ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@apache.org
Subject [27/50] [abbrv] incubator-ranger git commit: RANGER-628 : Make filters for ranger-admin search binds configurable
Date Thu, 03 Mar 2016 00:06:51 GMT
RANGER-628 : Make filters for ranger-admin search binds configurable

Signed-off-by: Velmurugan Periasamy <vel@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/af8510a8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/af8510a8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/af8510a8

Branch: refs/heads/HDP-2.3.2-groupid
Commit: af8510a87cce9245f7c3b57e74fc06221be0a74f
Parents: af8ae45
Author: Gautam Borad <gborad@gmail.com>
Authored: Mon Aug 31 15:34:09 2015 +0530
Committer: Velmurugan Periasamy <vel@apache.org>
Committed: Sun Sep 6 23:48:19 2015 -0400

----------------------------------------------------------------------
 security-admin/scripts/install.properties         |  6 +++++-
 security-admin/scripts/setup.sh                   |  8 ++++++++
 .../handler/RangerAuthenticationProvider.java     | 18 +++++++++++++-----
 .../resources/conf.dist/ranger-admin-site.xml     | 10 ++++++++++
 4 files changed, 36 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/af8510a8/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index 4618ee3..eb0c7ec 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -47,7 +47,7 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
 # DB password for the DB admin user-id
 # **************************************************************************
 # ** If the password is left empty or not-defined here,
-# ** it will be prompted to enter the password during installation process
+# ** it will try with blank password during installation process
 # **************************************************************************
 #
 #db_root_user=root|SYS|postgres|sa|dba
@@ -138,6 +138,7 @@ authServicePort=5151
 #xa_ldap_bind_dn="cn=admin,ou=users,dc=xasecure,dc=net"
 #xa_ldap_bind_password=
 #xa_ldap_referral=follow|ignore
+#xa_ldap_userSearchFilter="(uid={0})"
 
 xa_ldap_url=
 xa_ldap_userDNpattern=
@@ -148,6 +149,7 @@ xa_ldap_base_dn=
 xa_ldap_bind_dn=
 xa_ldap_bind_password=
 xa_ldap_referral=
+xa_ldap_userSearchFilter=
 ####ACTIVE_DIRECTORY settings - Required only if have selected AD authentication ####
 #
 # Sample Settings
@@ -158,6 +160,7 @@ xa_ldap_referral=
 #xa_ldap_ad_bind_dn="cn=administrator,ou=users,dc=xasecure,dc=net"
 #xa_ldap_ad_bind_password=
 #xa_ldap_ad_referral=follow|ignore
+#xa_ldap_ad_userSearchFilter="(sAMAccountName={0})"
 
 xa_ldap_ad_domain=
 xa_ldap_ad_url=
@@ -165,6 +168,7 @@ xa_ldap_ad_base_dn=
 xa_ldap_ad_bind_dn=
 xa_ldap_ad_bind_password=
 xa_ldap_ad_referral=
+xa_ldap_ad_userSearchFilter=
 # -----------------------------------------------------------
 #
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/af8510a8/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index e0b14c5..bae6298 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -1330,6 +1330,10 @@ do_authentication_setup(){
 				newPropertyValue="${xa_ldap_referral}"
 				updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
+				propertyName=ranger.ldap.user.searchfilter
+				newPropertyValue="${xa_ldap_userSearchFilter}"
+				updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+
 				keystore="${cred_keystore_filename}"
 
 				if [ "${keystore}" != "" ]
@@ -1411,6 +1415,10 @@ do_authentication_setup(){
 				newPropertyValue="${xa_ldap_ad_referral}"
 				updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
+				propertyName=ranger.ldap.ad.user.searchfilter
+				newPropertyValue="${xa_ldap_ad_userSearchFilter}"
+				updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+
 				keystore="${cred_keystore_filename}"
 
 				if [ "${keystore}" != "" ]

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/af8510a8/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index 1f1d957..abf4db4 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -363,6 +363,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider
{
 			String rangerADBindPassword = PropertiesUtil.getProperty("ranger.ldap.ad.bind.password",
"");
 			String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role",
"ROLE_USER");
 			String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.ad.referral", "follow");
+			String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.ad.user.searchfilter",
"(sAMAccountName={0})");
 			String userName = authentication.getName();
 			String userPassword = "";
 			if (authentication.getCredentials() != null) {
@@ -378,8 +379,11 @@ public class RangerAuthenticationProvider implements AuthenticationProvider
{
 			ldapContextSource.setPooled(true);
 			ldapContextSource.afterPropertiesSet();
 
-			String searchFilter="(sAMAccountName={0})";
-			FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(rangerLdapADBase, searchFilter,ldapContextSource);
+			//String searchFilter="(sAMAccountName={0})";
+			if(rangerLdapUserSearchFilter==null||rangerLdapUserSearchFilter.trim().isEmpty()){
+				rangerLdapUserSearchFilter="(sAMAccountName={0})";
+			}
+			FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(rangerLdapADBase, rangerLdapUserSearchFilter,ldapContextSource);
 			userSearch.setSearchSubtree(true);
 
 			BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
@@ -417,6 +421,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider
{
 			String rangerLdapBindDN = PropertiesUtil.getProperty("ranger.ldap.bind.dn", "");
 			String rangerLdapBindPassword = PropertiesUtil.getProperty("ranger.ldap.bind.password",
"");
 			String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.referral", "follow");
+			String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.user.searchfilter",
"(uid={0})");
 			String userName = authentication.getName();
 			String userPassword = "";
 			if (authentication.getCredentials() != null) {
@@ -428,7 +433,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider
{
 			ldapContextSource.setPassword(rangerLdapBindPassword);
 			ldapContextSource.setReferral(rangerLdapReferral);
 			ldapContextSource.setCacheEnvironmentProperties(false);
-			ldapContextSource.setAnonymousReadOnly(true);
+			ldapContextSource.setAnonymousReadOnly(false);
 			ldapContextSource.setPooled(true);
 			ldapContextSource.afterPropertiesSet();
 
@@ -437,8 +442,11 @@ public class RangerAuthenticationProvider implements AuthenticationProvider
{
 			defaultLdapAuthoritiesPopulator.setGroupSearchFilter(rangerLdapGroupSearchFilter);
 			defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
 
-			String searchFilter="(uid={0})";
-			FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(rangerLdapBase, searchFilter,ldapContextSource);
+			//String searchFilter="(uid={0})";
+			if(rangerLdapUserSearchFilter==null||rangerLdapUserSearchFilter.trim().isEmpty()){
+				rangerLdapUserSearchFilter="(uid={0})";
+			}
+			FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(rangerLdapBase, rangerLdapUserSearchFilter,ldapContextSource);
 			userSearch.setSearchSubtree(true);
 
 			BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/af8510a8/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index 822a507..6009693 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -217,4 +217,14 @@
 		<value></value>
 		<description></description>
 	</property>
+	<property>
+		<name>ranger.ldap.user.searchfilter</name>
+		<value>(uid={0})</value>
+		<description></description>
+	</property>
+	<property>
+		<name>ranger.ldap.ad.user.searchfilter</name>
+		<value>(sAMAccountName={0})</value>
+		<description></description>
+	</property>
 </configuration>


Mime
View raw message