ldapUrl == null || ldapUrl.isEmpty()) {
+                System.out.println("Please enter valid ldap url.");
+                repeat = true;
+            }
+        } while (repeat == true);
+        do {
+            repeat = false;
+            System.out.print("Bind DN [cn=admin,ou=users,dc=example,dc=com]: ");
+            bindDn = console.readLine();
+            if (bindDn == null || bindDn.isEmpty()) {
+                System.out.println("Please enter valid bindDn.");
+                repeat = true;
+            }
+        } while (repeat == true);
+        do {
+            repeat = false;
+            System.out.print("Bind Password: ");
+            char[] password = console.readPassword();
+            bindPassword = String.valueOf(password);
+            if (bindPassword == null || bindPassword.isEmpty()) {
+                System.out.println("Bind Password can't be empty.");
+                repeat = true;
+            }
+        } while (repeat == true);
+        System.out.print("User Search Base [ou=users,dc=example,dc=com]: ");
+        userSearchBase = console.readLine();
+        System.out.print("User Search Filter [cn=user1]: ");
+        userSearchFilter = console.readLine();
+        
+        if (isAuthEnabled) {
+            do {
+                repeat = false;
+                System.out.print("Sample Authentication User [user1]: ");
+                authUser = console.readLine();
+                if (authUser == null || authUser.isEmpty()) {
+                    System.out.println("Sample Authentication user must not be empty!");
+                    repeat = true;
+                }
+            } while (repeat == true);
+            do {
+                repeat = false;
+                System.out.print("Sample Authentication Password: ");
+                char[] password = console.readPassword();
+                authPass = String.valueOf(password);
+                if (authPass == null || authPass.isEmpty()) {
+                    System.out.println("Sample Authentication password must not be empty!");
+                    repeat = true;
+                }
+            } while (repeat == true);
+        }
+    }
+
+    public String getLdapUrl() {
+        return ldapUrl;
+    }
+
+    public String getBindDn() {
+        return bindDn;
+    }
+
+    public String getBindPassword() {
+        return bindPassword;
+    }
+
+    public String getUserSearchBase() {
+        return userSearchBase;
+    }
+
+    public String getUserSearchFilter() {
+        return userSearchFilter;
+    }
+
+    public String getAuthUser() {
+        return authUser;
+    }
+
+    public String getAuthPass() {
+        return authPass;
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c4bb29/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java
new file mode 100644
index 0000000..a548957
--- /dev/null
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java
@@ -0,0 +1,436 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.ldapconfigcheck;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.lang.NullArgumentException;
+import org.apache.commons.configuration.PropertiesConfiguration;
+
+public class LdapConfig {
+
+    public static final String CONFIG_FILE = "input.properties";
+
+    private static final String LGSYNC_LDAP_URL = "ranger.usersync.ldap.url";
+
+    private static final String LGSYNC_LDAP_BIND_DN = "ranger.usersync.ldap.binddn";
+
+    private static final String LGSYNC_LDAP_BIND_KEYSTORE = "ranger.usersync.credstore.filename";
+
+    private static final String LGSYNC_LDAP_BIND_ALIAS = "ranger.usersync.ldap.bindalias";
+
+    private static final String LGSYNC_LDAP_BIND_PASSWORD = "ranger.usersync.ldap.ldapbindpassword";
+
+    private static final String LGSYNC_LDAP_AUTHENTICATION_MECHANISM = "ranger.usersync.ldap.authentication.mechanism";
+    private static final String DEFAULT_AUTHENTICATION_MECHANISM = "simple";
+
+    private static final String LGSYNC_SEARCH_BASE = "ranger.usersync.ldap.searchBase";
+
+    private static final String LGSYNC_USER_SEARCH_BASE = "ranger.usersync.ldap.user.searchbase";
+
+    private static final String LGSYNC_USER_SEARCH_SCOPE = "ranger.usersync.ldap.user.searchscope";
+
+    private static final String LGSYNC_USER_OBJECT_CLASS = "ranger.usersync.ldap.user.objectclass";
+
+    private static final String LGSYNC_USER_SEARCH_FILTER = "ranger.usersync.ldap.user.searchfilter";
+
+    private static final String LGSYNC_USER_NAME_ATTRIBUTE = "ranger.usersync.ldap.user.nameattribute";
+
+    private static final String LGSYNC_USER_GROUP_NAME_ATTRIBUTE = "ranger.usersync.ldap.user.groupnameattribute";
+
+    public static final String UGSYNC_LOWER_CASE_CONVERSION_VALUE = "lower";
+
+    private static final String UGSYNC_USERNAME_CASE_CONVERSION_PARAM = "ranger.usersync.ldap.username.caseconversion";
+    private static final String DEFAULT_UGSYNC_USERNAME_CASE_CONVERSION_VALUE = UGSYNC_LOWER_CASE_CONVERSION_VALUE;
+
+    private static final String UGSYNC_GROUPNAME_CASE_CONVERSION_PARAM = "ranger.usersync.ldap.groupname.caseconversion";
+    private static final String DEFAULT_UGSYNC_GROUPNAME_CASE_CONVERSION_VALUE = UGSYNC_LOWER_CASE_CONVERSION_VALUE;
+
+
+    private static final String LGSYNC_PAGED_RESULTS_ENABLED = "ranger.usersync.pagedresultsenabled";
+    private static final boolean DEFAULT_LGSYNC_PAGED_RESULTS_ENABLED = true;
+
+    private static final String LGSYNC_PAGED_RESULTS_SIZE = "ranger.usersync.pagedresultssize";
+    private static final int DEFAULT_LGSYNC_PAGED_RESULTS_SIZE = 500;
+
+    private static final String LGSYNC_GROUP_SEARCH_ENABLED = "ranger.usersync.group.searchenabled";
+    private static final boolean DEFAULT_LGSYNC_GROUP_SEARCH_ENABLED = false;
+
+    private static final String LGSYNC_GROUP_USER_MAP_SYNC_ENABLED = "ranger.usersync.group.usermapsyncenabled";
+    private static final boolean DEFAULT_LGSYNC_GROUP_USER_MAP_SYNC_ENABLED = false;
+
+    private static final String LGSYNC_GROUP_SEARCH_BASE = "ranger.usersync.group.searchbase";
+
+    private static final String LGSYNC_GROUP_SEARCH_SCOPE = "ranger.usersync.group.searchscope";
+
+    private static final String LGSYNC_GROUP_OBJECT_CLASS = "ranger.usersync.group.objectclass";
+
+    private static final String LGSYNC_GROUP_SEARCH_FILTER = "ranger.usersync.group.searchfilter";
+
+    private static final String LGSYNC_GROUP_NAME_ATTRIBUTE = "ranger.usersync.group.nameattribute";
+
+    private static final String LGSYNC_GROUP_MEMBER_ATTRIBUTE_NAME = "ranger.usersync.group.memberattributename";
+
+    //Authentication relate properties
+    private static final String AUTHENTICATION_METHOD = "ranger.authentication.method";
+    private static final String AD_DOMAIN = "ranger.ldap.ad.domain";
+    private static final String USER_DN_PATTERN = "ranger.ldap.user.dnpattern";
+    private static final String GROUP_ROLE_ATTRIBUTE = "ranger.ldap.group.roleattribute";
+    private static final String GROUP_SEARCH_BASE = "ranger.ldap.group.searchbase";
+    private static final String GROUP_SEARCH_FILTER = "ranger.ldap.group.searchfilter";
+    private static final String AUTH_USERNAME = "ranger.admin.auth.sampleuser";
+    private static final String AUTH_PASSWORD = "ranger.admin.auth.samplepassword";
+
+
+    private Properties prop = new Properties();
+
+
+    public LdapConfig(String configFile) {
+        init(configFile);
+    }
+
+    private void init(String configFile) {
+        readConfigFile(configFile);
+    }
+
+    private void readConfigFile(String fileName) {
+        try {
+            InputStream in = getFileInputStream(fileName);
+            if (in != null) {
+                try {
+                    System.out.println("Reading ldap properties from " + fileName);
+                    prop.load(in);
+
+                } finally {
+                    try {
+                        in.close();
+                    } catch (IOException ioe) {
+                        // Ignore IOE when closing stream
+                        System.out.println(ioe);
+                    }
+                }
+            }
+        } catch (Throwable e) {
+            throw new RuntimeException("Unable to load configuration file [" + fileName + "]", e);
+        }
+    }
+
+
+    /*private InputStream getFileInputStream(String path) throws FileNotFoundException {
+
+        InputStream ret = null;
+
+        File f = new File(path);
+
+        if (f.exists()) {
+            ret = new FileInputStream(f);
+        }
+
+        return ret;
+    }*/
+    
+    private InputStream getFileInputStream(String path) throws FileNotFoundException {
+
+		InputStream ret = null;
+
+		File f = new File(path);
+
+		if (f.exists()) {
+			ret = new FileInputStream(f);
+		} else {
+			ret = getClass().getResourceAsStream(path);
+			
+			if (ret == null) {
+				if (! path.startsWith("/")) {
+					ret = getClass().getResourceAsStream("/" + path);
+				}
+			}
+			
+			if (ret == null) {
+				ret = ClassLoader.getSystemClassLoader().getResourceAsStream(path) ;
+				if (ret == null) {
+					if (! path.startsWith("/")) {
+						ret = ClassLoader.getSystemResourceAsStream("/" + path);
+					}
+				}
+			}
+		}
+
+		return ret;
+	}
+
+    public String getLdapUrl() throws Throwable {
+        String val = prop.getProperty(LGSYNC_LDAP_URL);
+        if (val == null || val.trim().isEmpty()) {
+            throw new NullArgumentException(LGSYNC_LDAP_URL);
+        }
+        return val;
+    }
+
+
+    public String getLdapBindDn() throws Throwable {
+        String val = prop.getProperty(LGSYNC_LDAP_BIND_DN);
+        if (val == null || val.trim().isEmpty()) {
+            throw new NullArgumentException(LGSYNC_LDAP_BIND_DN);
+        }
+        return val;
+    }
+
+
+    public String getLdapBindPassword() {
+        //update credential from keystore
+        if (prop == null) {
+            return null;
+        }
+        return prop.getProperty(LGSYNC_LDAP_BIND_PASSWORD);
+    }
+
+
+    public String getLdapAuthenticationMechanism() {
+        String val = prop.getProperty(LGSYNC_LDAP_AUTHENTICATION_MECHANISM);
+        if (val == null || val.trim().isEmpty()) {
+            return DEFAULT_AUTHENTICATION_MECHANISM;
+        }
+        return val;
+    }
+
+
+    public String getUserSearchBase() {
+        String val = prop.getProperty(LGSYNC_USER_SEARCH_BASE);
+        if (val == null || val.trim().isEmpty()) {
+            val = getSearchBase();
+        }
+        return val;
+    }
+
+
+    public int getUserSearchScope() {
+        String val = prop.getProperty(LGSYNC_USER_SEARCH_SCOPE);
+        if (val == null || val.trim().isEmpty()) {
+            return 2; //subtree scope
+        }
+
+        val = val.trim().toLowerCase();
+        if (val.equals("0") || val.startsWith("base")) {
+            return 0; // object scope
+        } else if (val.equals("1") || val.startsWith("one")) {
+            return 1; // one level scope
+        } else {
+            return 2; // subtree scope
+        }
+    }
+
+
+    public String getUserObjectClass() {
+        String val = prop.getProperty(LGSYNC_USER_OBJECT_CLASS);
+        return val;
+    }
+
+    public String getUserSearchFilter() {
+        return prop.getProperty(LGSYNC_USER_SEARCH_FILTER);
+    }
+
+
+    public String getUserNameAttribute() {
+        String val = prop.getProperty(LGSYNC_USER_NAME_ATTRIBUTE);
+        return val;
+    }
+
+    public String getUserGroupNameAttribute() {
+        String val = prop.getProperty(LGSYNC_USER_GROUP_NAME_ATTRIBUTE);
+        return val;
+    }
+
+    public String getUserNameCaseConversion() {
+        String ret = prop.getProperty(UGSYNC_USERNAME_CASE_CONVERSION_PARAM, DEFAULT_UGSYNC_USERNAME_CASE_CONVERSION_VALUE);
+        return ret.trim().toLowerCase();
+    }
+
+    public String getGroupNameCaseConversion() {
+        String ret = prop.getProperty(UGSYNC_GROUPNAME_CASE_CONVERSION_PARAM, DEFAULT_UGSYNC_GROUPNAME_CASE_CONVERSION_VALUE);
+        return ret.trim().toLowerCase();
+    }
+
+    public String getSearchBase() {
+        return prop.getProperty(LGSYNC_SEARCH_BASE);
+    }
+
+    public boolean isPagedResultsEnabled() {
+        boolean pagedResultsEnabled;
+        String val = prop.getProperty(LGSYNC_PAGED_RESULTS_ENABLED);
+        if (val == null || val.trim().isEmpty()) {
+            pagedResultsEnabled = DEFAULT_LGSYNC_PAGED_RESULTS_ENABLED;
+        } else {
+            pagedResultsEnabled = Boolean.valueOf(val);
+        }
+        return pagedResultsEnabled;
+    }
+
+    public int getPagedResultsSize() {
+        int pagedResultsSize;
+        String val = prop.getProperty(LGSYNC_PAGED_RESULTS_SIZE);
+        if (val == null || val.trim().isEmpty()) {
+            pagedResultsSize = DEFAULT_LGSYNC_PAGED_RESULTS_SIZE;
+        } else {
+            pagedResultsSize = Integer.parseInt(val);
+        }
+        if (pagedResultsSize < 1) {
+            pagedResultsSize = DEFAULT_LGSYNC_PAGED_RESULTS_SIZE;
+        }
+        return pagedResultsSize;
+    }
+
+    public boolean isGroupSearchEnabled() {
+        boolean groupSearchEnabled;
+        String val = prop.getProperty(LGSYNC_GROUP_SEARCH_ENABLED);
+        if (val == null || val.trim().isEmpty()) {
+            groupSearchEnabled = DEFAULT_LGSYNC_GROUP_SEARCH_ENABLED;
+        } else {
+            groupSearchEnabled = Boolean.valueOf(val);
+        }
+        return groupSearchEnabled;
+    }
+
+    public boolean isGroupUserMapSyncEnabled() {
+        boolean groupUserMapSyncEnabled;
+        String val = prop.getProperty(LGSYNC_GROUP_USER_MAP_SYNC_ENABLED);
+        if (val == null || val.trim().isEmpty()) {
+            groupUserMapSyncEnabled = DEFAULT_LGSYNC_GROUP_USER_MAP_SYNC_ENABLED;
+        } else {
+            groupUserMapSyncEnabled = Boolean.valueOf(val);
+        }
+        return groupUserMapSyncEnabled;
+    }
+
+    public String getGroupSearchBase() {
+        String val = prop.getProperty(LGSYNC_GROUP_SEARCH_BASE);
+        return val;
+    }
+
+    public int getGroupSearchScope() {
+        String val = prop.getProperty(LGSYNC_GROUP_SEARCH_SCOPE);
+        if (val == null || val.trim().isEmpty()) {
+            return 2; //subtree scope
+        }
+
+        val = val.trim().toLowerCase();
+        if (val.equals("0") || val.startsWith("base")) {
+            return 0; // object scope
+        } else if (val.equals("1") || val.startsWith("one")) {
+            return 1; // one level scope
+        } else {
+            return 2; // subtree scope
+        }
+    }
+
+    public String getGroupObjectClass() {
+        String val = prop.getProperty(LGSYNC_GROUP_OBJECT_CLASS);
+        return val;
+    }
+
+    public String getGroupSearchFilter() {
+        return prop.getProperty(LGSYNC_GROUP_SEARCH_FILTER);
+    }
+
+    public String getUserGroupMemberAttributeName() {
+        String val = prop.getProperty(LGSYNC_GROUP_MEMBER_ATTRIBUTE_NAME);
+        return val;
+    }
+
+    public String getGroupNameAttribute() {
+        String val = prop.getProperty(LGSYNC_GROUP_NAME_ATTRIBUTE);
+        return val;
+    }
+
+    public String getAuthenticationMethod() {
+        String val = prop.getProperty(AUTHENTICATION_METHOD);
+        return val;
+    }
+
+    public String getAdDomain() {
+        String val = prop.getProperty(AD_DOMAIN);
+        return val;
+    }
+
+    public String getUserDnPattern() {
+        String val = prop.getProperty(USER_DN_PATTERN);
+        return val;
+    }
+
+    public String getGroupRoleAttribute() {
+        String val = prop.getProperty(GROUP_ROLE_ATTRIBUTE);
+        return val;
+    }
+
+    public String getAuthGroupSearchBase() {
+        String val = prop.getProperty(GROUP_SEARCH_BASE);
+        return val;
+    }
+
+    public String getAuthGroupSearchFilter() {
+        String val = prop.getProperty(GROUP_SEARCH_FILTER);
+        return val;
+    }
+
+    public String getAuthUsername() {
+        return prop.getProperty(AUTH_USERNAME);
+    }
+
+    public String getAuthPassword() {
+        return prop.getProperty(AUTH_PASSWORD);
+    }
+
+    public void updateInputPropFile(String ldapUrl, String bindDn, String bindPassword,
+                                    String userSearchBase, String userSearchFilter,
+                                    String authUser, String authPass) {
+        try {
+            PropertiesConfiguration config = new PropertiesConfiguration(CONFIG_FILE);
+            // Update properties in memory and update the file as well
+            prop.setProperty(LGSYNC_LDAP_URL, ldapUrl);
+            prop.setProperty(LGSYNC_LDAP_BIND_DN, bindDn);
+            prop.setProperty(LGSYNC_LDAP_BIND_PASSWORD, bindPassword);
+            prop.setProperty(LGSYNC_USER_SEARCH_BASE, userSearchBase);
+            prop.setProperty(LGSYNC_USER_SEARCH_FILTER, userSearchFilter);
+            prop.setProperty(AUTH_USERNAME, authUser);
+            prop.setProperty(AUTH_PASSWORD, authPass);
+            config.setProperty(LGSYNC_LDAP_URL, ldapUrl);
+            config.setProperty(LGSYNC_LDAP_BIND_DN, bindDn);
+            config.setProperty(LGSYNC_LDAP_BIND_PASSWORD, bindPassword);
+            config.setProperty(LGSYNC_USER_SEARCH_BASE, userSearchBase);
+            config.setProperty(LGSYNC_USER_SEARCH_FILTER, userSearchFilter);
+            config.setProperty(AUTH_USERNAME, authUser);
+            config.setProperty(AUTH_PASSWORD, authPass);
+            config.save();
+        } catch (ConfigurationException e) {
+            System.out.println("Failed to update " + CONFIG_FILE + ": " + e);
+        }
+    }
+}
+
+
+
+
+

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c4bb29/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfigCheckMain.java
----------------------------------------------------------------------
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfigCheckMain.java b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfigCheckMain.java
new file mode 100644
index 0000000..ad56b2e
--- /dev/null
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfigCheckMain.java
@@ -0,0 +1,241 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.ldapconfigcheck;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.ldap.Control;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.LdapContext;
+import javax.naming.ldap.PagedResultsControl;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Properties;
+
+import org.apache.commons.lang.NullArgumentException;
+
+public class LdapConfigCheckMain {
+
+    private static final String LOG_FILE = "ldapConfigCheck.log";
+    private static final String AMBARI_PROPERTIES = "ambari.properties";
+    private static final String INSTALL_PROPERTIES = "install.properties";
+
+    public static void main(String[] args) {
+
+        CommandLineOptions cli = new CommandLineOptions(args);
+        cli.parse();
+        String inFileName = cli.getInput();
+        String outputDir = cli.getOutput();
+        if (!outputDir.endsWith("/")) {
+            outputDir = outputDir.concat("/");
+        }
+
+        LdapConfig config = new LdapConfig(inFileName);
+        if (cli.getLdapUrl() != null && !cli.getLdapUrl().isEmpty()) {
+            config.updateInputPropFile(cli.getLdapUrl(), cli.getBindDn(), cli.getBindPassword(),
+                    cli.getUserSearchBase(), cli.getUserSearchFilter(), cli.getAuthUser(), cli.getAuthPass());
+        }
+
+        PrintStream logFile = null;
+        PrintStream ambariProps = null;
+        PrintStream installProps = null;
+        LdapContext ldapContext;
+
+        try {
+            logFile = new PrintStream(new File(outputDir + LOG_FILE));
+            ambariProps = new PrintStream(new File(outputDir + AMBARI_PROPERTIES));
+            installProps = new PrintStream(new File(outputDir + INSTALL_PROPERTIES));
+
+            UserSync userSyncObj = new UserSync(config, logFile, ambariProps, installProps);
+
+            String bindDn = config.getLdapBindDn();
+
+            Properties env = new Properties();
+            env.put(Context.INITIAL_CONTEXT_FACTORY,
+                    "com.sun.jndi.ldap.LdapCtxFactory");
+            env.put(Context.PROVIDER_URL, config.getLdapUrl());
+            env.put(Context.SECURITY_PRINCIPAL, bindDn);
+            env.put(Context.SECURITY_CREDENTIALS, config.getLdapBindPassword());
+            env.put(Context.SECURITY_AUTHENTICATION, config.getLdapAuthenticationMechanism());
+            env.put(Context.REFERRAL, "follow");
+
+            ldapContext = new InitialLdapContext(env, null);
+
+            if (config.isPagedResultsEnabled())   {
+                ldapContext.setRequestControls(new Control[]{
+                        new PagedResultsControl(config.getPagedResultsSize(), Control.CRITICAL) });
+            }
+
+            String retrieveValues = "all";
+
+            if (cli.getDiscoverProperties() != null) {
+                retrieveValues = cli.getDiscoverProperties();
+                if (cli.getDiscoverProperties().equalsIgnoreCase("users")) {
+                    userSyncObj.findUserProperties(ldapContext);
+                } else if (cli.getDiscoverProperties().equalsIgnoreCase("groups")) {
+                    userSyncObj.findGroupProperties(ldapContext);
+                } else {
+                    findAllUserSyncProperties(ldapContext, userSyncObj);
+                }
+            }else if (cli.getRetrieveValues() != null){
+                retrieveValues = cli.getRetrieveValues();
+
+            } else {
+                cli.help();
+            }
+
+            if (cli.isAuthEnabled()) {
+                authenticate(userSyncObj, config, logFile, ambariProps, installProps);
+            }
+
+            retrieveUsersGroups(ldapContext, userSyncObj, retrieveValues);
+
+            if (ldapContext != null) {
+                ldapContext.close();
+            }
+
+        } catch (FileNotFoundException fe) {
+            System.out.println(fe.getMessage());
+        } catch (IOException ioe) {
+            logFile.println("ERROR: Failed while setting the paged results controls\n" + ioe);
+        } catch (NamingException ne) {
+            System.out.println("ERROR: Failed to perfom ldap bind. Please verify values for " +
+                    "ranger.usersync.ldap.binddn and ranger.usersync.ldap.ldapbindpassword\n" + ne);
+        } catch (Throwable t) {
+            if (logFile != null) {
+                logFile.println("ERROR: Connection failed: " + t.getMessage());
+            } else {
+                System.out.println("ERROR: Connection failed: " + t.getMessage());
+            }
+        } finally {
+            if (logFile != null) {
+                logFile.close();
+            }
+            if (ambariProps != null) {
+                ambariProps.close();
+            }
+            if (installProps != null) {
+                installProps.close();
+            }
+        }
+    }
+
+    private static void findAllUserSyncProperties(LdapContext ldapContext, UserSync userSyncObj) throws Throwable {
+
+        userSyncObj.findUserProperties(ldapContext);
+        userSyncObj.findGroupProperties(ldapContext);
+    }
+
+    private static void authenticate(UserSync userSyncObj, LdapConfig config,
+                                     PrintStream logFile, PrintStream ambariProps,
+                                     PrintStream installProps) throws Throwable{
+        AuthenticationCheck auth = new AuthenticationCheck(config.getLdapUrl(), userSyncObj, logFile, ambariProps, installProps);
+
+        auth.discoverAuthProperties();
+
+        String msg;
+        if (config.getAuthUsername() == null || config.getAuthUsername().isEmpty()) {
+            msg = "ranger.admin.auth.sampleuser ";
+            throw new NullArgumentException(msg);
+        }
+
+        if (config.getAuthPassword() == null || config.getAuthPassword().isEmpty()) {
+            msg = "ranger.admin.auth.samplepassword ";
+            throw new NullArgumentException(msg);
+        }
+
+        if (auth.isAuthenticated(config.getLdapUrl(), config.getLdapBindDn(), config.getLdapBindPassword(),
+                config.getAuthUsername(), config.getAuthPassword())) {
+            logFile.println("INFO: Authentication verified successfully");
+        } else {
+            logFile.println("ERROR: Failed to authenticate " + config.getAuthUsername());
+        }
+    }
+
+    private static void retrieveUsersGroups(LdapContext ldapContext, UserSync userSyncObj,
+                                            String retrieve) throws Throwable {
+        String msg;
+        if (retrieve == null || userSyncObj == null || ldapContext == null) {
+            msg = "Input validation failed while retrieving Users or Groups";
+            throw new NullArgumentException(msg);
+        }
+
+        if (retrieve.equalsIgnoreCase("users")) {
+            retrieveUsers(ldapContext, userSyncObj);
+        } else if (retrieve.equalsIgnoreCase("groups")){
+            retrieveGroups(ldapContext, userSyncObj);
+        } else {
+            // retrieve both
+            retrieveUsers(ldapContext, userSyncObj);
+            retrieveGroups(ldapContext, userSyncObj);
+        }
+    }
+
+    private static void retrieveUsers(LdapContext ldapContext, UserSync userSyncObj) throws Throwable {
+        String msg;
+        if (userSyncObj.getUserNameAttribute() == null || userSyncObj.getUserNameAttribute().isEmpty()) {
+            msg = "ranger.usersync.ldap.user.nameattribute ";
+            throw new NullArgumentException(msg);
+        }
+        if (userSyncObj.getUserObjClassName() == null || userSyncObj.getUserObjClassName().isEmpty()) {
+            msg = "ranger.usersync.ldap.user.objectclass ";
+            throw new NullArgumentException(msg);
+        }
+        if (userSyncObj.getUserGroupMemberName() == null || userSyncObj.getUserGroupMemberName().isEmpty()) {
+            msg = "ranger.usersync.ldap.user.groupnameattribute ";
+            throw new NullArgumentException(msg);
+        }
+        if ((userSyncObj.getUserSearchBase() == null || userSyncObj.getUserSearchBase().isEmpty()) &&
+                (userSyncObj.getSearchBase() == null || userSyncObj.getSearchBase().isEmpty())) {
+            msg = "ranger.usersync.ldap.user.searchbase and " +
+                    "ranger.usersync.ldap.searchBase ";
+            throw new NullArgumentException(msg);
+        }
+        userSyncObj.getAllUsers(ldapContext);
+    }
+
+    private static void retrieveGroups(LdapContext ldapContext, UserSync userSyncObj) throws Throwable {
+        String msg;
+        if (userSyncObj.getGroupNameAttrName() == null || userSyncObj.getGroupNameAttrName().isEmpty()) {
+            msg = "ranger.usersync.group.nameattribute ";
+            throw new NullArgumentException(msg);
+        }
+        if (userSyncObj.getGroupObjClassName() == null || userSyncObj.getGroupObjClassName().isEmpty()) {
+            msg = "ranger.usersync.group.objectclass ";
+            throw new NullArgumentException(msg);
+        }
+        if (userSyncObj.getUserGroupMemberName() == null || userSyncObj.getUserGroupMemberName().isEmpty()) {
+            msg = "ranger.usersync.group.memberattributename ";
+            throw new NullArgumentException(msg);
+        }
+        if ((userSyncObj.getGroupSearchBase() == null || userSyncObj.getGroupSearchBase().isEmpty()) &&
+                (userSyncObj.getSearchBase() == null || userSyncObj.getSearchBase().isEmpty())) {
+            msg = "ranger.usersync.group.searchbase and " +
+                    "ranger.usersync.ldap.searchBase ";
+            throw new NullArgumentException(msg);
+        }
+        userSyncObj.getAllGroups(ldapContext);
+    }
+
+
+}
+


Mime
View raw message