You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ds...@apache.org on 2015/08/04 14:07:08 UTC
ambari git commit: AMBARI-12627 Ambari 2.0 -> 2.1 LDAP: error code 12
(dsen)
Repository: ambari
Updated Branches:
refs/heads/trunk d7b3ec8e1 -> f3638bd83
AMBARI-12627 Ambari 2.0 -> 2.1 LDAP: error code 12 (dsen)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f3638bd8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f3638bd8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f3638bd8
Branch: refs/heads/trunk
Commit: f3638bd83a6f2445421e03b2f99eb051873e41b6
Parents: d7b3ec8
Author: Dmytro Sen <ds...@apache.org>
Authored: Tue Aug 4 15:05:59 2015 +0300
Committer: Dmytro Sen <ds...@apache.org>
Committed: Tue Aug 4 15:05:59 2015 +0300
----------------------------------------------------------------------
.../server/configuration/Configuration.java | 16 ++++++---
.../internal/LdapSyncEventResourceProvider.java | 5 +++
.../authorization/LdapServerProperties.java | 15 ++++++++
.../security/ldap/AmbariLdapDataPopulator.java | 11 ++++--
.../ldap/AmbariLdapDataPopulatorTest.java | 38 +++++++++++++++++++-
5 files changed, 77 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/f3638bd8/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 50fc6a6..87cc7a4 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -161,6 +161,7 @@ public class Configuration {
public static final String LDAP_ADMIN_GROUP_MAPPING_RULES_KEY = "authorization.ldap.adminGroupMappingRules";
public static final String LDAP_GROUP_SEARCH_FILTER_KEY = "authorization.ldap.groupSearchFilter";
public static final String LDAP_REFERRAL_KEY = "authentication.ldap.referral";
+ public static final String LDAP_PAGINATION_ENABLED_KEY = "authentication.ldap.pagination.enabled";
public static final String SERVER_EC_CACHE_SIZE = "server.ecCacheSize";
public static final String SERVER_STALE_CONFIG_CACHE_ENABLED_KEY = "server.cache.isStale.enabled";
public static final String SERVER_PERSISTENCE_TYPE_KEY = "server.persistence.type";
@@ -336,6 +337,7 @@ public class Configuration {
private static final int CLIENT_API_PORT_DEFAULT = 8080;
private static final int CLIENT_API_SSL_PORT_DEFAULT = 8443;
private static final String LDAP_BIND_ANONYMOUSLY_DEFAULT = "true";
+ private static final String LDAP_PAGINATION_ENABLED_DEFAULT = "true";
/**
* Indicator for sys prepped host
@@ -1151,9 +1153,12 @@ public class Configuration {
ldapServerProperties.setUsernameAttribute(properties.
getProperty(LDAP_USERNAME_ATTRIBUTE_KEY, LDAP_USERNAME_ATTRIBUTE_DEFAULT));
- ldapServerProperties.setUserBase(properties.getProperty(LDAP_USER_BASE_KEY, LDAP_USER_BASE_DEFAULT));
- ldapServerProperties.setUserObjectClass(properties.getProperty(LDAP_USER_OBJECT_CLASS_KEY, LDAP_USER_OBJECT_CLASS_DEFAULT));
- ldapServerProperties.setDnAttribute(properties.getProperty(LDAP_DN_ATTRIBUTE_KEY, LDAP_DN_ATTRIBUTE_DEFAULT));
+ ldapServerProperties.setUserBase(properties.getProperty(
+ LDAP_USER_BASE_KEY, LDAP_USER_BASE_DEFAULT));
+ ldapServerProperties.setUserObjectClass(properties.getProperty(
+ LDAP_USER_OBJECT_CLASS_KEY, LDAP_USER_OBJECT_CLASS_DEFAULT));
+ ldapServerProperties.setDnAttribute(properties.getProperty(
+ LDAP_DN_ATTRIBUTE_KEY, LDAP_DN_ATTRIBUTE_DEFAULT));
ldapServerProperties.setGroupBase(properties.
getProperty(LDAP_GROUP_BASE_KEY, LDAP_GROUP_BASE_DEFAULT));
@@ -1167,7 +1172,10 @@ public class Configuration {
LDAP_ADMIN_GROUP_MAPPING_RULES_KEY, LDAP_ADMIN_GROUP_MAPPING_RULES_DEFAULT));
ldapServerProperties.setGroupSearchFilter(properties.getProperty(
LDAP_GROUP_SEARCH_FILTER_KEY, LDAP_GROUP_SEARCH_FILTER_DEFAULT));
- ldapServerProperties.setReferralMethod(properties.getProperty(LDAP_REFERRAL_KEY, LDAP_REFERRAL_DEFAULT));
+ ldapServerProperties.setReferralMethod(properties.getProperty(
+ LDAP_REFERRAL_KEY, LDAP_REFERRAL_DEFAULT));
+ ldapServerProperties.setPaginationEnabled("true".equalsIgnoreCase(
+ properties.getProperty(LDAP_PAGINATION_ENABLED_KEY, LDAP_PAGINATION_ENABLED_DEFAULT)));
if (properties.containsKey(LDAP_GROUP_BASE_KEY) ||
properties.containsKey(LDAP_GROUP_OBJECT_CLASS_KEY) ||
http://git-wip-us.apache.org/repos/asf/ambari/blob/f3638bd8/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java
index 059a228..52f7c94 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java
@@ -37,6 +37,7 @@ import org.apache.ambari.server.security.ldap.LdapBatchDto;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.naming.OperationNotSupportedException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
@@ -425,6 +426,10 @@ public class LdapSyncEventResourceProvider extends AbstractControllerResourcePro
} catch (Exception e) {
event.setStatus(LdapSyncEventEntity.Status.ERROR);
String msg = "Caught exception running LDAP sync. ";
+ if (e.getCause() instanceof OperationNotSupportedException) {
+ msg += "LDAP server may not support search results pagination. " +
+ "Try to turn the pagination off.";
+ }
event.setStatusDetail(msg + e.getMessage());
LOG.error(msg, e);
} finally {
http://git-wip-us.apache.org/repos/asf/ambari/blob/f3638bd8/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
index df314f1..f28ee50 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
@@ -55,6 +55,9 @@ public class LdapServerProperties {
private String groupSearchFilter;
private static final String userSearchFilter = "({attribute}={0})";
+ //LDAP pagination properties
+ private boolean paginationEnabled = true;
+
public List<String> getLdapUrls() {
String protocol = useSsl ? "ldaps://" : "ldap://";
@@ -234,6 +237,14 @@ public class LdapServerProperties {
return referralMethod;
}
+ public boolean isPaginationEnabled() {
+ return paginationEnabled;
+ }
+
+ public void setPaginationEnabled(boolean paginationEnabled) {
+ this.paginationEnabled = paginationEnabled;
+ }
+
@Override
public boolean equals(Object obj) {
if (this == obj) return true;
@@ -271,6 +282,10 @@ public class LdapServerProperties {
that.dnAttribute) : that.dnAttribute != null) return false;
if (referralMethod != null ? !referralMethod.equals(that.referralMethod) : that.referralMethod != null) return false;
+ if (groupMappingEnabled != that.isGroupMappingEnabled()) return false;
+
+ if (paginationEnabled != that.isPaginationEnabled()) return false;
+
return true;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/f3638bd8/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
index 1d8fca1..103cfcb 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
@@ -42,6 +42,7 @@ import org.springframework.ldap.control.PagedResultsDirContextProcessor;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextProcessor;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.filter.AndFilter;
@@ -543,14 +544,18 @@ public class AmbariLdapDataPopulator {
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
LdapUserContextMapper ldapUserContextMapper = new LdapUserContextMapper(ldapServerProperties);
String encodedFilter = filter.encode();
-
+
do {
- for (Object dto : ldapTemplate.search(baseDn, encodedFilter, searchControls, ldapUserContextMapper, processor)) {
+ List dtos = configuration.getLdapServerProperties().isPaginationEnabled() ?
+ ldapTemplate.search(baseDn, encodedFilter, searchControls, ldapUserContextMapper, processor) :
+ ldapTemplate.search(baseDn, encodedFilter, searchControls, ldapUserContextMapper);
+ for (Object dto : dtos) {
if (dto != null) {
users.add((LdapUserDto)dto);
}
}
- } while (processor.getCookie().getCookie() != null);
+ } while (configuration.getLdapServerProperties().isPaginationEnabled()
+ && processor.getCookie().getCookie() != null);
return users;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/f3638bd8/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
index fba56f9..3f4f7b5 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
@@ -42,7 +42,6 @@ import org.apache.ambari.server.security.authorization.Users;
import org.easymock.Capture;
import org.easymock.EasyMock;
import org.easymock.IAnswer;
-import org.junit.Ignore;
import org.junit.Test;
import org.springframework.ldap.control.PagedResultsCookie;
import org.springframework.ldap.control.PagedResultsDirContextProcessor;
@@ -1493,6 +1492,7 @@ public class AmbariLdapDataPopulatorTest {
list.add(dto);
expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).anyTimes();
+ expect(ldapServerProperties.isPaginationEnabled()).andReturn(true).anyTimes();
expect(ldapServerProperties.getUserObjectClass()).andReturn("objectClass").anyTimes();
expect(ldapServerProperties.getDnAttribute()).andReturn("dn").anyTimes();
expect(ldapServerProperties.getBaseDN()).andReturn("baseDN").anyTimes();
@@ -1514,6 +1514,42 @@ public class AmbariLdapDataPopulatorTest {
}
@Test
+ public void testGetLdapUserByMemberAttrNoPagination() throws Exception {
+
+ Configuration configuration = createNiceMock(Configuration.class);
+ Users users = createNiceMock(Users.class);
+ LdapTemplate ldapTemplate = createNiceMock(LdapTemplate.class);
+ LdapServerProperties ldapServerProperties = createNiceMock(LdapServerProperties.class);
+ Capture<ContextMapper> contextMapperCapture = new Capture<ContextMapper>();
+ Capture<SearchControls> searchControlsCapture = new Capture<SearchControls>();
+ PagedResultsDirContextProcessor processor = createNiceMock(PagedResultsDirContextProcessor.class);
+ PagedResultsCookie cookie = createNiceMock(PagedResultsCookie.class);
+ LdapUserDto dto = new LdapUserDto();
+
+ List<LdapUserDto> list = new LinkedList<LdapUserDto>();
+ list.add(dto);
+
+ expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).anyTimes();
+ expect(ldapServerProperties.isPaginationEnabled()).andReturn(false).anyTimes();
+ expect(ldapServerProperties.getUserObjectClass()).andReturn("objectClass").anyTimes();
+ expect(ldapServerProperties.getDnAttribute()).andReturn("dn").anyTimes();
+ expect(ldapServerProperties.getBaseDN()).andReturn("baseDN").anyTimes();
+
+ expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(|(dn=foo)(uid=foo)))"), anyObject(SearchControls.class), capture(contextMapperCapture))).andReturn(list);
+
+ replay(ldapTemplate, ldapServerProperties, users, configuration, processor, cookie);
+
+ AmbariLdapDataPopulatorTestInstance populator = new AmbariLdapDataPopulatorTestInstance(configuration, users);
+
+ populator.setLdapTemplate(ldapTemplate);
+ populator.setProcessor(processor);
+
+ assertEquals(dto, populator.getLdapUserByMemberAttr("foo"));
+
+ verify(ldapTemplate, ldapServerProperties, users, configuration, processor, cookie);
+ }
+
+ @Test
public void testLdapUserContextMapper_uidIsNull() throws Exception {
LdapServerProperties ldapServerProperties = createNiceMock(LdapServerProperties.class);
expect(ldapServerProperties.getUsernameAttribute()).andReturn("cn").once();