You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sw...@apache.org on 2013/06/26 07:16:20 UTC
svn commit: r1496736 - in /incubator/ambari/trunk/ambari-server:
sbin/ambari-server src/main/python/ambari-server.py
src/test/python/TestAmbaryServer.py
Author: swagle
Date: Wed Jun 26 05:16:20 2013
New Revision: 1496736
URL: http://svn.apache.org/r1496736
Log:
AMBARI-2490. Issues with setup ldap. (swagle)
Modified:
incubator/ambari/trunk/ambari-server/sbin/ambari-server
incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py
incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py
Modified: incubator/ambari/trunk/ambari-server/sbin/ambari-server
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/sbin/ambari-server?rev=1496736&r1=1496735&r2=1496736&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-server/sbin/ambari-server (original)
+++ incubator/ambari/trunk/ambari-server/sbin/ambari-server Wed Jun 26 05:16:20 2013
@@ -99,7 +99,7 @@ case "$1" in
$PYTHON /usr/sbin/ambari-server.py $@
;;
setup-ldap)
- echo -e "Setting up ldap properties"
+ echo -e "Setting up LDAP properties..."
$PYTHON /usr/sbin/ambari-server.py $@
;;
resetmasterkey)
Modified: incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py?rev=1496736&r1=1496735&r2=1496736&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py (original)
+++ incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py Wed Jun 26 05:16:20 2013
@@ -1224,7 +1224,7 @@ def configure_database_password(isSecure
if isSecure:
retCode = save_passwd_for_alias(JDBC_RCA_PASSWORD_ALIAS, password, masterKey)
if retCode != 0:
- print 'Saving secure database password failed.'
+ print 'Failed to save secure LDAP password.'
return password, aliasStr
return password, get_alias_string(JDBC_RCA_PASSWORD_ALIAS)
@@ -2288,8 +2288,6 @@ def setup_ldap():
"authentication.ldap.useSSL",
"authentication.ldap.usernameAttribute",
"authentication.ldap.baseDn",
- "authorization.userRoleName",
- "authorization.adminRoleName",
"authentication.ldap.bindAnonymously" ]
ldap_property_list_opt = [ "authentication.ldap.managerDn",
@@ -2300,37 +2298,34 @@ def setup_ldap():
LDAP_USE_SSL_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[2], "false")
LDAP_USER_ATT_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[3], "uid")
LDAP_BASE_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[4])
- LDAP_USER_ROLE_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[5], "user")
- LDAP_ADMIN_ROLE_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[6], "admin")
- LDAP_BIND_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[7], "false")
+ LDAP_BIND_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[5], "false")
LDAP_MGR_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_opt[0])
ldap_properties_map_reqd =\
{
- ldap_property_list_reqd[0]:(LDAP_PRIMARY_URL_DEFAULT, "Primary URL {0}: ".format(get_prompt_default(LDAP_PRIMARY_URL_DEFAULT))),\
- ldap_property_list_reqd[1]:(LDAP_SECONDARY_URL_DEFAULT, "Secondary URL {0}: ".format(get_prompt_default(LDAP_SECONDARY_URL_DEFAULT))),\
- ldap_property_list_reqd[2]:(LDAP_USE_SSL_DEFAULT, "Use SSL [true/false] {0}: ".format(get_prompt_default(LDAP_USE_SSL_DEFAULT))),\
- ldap_property_list_reqd[3]:(LDAP_USER_ATT_DEFAULT, "User name attribute {0}: ".format(get_prompt_default(LDAP_USER_ATT_DEFAULT))),\
- ldap_property_list_reqd[4]:(LDAP_BASE_DN_DEFAULT, "Base DN {0}: ".format(get_prompt_default(LDAP_BASE_DN_DEFAULT))),\
- ldap_property_list_reqd[5]:(LDAP_USER_ROLE_DEFAULT, "User role name {0}: ".format(get_prompt_default(LDAP_USER_ROLE_DEFAULT))),\
- ldap_property_list_reqd[6]:(LDAP_ADMIN_ROLE_DEFAULT, "Admin role name {0}: ".format(get_prompt_default(LDAP_ADMIN_ROLE_DEFAULT))),\
- ldap_property_list_reqd[7]:(LDAP_BIND_DEFAULT, "Bind anonymously [true/false] {0}: ".format(get_prompt_default(LDAP_BIND_DEFAULT))),\
+ ldap_property_list_reqd[0]:(LDAP_PRIMARY_URL_DEFAULT, "Primary URL* {0}: ".format(get_prompt_default(LDAP_PRIMARY_URL_DEFAULT)), False),\
+ ldap_property_list_reqd[1]:(LDAP_SECONDARY_URL_DEFAULT, "Secondary URL {0}: ".format(get_prompt_default(LDAP_SECONDARY_URL_DEFAULT)), True),\
+ ldap_property_list_reqd[2]:(LDAP_USE_SSL_DEFAULT, "Use SSL* [true/false] {0}: ".format(get_prompt_default(LDAP_USE_SSL_DEFAULT)), False),\
+ ldap_property_list_reqd[3]:(LDAP_USER_ATT_DEFAULT, "User name attribute* {0}: ".format(get_prompt_default(LDAP_USER_ATT_DEFAULT)), False),\
+ ldap_property_list_reqd[4]:(LDAP_BASE_DN_DEFAULT, "Base DN* {0}: ".format(get_prompt_default(LDAP_BASE_DN_DEFAULT)), False),\
+ ldap_property_list_reqd[5]:(LDAP_BIND_DEFAULT, "Bind anonymously* [true/false] {0}: ".format(get_prompt_default(LDAP_BIND_DEFAULT)), False)\
}
- print "Input LDAP properties. Hit [Enter] to skip property."
ldap_property_value_map = {}
for key in ldap_property_list_reqd:
input = get_validated_string_input(ldap_properties_map_reqd[key][1],
- ldap_properties_map_reqd[key][0], ".*", "", False, False)
+ ldap_properties_map_reqd[key][0], ".*", "", False,
+ ldap_properties_map_reqd[key][2])
if input is not None and input != "":
ldap_property_value_map[key] = input
bindAnonymously = ldap_property_value_map["authentication.ldap.bindAnonymously"]
- # Ask for manager credentials only if bindAnonymously is true
- if bindAnonymously and bindAnonymously == 'true' or \
- bindAnonymously == 'TRUE' or bindAnonymously == 'True':
- username = get_validated_string_input("Manager DN {0}:".format(
+ anonymous = (bindAnonymously and bindAnonymously.lower() == 'true')
+ password = None
+ # Ask for manager credentials only if bindAnonymously is false
+ if not anonymous:
+ username = get_validated_string_input("Manager DN* {0}:".format(
get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*", "", False, False)
ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username
password = configure_ldap_password()
@@ -2349,18 +2344,19 @@ def setup_ldap():
print("%s: %s" % (property, ldap_property_value_map[property]))
for property in ldap_property_list_opt:
- if property != LDAP_MGR_PASSWORD_PROPERTY:
- print("%s: %s" % (property, ldap_property_value_map[property]))
- else:
- print("%s: %s" % (property, "****"))
+ if ldap_property_value_map.has_key(property):
+ if property != LDAP_MGR_PASSWORD_PROPERTY:
+ print("%s: %s" % (property, ldap_property_value_map[property]))
+ else:
+ print("%s: %s" % (property, "****"))
save_settings = get_YN_input("Save settings [y/n] (y)? ", True)
if save_settings:
- if isSecure:
+ if isSecure and password:
retCode = save_passwd_for_alias(LDAP_MGR_PASSWORD_ALIAS, password, masterKey)
if retCode != 0:
- print 'Saving secure ldap password failed.'
+ print 'Failed to save secure LDAP password.'
return retCode
ldap_property_value_map[CLIENT_SECURITY_KEY] = 'ldap'
# Persisting values
@@ -2575,7 +2571,7 @@ def save_master_key(master_key, key_loca
def configure_ldap_password():
passwordDefault = ""
- passwordPrompt = 'Enter LDAP Password: '
+ passwordPrompt = 'Enter Manager Password*: '
passwordPattern = ".*"
passwordDescr = "Invalid characters in password."
Modified: incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py?rev=1496736&r1=1496735&r2=1496736&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py (original)
+++ incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py Wed Jun 26 05:16:20 2013
@@ -2927,7 +2927,7 @@ class TestAmbariServer(TestCase):
def side_effect(*args, **kwargs):
if 'Bind anonymously' in args[0]:
- return 'true'
+ return 'false'
if args[1] == "true" or args[1] == "false":
return args[1]
else:
@@ -2944,9 +2944,7 @@ class TestAmbariServer(TestCase):
"authentication.ldap.useSSL" : "false",
"authentication.ldap.usernameAttribute" : "test",
"authentication.ldap.baseDn" : "test",
- "authorization.userRoleName" : "test",
- "authorization.adminRoleName" : "test",
- "authentication.ldap.bindAnonymously" : "true",
+ "authentication.ldap.bindAnonymously" : "false",
"authentication.ldap.managerDn" : "test",
"authentication.ldap.managerPassword" : \
'${alias=ambari.ldap.manager.password}',