ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From v..@apache.org
Subject incubator-ranger git commit: RANGER-1008: Catching & logging any exceptions while performing ldap search and continuing the usersync
Date Thu, 02 Jun 2016 05:07:06 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master f9300ca97 -> c59ea527f


RANGER-1008: Catching & logging any exceptions while performing ldap search and continuing
the usersync

Signed-off-by: Velmurugan Periasamy <vel@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c59ea527
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c59ea527
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c59ea527

Branch: refs/heads/master
Commit: c59ea527f5f878dae128c095d737d53a8fbd4ff4
Parents: f9300ca
Author: Sailaja Polavarapu <spolavarapu@hortonworks.com>
Authored: Tue May 31 16:28:55 2016 -0700
Committer: Velmurugan Periasamy <vel@apache.org>
Committed: Thu Jun 2 01:06:49 2016 -0400

----------------------------------------------------------------------
 .../process/LdapUserGroupBuilder.java           | 200 ++++++++++---------
 .../ranger/usergroupsync/LdapUserGroupTest.java |  38 ++++
 2 files changed, 143 insertions(+), 95 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c59ea527/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 0b76883..bb9cf88 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -385,6 +385,7 @@ public class LdapUserGroupBuilder extends AbstractUserGroupSource {
 			for (int ou=0; ou<userSearchBase.length; ou++) {
 				byte[] cookie = null;
 				int counter = 0;
+				try {
 				do {
 					userSearchResultEnum = ldapContext
 							.search(userSearchBase[ou], extendedUserSearchFilter,
@@ -559,7 +560,11 @@ public class LdapUserGroupBuilder extends AbstractUserGroupSource {
 				} while (cookie != null);
 				LOG.info("LDAPUserGroupBuilder.getUsers() completed with user count: "
 						+ counter);
-
+				} catch (Throwable t) {
+					LOG.error("LDAPUserGroupBuilder.getUsers() failed with exception: " + t);
+					LOG.info("LDAPUserGroupBuilder.getUsers() user count: "
+							+ counter);
+				}
 			}
 
 		} finally {
@@ -586,115 +591,120 @@ public class LdapUserGroupBuilder extends AbstractUserGroupSource
{
 			for (int ou=0; ou<groupSearchBase.length; ou++) {
 				byte[] cookie = null;
 				int counter = 0;
-				do {
-					if (!groupSearchFirstEnabled) {
-						if (userInfo == null) {
-							// Should never reach this.
-							LOG.error("No user information provided for group search!");
-							return;
-						}
-						groupSearchResultEnum = ldapContext
-								.search(groupSearchBase[ou], extendedGroupSearchFilter,
-										new Object[]{userInfo.getUserFullName(), userInfo.getUserName()},
-										groupSearchControls);
-					} else {
-						// If group based search is enabled, then first retrieve all the groups based on the
group configuration. 
-						groupSearchResultEnum = ldapContext
-								.search(groupSearchBase[ou], extendedAllGroupsSearchFilter,
-										groupSearchControls);
-					}
-					while (groupSearchResultEnum.hasMore()) {
-						final SearchResult groupEntry = groupSearchResultEnum.next();
-						if (groupEntry != null) {
-							counter++;
-							Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
-							if (groupNameAttr == null) {
-								if (LOG.isInfoEnabled())  {
-									LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace()
+
-											", skipping sync");
-								}
-								continue;
+				try {
+					do {
+						if (!groupSearchFirstEnabled) {
+							if (userInfo == null) {
+								// Should never reach this.
+								LOG.error("No user information provided for group search!");
+								return;
 							}
-							String gName = (String) groupNameAttr.get();
-							if (groupNameCaseConversionFlag) {
-								if (groupNameLowerCaseFlag) {
-									gName = gName.toLowerCase();
-								} else {
-									gName = gName.toUpperCase();
+							groupSearchResultEnum = ldapContext
+									.search(groupSearchBase[ou], extendedGroupSearchFilter,
+											new Object[]{userInfo.getUserFullName(), userInfo.getUserName()},
+											groupSearchControls);
+						} else {
+							// If group based search is enabled, then first retrieve all the groups based on the
group configuration. 
+							groupSearchResultEnum = ldapContext
+									.search(groupSearchBase[ou], extendedAllGroupsSearchFilter,
+											groupSearchControls);
+						}
+						while (groupSearchResultEnum.hasMore()) {
+							final SearchResult groupEntry = groupSearchResultEnum.next();
+							if (groupEntry != null) {
+								counter++;
+								Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute);
+								if (groupNameAttr == null) {
+									if (LOG.isInfoEnabled())  {
+										LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace()
+
+												", skipping sync");
+									}
+									continue;
 								}
-							}
-							if (groupNameRegExInst != null) {
-								gName = groupNameRegExInst.transform(gName);
-							}
-							if (!groupSearchFirstEnabled) {
-								//computedGroups.add(gName);
-								if (LOG.isInfoEnabled())  {
-									LOG.info("computed groups for user: " + userInfo.getUserName() +", groups: " + gName);
+								String gName = (String) groupNameAttr.get();
+								if (groupNameCaseConversionFlag) {
+									if (groupNameLowerCaseFlag) {
+										gName = gName.toLowerCase();
+									} else {
+										gName = gName.toUpperCase();
+									}
 								}
-								userInfo.addGroup(gName);
-							} else {
-								// If group based search is enabled, then
-								// update the group name to ranger admin
-								// check for group members and populate userInfo object with user's full name and
group mapping
-								Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
-								LOG.debug("Update Ranger admin with " + gName);
-								sink.addOrUpdateGroup(gName);
-								int userCount = 0;
-								if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
-									LOG.info("No members available for " + gName);
-									continue;
+								if (groupNameRegExInst != null) {
+									gName = groupNameRegExInst.transform(gName);
 								}
-								NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
-								while (userEnum.hasMore()) {
-									String originalUserFullName = (String) userEnum.next();
-									if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
+								if (!groupSearchFirstEnabled) {
+									//computedGroups.add(gName);
+									if (LOG.isInfoEnabled())  {
+										LOG.info("computed groups for user: " + userInfo.getUserName() +", groups: " +
gName);
+									}
+									userInfo.addGroup(gName);
+								} else {
+									// If group based search is enabled, then
+									// update the group name to ranger admin
+									// check for group members and populate userInfo object with user's full name and
group mapping
+									Attribute groupMemberAttr = groupEntry.getAttributes().get(groupMemberAttributeName);
+									LOG.debug("Update Ranger admin with " + gName);
+									sink.addOrUpdateGroup(gName);
+									int userCount = 0;
+									if (groupMemberAttr == null || groupMemberAttr.size() <= 0) {
+										LOG.info("No members available for " + gName);
 										continue;
 									}
-									String userFullName = originalUserFullName.toLowerCase();
-									userCount++;
-									if (!userGroupMap.containsKey(userFullName)) {
-										userInfo = new UserInfo(userFullName, originalUserFullName); // Preserving the
original full name for later
-										userGroupMap.put(userFullName, userInfo);
-									} else {
-										userInfo = userGroupMap.get(userFullName);
+									NamingEnumeration<?> userEnum = groupMemberAttr.getAll();
+									while (userEnum.hasMore()) {
+										String originalUserFullName = (String) userEnum.next();
+										if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) {
+											continue;
+										}
+										String userFullName = originalUserFullName.toLowerCase();
+										userCount++;
+										if (!userGroupMap.containsKey(userFullName)) {
+											userInfo = new UserInfo(userFullName, originalUserFullName); // Preserving the
original full name for later
+											userGroupMap.put(userFullName, userInfo);
+										} else {
+											userInfo = userGroupMap.get(userFullName);
+										}
+										LOG.info("Adding " + gName + " to user " + userInfo.getUserFullName());
+										userInfo.addGroup(gName);
 									}
-									LOG.info("Adding " + gName + " to user " + userInfo.getUserFullName());
-									userInfo.addGroup(gName);
+									LOG.info("No. of members in the group " + gName + " = " + userCount);
 								}
-								LOG.info("No. of members in the group " + gName + " = " + userCount);
 							}
 						}
-					}
-					// Examine the paged results control response
-					Control[] controls = ldapContext.getResponseControls();
-					if (controls != null) {
-						for (int i = 0; i < controls.length; i++) {
-							if (controls[i] instanceof PagedResultsResponseControl) {
-								PagedResultsResponseControl prrc =
-										(PagedResultsResponseControl)controls[i];
-								total = prrc.getResultSize();
-								if (total != 0) {
-									LOG.debug("END-OF-PAGE total : " + total);
-								} else {
-									LOG.debug("END-OF-PAGE total : unknown");
+						// Examine the paged results control response
+						Control[] controls = ldapContext.getResponseControls();
+						if (controls != null) {
+							for (int i = 0; i < controls.length; i++) {
+								if (controls[i] instanceof PagedResultsResponseControl) {
+									PagedResultsResponseControl prrc =
+											(PagedResultsResponseControl)controls[i];
+									total = prrc.getResultSize();
+									if (total != 0) {
+										LOG.debug("END-OF-PAGE total : " + total);
+									} else {
+										LOG.debug("END-OF-PAGE total : unknown");
+									}
+									cookie = prrc.getCookie();
 								}
-								cookie = prrc.getCookie();
 							}
+						} else {
+							LOG.debug("No controls were sent from the server");
 						}
-					} else {
-						LOG.debug("No controls were sent from the server");
-					}
-					// Re-activate paged results
-					if (pagedResultsEnabled)   {
-						ldapContext.setRequestControls(new Control[]{
-								new PagedResultsControl(PAGE_SIZE, cookie, Control.CRITICAL) });
-					}
-				} while (cookie != null);
-				LOG.info("LDAPUserGroupBuilder.getGroups() completed with group count: "
-						+ counter);
+						// Re-activate paged results
+						if (pagedResultsEnabled)   {
+							ldapContext.setRequestControls(new Control[]{
+									new PagedResultsControl(PAGE_SIZE, cookie, Control.CRITICAL) });
+						}
+					} while (cookie != null);
+					LOG.info("LDAPUserGroupBuilder.getGroups() completed with group count: "
+							+ counter);
+				} catch (Throwable t) {
+					LOG.error("LDAPUserGroupBuilder.getGroups() failed with exception: " + t);
+					LOG.info("LDAPUserGroupBuilder.getGroups() group count: "
+							+ counter);
+				}
 			}
 
-
 		} finally {
 			if (groupSearchResultEnum != null) {
 				groupSearchResultEnum.close();

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c59ea527/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java
----------------------------------------------------------------------
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java
index 4355c4d..673a88e 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java
+++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java
@@ -515,6 +515,44 @@ public class LdapUserGroupTest extends AbstractLdapTestUnit{
 			assertFalse(group.contains("="));
 		}
 	}
+	
+	@Test
+	public void testGBWithInvalidOU() throws Throwable {
+		config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;");
+		config.setUserSearchFilter("cn=User*");
+		config.setGroupSearchBase("OU=HdpGroup1,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com");
+		config.setGroupSearchFilter("cn=*Group10");
+		config.setUserGroupMemberAttributeName("member");
+		config.setUserObjectClass("organizationalPerson");
+		config.setGroupObjectClass("groupOfNames");
+		config.setGroupSearchFirstEnabled(true);
+		config.setUserSearchEnabled(false);
+		ldapBuilder.init();
+		PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest();
+		sink.init();
+		ldapBuilder.updateSink(sink);
+		assertEquals(1, sink.getTotalUsers());
+		assertEquals(1, sink.getTotalGroups());
+	}
+	
+	@Test
+	public void testMultipleOUInvalidOU() throws Throwable {
+		config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers1,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com");
+		config.setUserSearchFilter("cn=*");
+		config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups1,DC=ranger,DC=qe,DC=hortonworks,DC=com");
+		config.setGroupSearchFilter("cn=*");
+		config.setUserGroupMemberAttributeName("member");
+		config.setUserObjectClass("organizationalPerson");
+		config.setGroupObjectClass("groupOfNames");
+		config.setGroupSearchEnabled(true);
+		config.setGroupSearchFirstEnabled(false);
+		ldapBuilder.init();
+		PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest();
+		sink.init();
+		ldapBuilder.updateSink(sink);
+		assertEquals(110, sink.getTotalUsers());
+		assertEquals(0, sink.getTotalGroups());
+	}
 
 	@After
 	public void shutdown() throws Exception {


Mime
View raw message