You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by al...@apache.org on 2015/09/03 20:40:40 UTC
ambari git commit: AMBARI-12896. Add LDAP / AD bind properties for
Ranger (Gautam Borad via alejandro)
Repository: ambari
Updated Branches:
refs/heads/trunk 3e0b8f07c -> b8a38d766
AMBARI-12896. Add LDAP / AD bind properties for Ranger (Gautam Borad via alejandro)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b8a38d76
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b8a38d76
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b8a38d76
Branch: refs/heads/trunk
Commit: b8a38d766ec0994c5859ba0ae490d5ecd4156d10
Parents: 3e0b8f0
Author: Alejandro Fernandez <af...@hortonworks.com>
Authored: Thu Sep 3 11:40:26 2015 -0700
Committer: Alejandro Fernandez <af...@hortonworks.com>
Committed: Thu Sep 3 11:40:26 2015 -0700
----------------------------------------------------------------------
.../RANGER/configuration/ranger-admin-site.xml | 62 +++++++++
.../RANGER/configuration/ranger-ugsync-site.xml | 6 +
ambari-web/app/data/HDP2.3/site_properties.js | 132 ++++++++++++++++++-
3 files changed, 198 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/b8a38d76/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
index 3ccfaa1..57d21dd 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
@@ -159,12 +159,43 @@
</property>
<property>
+ <name>ranger.ldap.user.searchfilter</name>
+ <value>(uid={0})</value>
+ <description>Search filter used for Bind Authentication</description>
+ </property>
+
+ <property>
<name>ranger.ldap.group.roleattribute</name>
<value>cn</value>
<description></description>
</property>
<property>
+ <name>ranger.ldap.base.dn</name>
+ <value>dc=example,dc=com</value>
+ <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+ </property>
+
+ <property>
+ <name>ranger.ldap.bind.dn</name>
+ <value>cn=adadmin,cn=Users,dc=example,dc=com</value>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description>
+ </property>
+
+ <property>
+ <name>ranger.ldap.bind.password</name>
+ <value></value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the account that can search for users</description>
+ </property>
+
+ <property>
+ <name>ranger.ldap.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
+ </property>
+
+ <property>
<name>ranger.ldap.ad.domain</name>
<value>localhost</value>
<description></description>
@@ -177,6 +208,37 @@
</property>
<property>
+ <name>ranger.ldap.ad.base.dn</name>
+ <value>dc=example,dc=com</value>
+ <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+ </property>
+
+ <property>
+ <name>ranger.ldap.ad.bind.dn</name>
+ <value>cn=adadmin,cn=Users,dc=example,dc=com</value>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description>
+ </property>
+
+ <property>
+ <name>ranger.ldap.ad.bind.password</name>
+ <value></value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the account that can search for users</description>
+ </property>
+
+ <property>
+ <name>ranger.ldap.ad.user.searchfilter</name>
+ <value>(sAMAccountName={0})</value>
+ <description>Search filter used for Bind Authentication</description>
+ </property>
+
+ <property>
+ <name>ranger.ldap.ad.referral</name>
+ <value>ignore</value>
+ <description>"Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed"</description>
+ </property>
+
+ <property>
<name>ranger.jpa.audit.jdbc.driver</name>
<value>{{ranger_jdbc_driver}}</value>
<description></description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/b8a38d76/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
index eb27958..d7dce19 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
@@ -190,6 +190,12 @@
</property>
<property>
+ <name>ranger.usersync.ldap.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
+ </property>
+
+ <property>
<name>ranger.usersync.ldap.user.groupnameattribute</name>
<value>memberof, ismemberof</value>
<description></description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/b8a38d76/ambari-web/app/data/HDP2.3/site_properties.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2.3/site_properties.js b/ambari-web/app/data/HDP2.3/site_properties.js
index 2d62270..5a25ecb 100644
--- a/ambari-web/app/data/HDP2.3/site_properties.js
+++ b/ambari-web/app/data/HDP2.3/site_properties.js
@@ -39,8 +39,18 @@ var excludedConfigs = [
'xa_ldap_groupSearchBase',
'xa_ldap_groupSearchFilter',
'xa_ldap_groupRoleAttribute',
+ 'ranger.ldap.base.dn',
+ 'ranger.ldap.bind.dn',
+ 'ranger.ldap.bind.password',
+ 'ranger.ldap.referral',
+ 'xa_ldap_userSearchFilter',
'xa_ldap_ad_domain',
'xa_ldap_ad_url',
+ 'ranger.ldap.ad.base.dn',
+ 'ranger.ldap.ad.bind.dn',
+ 'ranger.ldap.ad.bind.password',
+ 'ranger.ldap.ad.referral',
+ 'xa_ldap_ad_userSearchFilter',
'policymgr_http_enabled',
'policymgr_external_url',
'hbase.regionserver.global.memstore.lowerLimit',
@@ -590,11 +600,11 @@ hdp23properties.push({
"options": [
{
displayName: 'LDAP',
- foreignKeys: ['ranger.ldap.group.roleattribute', 'ranger.ldap.url', 'ranger.ldap.user.dnpattern']
+ foreignKeys: ['ranger.ldap.group.roleattribute', 'ranger.ldap.url', 'ranger.ldap.user.dnpattern','ranger.ldap.base.dn','ranger.ldap.bind.dn','ranger.ldap.bind.password','ranger.ldap.referral','ranger.ldap.user.searchfilter']
},
{
displayName: 'ACTIVE_DIRECTORY',
- foreignKeys: ['ranger.ldap.ad.domain', 'ranger.ldap.ad.url']
+ foreignKeys: ['ranger.ldap.ad.domain', 'ranger.ldap.ad.url','ranger.ldap.ad.base.dn','ranger.ldap.ad.bind.dn','ranger.ldap.ad.bind.password','ranger.ldap.ad.referral','ranger.ldap.ad.user.searchfilter']
},
{
displayName: 'UNIX',
@@ -695,6 +705,61 @@ hdp23properties.push({
},
{
"id": "site property",
+ "name": "ranger.ldap.base.dn",
+ "displayName": "ranger.ldap.base.dn",
+ "isReconfigurable": true,
+ "isOverridable": false,
+ "isVisible": true,
+ "serviceName": "RANGER",
+ "filename": "ranger-admin-site.xml",
+ "category": "LDAPSettings"
+ },
+ {
+ "id": "site property",
+ "name": "ranger.ldap.bind.dn",
+ "displayName": "ranger.ldap.bind.dn",
+ "isReconfigurable": true,
+ "isOverridable": false,
+ "isVisible": true,
+ "serviceName": "RANGER",
+ "filename": "ranger-admin-site.xml",
+ "category": "LDAPSettings"
+ },
+ {
+ "id": "site property",
+ "name": "ranger.ldap.bind.password",
+ "displayName": "ranger.ldap.bind.password",
+ "isReconfigurable": true,
+ "isOverridable": false,
+ "isVisible": true,
+ "serviceName": "RANGER",
+ "filename": "ranger-admin-site.xml",
+ "category": "LDAPSettings"
+ },
+ {
+ "id": "site property",
+ "name": "ranger.ldap.referral",
+ "displayName": "ranger.ldap.referral",
+ "isReconfigurable": true,
+ "isOverridable": false,
+ "isVisible": true,
+ "serviceName": "RANGER",
+ "filename": "ranger-admin-site.xml",
+ "category": "LDAPSettings"
+ },
+ {
+ "id": "site property",
+ "name": "ranger.ldap.user.searchfilter",
+ "displayName": "ranger.ldap.user.searchfilter",
+ "isReconfigurable": true,
+ "isOverridable": false,
+ "isVisible": true,
+ "serviceName": "RANGER",
+ "filename": "ranger-admin-site.xml",
+ "category": "LDAPSettings"
+ },
+ {
+ "id": "site property",
"name": "ranger.ldap.ad.domain",
"displayName": "ranger.ldap.ad.domain",
"isReconfigurable": true,
@@ -714,6 +779,60 @@ hdp23properties.push({
"serviceName": "RANGER",
"filename": "ranger-admin-site.xml",
"category": "ADSettings"
+ },{
+ "id": "site property",
+ "name": "ranger.ldap.ad.base.dn",
+ "displayName": "ranger.ldap.ad.base.dn",
+ "isReconfigurable": true,
+ "isOverridable": false,
+ "isVisible": true,
+ "serviceName": "RANGER",
+ "filename": "ranger-admin-site.xml",
+ "category": "ADSettings"
+ },
+ {
+ "id": "site property",
+ "name": "ranger.ldap.ad.bind.dn",
+ "displayName": "ranger.ldap.ad.bind.dn",
+ "isReconfigurable": true,
+ "isOverridable": false,
+ "isVisible": true,
+ "serviceName": "RANGER",
+ "filename": "ranger-admin-site.xml",
+ "category": "ADSettings"
+ },
+ {
+ "id": "site property",
+ "name": "ranger.ldap.ad.bind.password",
+ "displayName": "ranger.ldap.ad.bind.password",
+ "isReconfigurable": true,
+ "isOverridable": false,
+ "isVisible": true,
+ "serviceName": "RANGER",
+ "filename": "ranger-admin-site.xml",
+ "category": "ADSettings"
+ },
+ {
+ "id": "site property",
+ "name": "ranger.ldap.ad.referral",
+ "displayName": "ranger.ldap.ad.referral",
+ "isReconfigurable": true,
+ "isOverridable": false,
+ "isVisible": true,
+ "serviceName": "RANGER",
+ "filename": "ranger-admin-site.xml",
+ "category": "ADSettings"
+ },
+ {
+ "id": "site property",
+ "name": "ranger.ldap.ad.user.searchfilter",
+ "displayName": "ranger.ldap.ad.user.searchfilter",
+ "isReconfigurable": true,
+ "isOverridable": false,
+ "isVisible": true,
+ "serviceName": "RANGER",
+ "filename": "ranger-admin-site.xml",
+ "category": "ADSettings"
},
{
"id": "site property",
@@ -826,6 +945,15 @@ hdp23properties.push({
},
{
"id": "site property",
+ "name": "ranger.usersync.ldap.referral",
+ "displayName": "ranger.usersync.ldap.referral",
+ "category": "Advanced ranger-ugsync-site",
+ "isRequired": false,
+ "serviceName": "RANGER",
+ "filename": "ranger-ugsync-site.xml"
+ },
+ {
+ "id": "site property",
"name": "common.name.for.certificate",
"displayName": "common.name.for.certificate",
"category": "Advanced ranger-yarn-plugin-properties",