You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by lp...@apache.org on 2017/10/13 15:54:39 UTC
[11/33] ambari git commit: AMBARI-21307 Draft implementation of the
group related attributes
AMBARI-21307 Draft implementation of the group related attributes
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/86e105f8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/86e105f8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/86e105f8
Branch: refs/heads/feature-branch-AMBARI-21307
Commit: 86e105f8d7ae76318132f2e3ff8f3833c0af14b2
Parents: 8d2e134
Author: lpuskas <lp...@apache.org>
Authored: Tue Aug 8 13:54:29 2017 +0200
Committer: lpuskas <lp...@apache.org>
Committed: Fri Oct 13 17:20:49 2017 +0200
----------------------------------------------------------------------
.../server/ldap/AmbariLdapConfiguration.java | 22 +-
.../ldap/LdapConfigurationValidatorService.java | 34 +--
.../apache/ambari/server/ldap/LdapModule.java | 4 +-
.../server/ldap/service/AmbariLdapFacade.java | 25 +-
.../ldap/service/LdapConnectionService.java | 35 +++
.../ambari/server/ldap/service/LdapFacade.java | 9 +-
.../ad/AdLdapConfigurationValidatorService.java | 177 --------------
...efaultLdapConfigurationValidatorService.java | 232 +++++++++++++++++++
.../ad/DefaultLdapConnectionService.java | 63 +++++
.../service/ad/LdapConfigurationConverter.java | 50 ----
...AdLdapConfigurationValidatorServiceTest.java | 129 -----------
...ltLdapConfigurationValidatorServiceTest.java | 156 +++++++++++++
12 files changed, 552 insertions(+), 384 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
index 519f400..a6ff80b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
@@ -53,7 +53,7 @@ public class AmbariLdapConfiguration {
GROUP_OBJECT_CLASS("ambari.ldap.group.object.class"),
GROUP_NAME_ATTRIBUTE("ambari.ldap.group.name.attribute"),
GROUP_MEMBER_ATTRIBUTE("ambari.ldap.group.member.attribute"),
- GROUP_SEARCH_BASE("ambari.ldap.group.member.attribute"),
+ GROUP_SEARCH_BASE("ambari.ldap.group.search.base"),
DN_ATTRIBUTE("authentication.ldap.dnAttribute");
private String propertyName;
@@ -126,4 +126,24 @@ public class AmbariLdapConfiguration {
return (String) configurationValue(LdapConfigProperty.USER_NAME_ATTRIBUTE);
}
+ public String userSearchBase() {
+ return (String) configurationValue(LdapConfigProperty.USER_SEARCH_BASE);
+ }
+
+ public String groupObjectClass() {
+ return (String) configurationValue(LdapConfigProperty.GROUP_OBJECT_CLASS);
+ }
+
+ public String groupNameAttribute() {
+ return (String) configurationValue(LdapConfigProperty.GROUP_NAME_ATTRIBUTE);
+ }
+
+ public String groupMemberAttribute() {
+ return (String) configurationValue(LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE);
+ }
+
+ public String groupSearchBase() {
+ return (String) configurationValue(LdapConfigProperty.GROUP_SEARCH_BASE);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java
index 4667721..7efa3b7 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapConfigurationValidatorService.java
@@ -14,8 +14,11 @@
package org.apache.ambari.server.ldap;
+import java.util.Set;
+
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.ldap.service.AmbariLdapException;
+import org.apache.directory.ldap.client.api.LdapConnection;
/**
* Collection of operations for validating ldap configuration.
@@ -26,27 +29,32 @@ public interface LdapConfigurationValidatorService {
/**
* Tests the connection based on the provided configuration.
*
- * @param configuration the ambari ldap configuration instance
+ * @param ldapConnection connection instance
+ * @param configuration the ambari ldap configuration instance
* @throws AmbariLdapException if the connection is not possible
*/
- void checkConnection(AmbariLdapConfiguration configuration) throws AmbariLdapException;
+ void checkConnection(LdapConnection ldapConnection, AmbariLdapConfiguration configuration) throws AmbariLdapException;
+
/**
- * Checks whether the group related LDAP attributes in the configuration are correct.
+ * Implements LDAP user related configuration settings validation logic.
+ * Implementers communicate with the LDAP server (search, bind) to validate attributes in the provided configuration
+ * instance
*
- * @param configuration the configuration instance holding the available properties
- * @throws AmbariException if the attributes are not valid
+ * @param ldapConnection connection instance used to connect to the LDAP server
+ * @param testUserName the test username
+ * @param testPassword the test password
+ * @param configuration the available ldap configuration
+ * @return The DN of the found user entry
+ * @throws AmbariException if the connection couldn't be estabilisheds
*/
- void checkGroupAttributes(AmbariLdapConfiguration configuration) throws AmbariException;
+ String checkUserAttributes(LdapConnection ldapConnection, String testUserName, String testPassword, AmbariLdapConfiguration configuration) throws AmbariLdapException;
/**
- * Tries to connect to the LDAP server with the given credentials.
- * Primarily used for testing the user before performing other operations (eg. attribute detection)s
+ * Checks whether the group related LDAP attributes in the configuration are correct.
*
- * @param username the username
- * @param password the password
- * @param configuration the available ldap configuration
- * @throws AmbariException if the connection couldn't be estabilished
+ * @throws AmbariException if the attributes are not valid
*/
- void checkUserAttributes(String username, String password, AmbariLdapConfiguration configuration) throws AmbariException;
+ Set<String> checkGroupAttributes(LdapConnection ldapConnection, String userDn, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
+
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
index 625ce8b..545f220 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
@@ -17,7 +17,7 @@ package org.apache.ambari.server.ldap;
import org.apache.ambari.server.ldap.service.AmbariLdapFacade;
import org.apache.ambari.server.ldap.service.LdapFacade;
-import org.apache.ambari.server.ldap.service.ad.AdLdapConfigurationValidatorService;
+import org.apache.ambari.server.ldap.service.ad.DefaultLdapConfigurationValidatorService;
import com.google.inject.AbstractModule;
import com.google.inject.assistedinject.FactoryModuleBuilder;
@@ -30,7 +30,7 @@ public class LdapModule extends AbstractModule {
@Override
protected void configure() {
bind(LdapFacade.class).to(AmbariLdapFacade.class);
- bind(LdapConfigurationValidatorService.class).to(AdLdapConfigurationValidatorService.class);
+ bind(LdapConfigurationValidatorService.class).to(DefaultLdapConfigurationValidatorService.class);
install(new FactoryModuleBuilder().build(LdapConfigurationFactory.class));
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
index abd028a..abb464b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
@@ -16,13 +16,14 @@
package org.apache.ambari.server.ldap.service;
import java.util.Map;
+import java.util.Set;
import javax.inject.Inject;
import javax.inject.Singleton;
-import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
+import org.apache.directory.ldap.client.api.LdapConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -51,17 +52,21 @@ public class AmbariLdapFacade implements LdapFacade {
private LdapConfigurationValidatorService ldapConfigurationValidatorService;
@Inject
+ private LdapConnectionService ldapConnectionService;
+
+ @Inject
public AmbariLdapFacade() {
}
@Override
- public void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException {
+ public void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
try {
LOGGER.info("Validating LDAP connection related configuration based on: {}", ambariLdapConfiguration);
- ldapConfigurationValidatorService.checkConnection(ambariLdapConfiguration);
+ LdapConnection connection = ldapConnectionService.createLdapConnection(ambariLdapConfiguration);
+ ldapConfigurationValidatorService.checkConnection(connection, ambariLdapConfiguration);
} catch (AmbariLdapException e) {
LOGGER.error("Validating LDAP connection configuration failed", e);
- throw new AmbariException("Validating LDAP connection configuration failed", e);
+ throw e;
}
LOGGER.info("Validating LDAP connection related configuration: SUCCESS");
}
@@ -74,7 +79,7 @@ public class AmbariLdapFacade implements LdapFacade {
}
@Override
- public void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ldapConfiguration) throws AmbariException {
+ public void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ldapConfiguration) throws AmbariLdapException {
String userName = getTestUserNameFromParameters(parameters);
String testUserPass = getTestUserPasswordFromParameters(parameters);
@@ -82,8 +87,14 @@ public class AmbariLdapFacade implements LdapFacade {
throw new IllegalArgumentException("No test user available for testing LDAP attributes");
}
- LOGGER.info("Testing LDAP attributes with test user: {}", userName);
- ldapConfigurationValidatorService.checkUserAttributes(userName, testUserPass, ldapConfiguration);
+ LdapConnection ldapConnection = ldapConnectionService.createLdapConnection(ldapConfiguration);
+
+ LOGGER.info("Testing LDAP user attributes with test user: {}", userName);
+ String userDn = ldapConfigurationValidatorService.checkUserAttributes(ldapConnection, userName, testUserPass, ldapConfiguration);
+
+ LOGGER.info("Testing LDAP group attributes with test user dn: {}", userDn);
+ Set<String> groups = ldapConfigurationValidatorService.checkGroupAttributes(ldapConnection, userDn, ldapConfiguration);
+
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java
new file mode 100644
index 0000000..50ee8ed
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionService.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.ldap.service;
+
+import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+
+/**
+ * Contract defining factory methods for creating LDAP connection instances.
+ * Implementers contain the logic of creating different connection instances and the afferent boilerplate code.
+ */
+public interface LdapConnectionService {
+
+ /**
+ * Creates an LdapConnection instance based on the provided configuration
+ *
+ * @param ambariLdapConfiguration configuration instance with information for creating the connection instance
+ * @return a set up LdapConnection instance
+ */
+ LdapNetworkConnection createLdapConnection(AmbariLdapConfiguration ambariLdapConfiguration);
+
+
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
index 38553f0..7bb1198 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
@@ -16,7 +16,6 @@ package org.apache.ambari.server.ldap.service;
import java.util.Map;
-import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
/**
@@ -29,9 +28,9 @@ public interface LdapFacade {
* Tests the connection to the LDAP server based on the provided configuration.
*
* @param ambariLdapConfiguration the available ldap related configuration
- * @throws AmbariException if the connection fails or other problems occur during the operation
+ * @throws AmbariLdapException if the connection fails or other problems occur during the operation
*/
- void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException;
+ void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
/**
@@ -46,7 +45,7 @@ public interface LdapFacade {
*
* @param parameters a map of property name and value pairs holding information to facilitate checking the attributes
* @param ambariLdapConfiguration configutration instance with available attributes
- * @throws AmbariException if the attribute checking fails
+ * @throws AmbariLdapException if the attribute checking fails
*/
- void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException;
+ void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java
deleted file mode 100644
index 11e8655..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorService.java
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.ldap.service.ad;
-
-import java.io.IOException;
-import java.util.List;
-
-import javax.inject.Inject;
-import javax.inject.Singleton;
-
-import org.apache.ambari.server.AmbariException;
-import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
-import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
-import org.apache.ambari.server.ldap.service.AmbariLdapException;
-import org.apache.directory.api.ldap.model.cursor.EntryCursor;
-import org.apache.directory.api.ldap.model.cursor.SearchCursor;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.message.SearchScope;
-import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.ldap.client.api.LdapConnectionConfig;
-import org.apache.directory.ldap.client.api.LdapNetworkConnection;
-import org.apache.directory.ldap.client.api.search.FilterBuilder;
-import org.apache.directory.shared.ldap.constants.SchemaConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Lists;
-
-/**
- * Implementation of the validation logic using the Apache Directory API.
- */
-@Singleton
-public class AdLdapConfigurationValidatorService implements LdapConfigurationValidatorService {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(AdLdapConfigurationValidatorService.class);
-
- @Inject
- private LdapConfigurationConverter ldapConfigurationConverter;
-
- /**
- * Facilitating the instantiation
- */
- @Inject
- public AdLdapConfigurationValidatorService() {
- }
-
- @Override
- public void checkConnection(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
- try {
- LOGGER.info("Testing the connection based on the configuration: {}", ambariLdapConfiguration);
-
- LdapConnectionConfig connectionConfig = ldapConfigurationConverter.getLdapConnectionConfig(ambariLdapConfiguration);
- LdapNetworkConnection connection = new LdapNetworkConnection(connectionConfig);
-
- if (ambariLdapConfiguration.bindAnonimously()) {
- LOGGER.debug("Binding anonimously ...");
- connection.bind();
- } else {
- LOGGER.debug("Binding with manager DN and manager password ...");
- connection.bind(ambariLdapConfiguration.managerDn(), ambariLdapConfiguration.managerPassword());
- }
-
- if (connection.isConnected()) {
- LOGGER.info("Successfully connected to the LDAP server.");
- }
-
- connection.close();
-
- } catch (Exception e) {
- LOGGER.warn("Could not bind to the LDAP server base don the provided configuration ...");
- throw new AmbariLdapException(e);
- }
- }
-
-
- /**
- * Checks the user attributes provided in the configuration instance by issuing a search for a (known) test user in the LDAP.
- * Attributes are considered correct if there is at least one entry found.
- *
- * Invalid attributes are signaled by throwing an exception.
- *
- * @param username the username
- * @param password the password
- * @param ambariLdapConfiguration configuration instance holding ldap configuration details
- * @throws AmbariException if the attributes are not valid or any errors occurs
- */
- @Override
- public void checkUserAttributes(String username, String password, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariException {
- LdapNetworkConnection connection = null;
- SearchCursor searchCursor = null;
- try {
- LOGGER.info("Checking user attributes for user {} r ...", username);
-
- LdapConnectionConfig connectionConfig = ldapConfigurationConverter.getLdapConnectionConfig(ambariLdapConfiguration);
- connection = new LdapNetworkConnection(connectionConfig);
-
-
- if (!ambariLdapConfiguration.bindAnonimously()) {
- LOGGER.debug("Anonimous binding not supported, binding with the manager detailas...");
- connection.bind(ambariLdapConfiguration.managerDn(), ambariLdapConfiguration.managerPassword());
- } else {
- LOGGER.debug("Binding anonimously ...");
- connection.bind();
- }
-
- if (!connection.isConnected()) {
- LOGGER.error("Not connected to the LDAP server. Connection instance: {}", connection);
- throw new IllegalStateException("The connection to the LDAP server is not alive");
- }
-
- // set up a filter based on the provided attributes
- String filter = FilterBuilder.and(
- FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()),
- FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), username))
- .toString();
-
- LOGGER.info("Searching for the user: {} using the search filter: {}", username, filter);
- EntryCursor entryCursor = connection.search(new Dn(ambariLdapConfiguration.baseDn()), filter, SearchScope.SUBTREE);
-
- // collecting search result entries
- List<Entry> users = Lists.newArrayList();
- for (Entry entry : entryCursor) {
- users.add(entry);
- }
-
- // there should be at least one user found
- if (users.isEmpty()) {
- String msg = String.format("There are no users found using the filter: [ %s ]. Try changing the attribute values", filter);
- LOGGER.error(msg);
- throw new Exception(msg);
- }
-
- LOGGER.info("Attibute validation succeeded. Filter: {}", filter);
-
- } catch (Exception e) {
-
- LOGGER.error("Error while checking user attributes.");
- throw new AmbariException("Error while checking user attributes", e);
-
- } finally {
-
- LOGGER.debug("Closing the connection and searchresult ...");
-
- if (null != searchCursor) {
- searchCursor.close();
- }
-
- if (null != connection) {
- try {
- connection.close();
- } catch (IOException e) {
- LOGGER.error("Exception occurred while closing the connection", e);
- }
- }
-
- }
- }
-
- @Override
- public void checkGroupAttributes(AmbariLdapConfiguration configuration) throws AmbariException {
-
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java
new file mode 100644
index 0000000..838ef4c
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java
@@ -0,0 +1,232 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.ldap.service.ad;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Set;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
+import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
+import org.apache.ambari.server.ldap.service.AmbariLdapException;
+import org.apache.ambari.server.ldap.service.LdapConnectionService;
+import org.apache.directory.api.ldap.codec.decorators.SearchResultEntryDecorator;
+import org.apache.directory.api.ldap.model.cursor.EntryCursor;
+import org.apache.directory.api.ldap.model.cursor.SearchCursor;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.message.Response;
+import org.apache.directory.api.ldap.model.message.SearchRequest;
+import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
+import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.apache.directory.ldap.client.api.search.FilterBuilder;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
+
+/**
+ * Implementation of the validation logic using the Apache Directory API.
+ */
+@Singleton
+public class DefaultLdapConfigurationValidatorService implements LdapConfigurationValidatorService {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(DefaultLdapConfigurationValidatorService.class);
+
+ @Inject
+ private LdapConnectionService ldapConnectionService;
+
+ /**
+ * Facilitating the instantiation
+ */
+ @Inject
+ public DefaultLdapConfigurationValidatorService() {
+ }
+
+ @Override
+ public void checkConnection(LdapConnection ldapConnection, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
+ try {
+ bind(ambariLdapConfiguration, ldapConnection);
+ } catch (LdapException e) {
+ LOGGER.error("Could not connect to the LDAP server", e);
+ throw new AmbariLdapException(e);
+ }
+ }
+
+
+ /**
+ * Checks the user attributes provided in the configuration instance by issuing a search for a (known) test user in the LDAP.
+ * Attributes are considered correct if there is at least one entry found.
+ *
+ * Invalid attributes are signaled by throwing an exception.
+ *
+ * @param testUserName the test username
+ * @param testPassword the test password
+ * @param ambariLdapConfiguration configuration instance holding ldap configuration details
+ * @throws AmbariException if the attributes are not valid or any errors occurs
+ */
+ @Override
+ public String checkUserAttributes(LdapConnection ldapConnection, String testUserName, String testPassword, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
+ LdapNetworkConnection connection = null;
+ SearchCursor searchCursor = null;
+ String userDn = null;
+ try {
+ LOGGER.info("Checking user attributes for user {} r ...", testUserName);
+
+ // bind anonimously or with manager data
+ bind(ambariLdapConfiguration, connection);
+
+ // set up a filter based on the provided attributes
+ String filter = FilterBuilder.and(
+ FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()),
+ FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), testUserName))
+ .toString();
+
+ LOGGER.info("Searching for the user: {} using the search filter: {}", testUserName, filter);
+ EntryCursor entryCursor = connection.search(new Dn(ambariLdapConfiguration.userSearchBase()), filter, SearchScope.SUBTREE);
+
+ // collecting search result entries
+ List<Entry> users = Lists.newArrayList();
+ for (Entry entry : entryCursor) {
+ users.add(entry);
+ userDn = entry.getDn().getNormName();
+ }
+
+ // there should be at least one user found
+ if (users.isEmpty()) {
+ String msg = String.format("There are no users found using the filter: [ %s ]. Try changing the attribute values", filter);
+ LOGGER.error(msg);
+ throw new Exception(msg);
+ }
+
+ LOGGER.info("Attibute validation succeeded. Filter: {}", filter);
+
+ } catch (Exception e) {
+
+ LOGGER.error("User attributes validation failed.", e);
+ throw new AmbariLdapException(e.getMessage(), e);
+
+ } finally {
+ closeResources(connection, searchCursor);
+ }
+ return userDn;
+ }
+
+
+ @Override
+ public Set<String> checkGroupAttributes(LdapConnection ldapConnection, String userDn, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
+ SearchCursor searchCursor = null;
+ Set<Response> groupResponses = Sets.newHashSet();
+
+ try {
+ LOGGER.info("Checking group attributes for user dn {} ...", userDn);
+
+ bind(ambariLdapConfiguration, ldapConnection);
+
+ // set up a filter based on the provided attributes
+ String filter = FilterBuilder.and(
+ FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.groupObjectClass()),
+ FilterBuilder.equal(ambariLdapConfiguration.groupMemberAttribute(), userDn)
+ ).toString();
+
+ LOGGER.info("Searching for the groups the user dn: {} is member of using the search filter: {}", userDn, filter);
+
+ // assemble a search request
+ SearchRequest searchRequest = new SearchRequestImpl();
+ searchRequest.setFilter(filter);
+ searchRequest.setBase(new Dn(ambariLdapConfiguration.groupSearchBase()));
+ searchRequest.setScope(SearchScope.SUBTREE);
+ searchRequest.addAttributes(ambariLdapConfiguration.groupMemberAttribute(), ambariLdapConfiguration.groupNameAttribute());
+
+ // perform the search
+ searchCursor = ldapConnection.search(searchRequest);
+
+ for (Response response : searchCursor) {
+ groupResponses.add(response);
+ }
+
+ } catch (Exception e) {
+
+ LOGGER.error("User attributes validation failed.", e);
+ throw new AmbariLdapException(e.getMessage(), e);
+
+ } finally {
+
+ closeResources(ldapConnection, searchCursor);
+
+ }
+
+ return processGroupResults(groupResponses, ambariLdapConfiguration);
+ }
+
+ private void bind(AmbariLdapConfiguration ambariLdapConfiguration, LdapConnection connection) throws LdapException {
+ LOGGER.info("Connecting to LDAP ....");
+ if (!ambariLdapConfiguration.bindAnonimously()) {
+ LOGGER.debug("Anonimous binding not supported, binding with the manager detailas...");
+ connection.bind(ambariLdapConfiguration.managerDn(), ambariLdapConfiguration.managerPassword());
+ } else {
+ LOGGER.debug("Binding anonimously ...");
+ connection.bind();
+ }
+
+ if (!connection.isConnected()) {
+ LOGGER.error("Not connected to the LDAP server. Connection instance: {}", connection);
+ throw new IllegalStateException("The connection to the LDAP server is not alive");
+ }
+ LOGGER.info("Connected to LDAP.");
+ }
+
+
+ private Set<String> processGroupResults(Set<Response> groupResponses, AmbariLdapConfiguration ambariLdapConfiguration) {
+ Set<String> groupStrSet = Sets.newHashSet();
+ for (Response response : groupResponses) {
+ Entry entry = ((SearchResultEntryDecorator) response).getEntry();
+ groupStrSet.add(entry.get(ambariLdapConfiguration.groupNameAttribute()).get().getString());
+ }
+
+ LOGGER.debug("Extracted group names from group search responses: {}", groupStrSet);
+ return groupStrSet;
+ }
+
+ private void closeResources(LdapConnection connection, SearchCursor searchCursor) {
+ LOGGER.debug("Housekeeping: closing the connection and the search cursor ...");
+
+ if (null != searchCursor) {
+ // this method is idempotent
+ searchCursor.close();
+ }
+
+ if (null != connection) {
+ try {
+ connection.close();
+ } catch (IOException e) {
+ LOGGER.error("Exception occurred while closing the connection", e);
+ }
+ }
+ }
+
+}
+
+
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java
new file mode 100644
index 0000000..b5559d9
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.ldap.service.ad;
+
+import javax.inject.Singleton;
+
+import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
+import org.apache.ambari.server.ldap.service.LdapConnectionService;
+import org.apache.directory.ldap.client.api.LdapConnectionConfig;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Singleton
+public class DefaultLdapConnectionService implements LdapConnectionService {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(DefaultLdapConnectionService.class);
+
+ @Override
+ public LdapNetworkConnection createLdapConnection(AmbariLdapConfiguration ambariLdapConfiguration) {
+ LOGGER.debug("Creating ldap connection instance from: {}", ambariLdapConfiguration);
+ return new LdapNetworkConnection(getLdapConnectionConfig(ambariLdapConfiguration));
+ }
+
+ private LdapConnectionConfig getLdapConnectionConfig(AmbariLdapConfiguration ambariAmbariLdapConfiguration) {
+ LOGGER.debug("Creating a configuration instance based on the ambari configuration: {}", ambariAmbariLdapConfiguration);
+
+ LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
+ ldapConnectionConfig.setLdapHost(ambariAmbariLdapConfiguration.ldapServerHost());
+ ldapConnectionConfig.setLdapPort(ambariAmbariLdapConfiguration.ldapServerPort());
+ ldapConnectionConfig.setUseSsl(ambariAmbariLdapConfiguration.useSSL());
+
+ //todo set the other values as required
+ return ldapConnectionConfig;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java
deleted file mode 100644
index a8839f1..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/LdapConfigurationConverter.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.ldap.service.ad;
-
-import javax.inject.Singleton;
-
-import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
-import org.apache.directory.ldap.client.api.LdapConnectionConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Converts between ambari specific ldap types and the 3rd party ldap library
- */
-@Singleton
-public class LdapConfigurationConverter {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(LdapConfigurationConverter.class);
-
- /**
- * Creates a {@link LdapConnectionConfig} instance based on the provided ambari specific configurations
- *
- * @param ambariAmbariLdapConfiguration
- * @return
- */
- public LdapConnectionConfig getLdapConnectionConfig(AmbariLdapConfiguration ambariAmbariLdapConfiguration) {
- LOGGER.debug("Creating a configuration instance based on the ambari configuration: {}", ambariAmbariLdapConfiguration);
-
- LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
- ldapConnectionConfig.setLdapHost(ambariAmbariLdapConfiguration.ldapServerHost());
- ldapConnectionConfig.setLdapPort(ambariAmbariLdapConfiguration.ldapServerPort());
- ldapConnectionConfig.setUseSsl(ambariAmbariLdapConfiguration.useSSL());
-
- //todo set the other values as required
- return ldapConnectionConfig;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java
deleted file mode 100644
index 0f57099..0000000
--- a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/AdLdapConfigurationValidatorServiceTest.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.ldap.service.ad;
-
-import static org.junit.Assert.assertNotNull;
-
-import java.util.Map;
-
-import org.apache.ambari.server.AmbariException;
-import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
-import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
-import org.apache.directory.api.ldap.model.cursor.EntryCursor;
-import org.apache.directory.api.ldap.model.cursor.SearchCursor;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.message.Response;
-import org.apache.directory.api.ldap.model.message.SearchRequest;
-import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
-import org.apache.directory.api.ldap.model.message.SearchResultEntry;
-import org.apache.directory.api.ldap.model.message.SearchScope;
-import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.LdapConnectionConfig;
-import org.apache.directory.ldap.client.api.LdapNetworkConnection;
-import org.apache.directory.ldap.client.api.search.FilterBuilder;
-import org.apache.directory.shared.ldap.constants.SchemaConstants;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Maps;
-
-public class AdLdapConfigurationValidatorServiceTest {
- private static final Logger LOGGER = LoggerFactory.getLogger(AdLdapConfigurationValidatorService.class);
- private static final String TEST_USER = "Jocika10";
-
- LdapConfigurationValidatorService ldapConfigurationValidatorService = new AdLdapConfigurationValidatorService();
-
-
- @Test
- public void testCheckAttributes() throws Exception {
-
- // WHEN
- LdapConnectionConfig config = new LdapConnectionConfig();
- config.setLdapHost("localhost");
- config.setLdapPort(389);
- LdapConnection connection = new LdapNetworkConnection(config);
-
- // THEN
- connection.anonymousBind();
-
-
- EntryCursor cursor = connection.search("dc=dev,dc=local", "(objectclass=*)", SearchScope.ONELEVEL);
-
- for (Entry entry : cursor) {
- assertNotNull(entry);
- System.out.println(entry);
- }
-
- cursor.close();
-
- }
-
- @Test
- public void testCheckUserAttributes() throws Exception {
- Map<String, Object> ldapPropsMap = Maps.newHashMap();
-
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), true);
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "localhost");
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389");
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=dev,dc=local");
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC);
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT);
-
- AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap);
-
-
- try {
- LOGGER.info("Authenticating user {} against the LDAP server ...", TEST_USER);
- LdapConfigurationConverter ldapConfigurationConverter = new LdapConfigurationConverter();
-
- LdapConnectionConfig connectionConfig = ldapConfigurationConverter.getLdapConnectionConfig(ambariLdapConfiguration);
- LdapNetworkConnection connection = new LdapNetworkConnection(connectionConfig);
-
- String filter = FilterBuilder.and(
- FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()),
- FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), TEST_USER))
- .toString();
-
- SearchRequest searchRequest = new SearchRequestImpl();
- searchRequest.setBase(new Dn(ambariLdapConfiguration.baseDn()));
- searchRequest.setFilter(filter);
- searchRequest.setScope(SearchScope.SUBTREE);
-
- LOGGER.info("loking up user: {} based on the filtr: {}", TEST_USER, filter);
-
- connection.bind();
- SearchCursor searchCursor = connection.search(searchRequest);
-
- while (searchCursor.next()) {
- Response response = searchCursor.get();
-
- // process the SearchResultEntry
- if (response instanceof SearchResultEntry) {
- Entry resultEntry = ((SearchResultEntry) response).getEntry();
- System.out.println(resultEntry);
- }
- }
-
- searchCursor.close();
-
- } catch (Exception e) {
- throw new AmbariException("Error during user authentication check", e);
- }
-
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/86e105f8/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java
new file mode 100644
index 0000000..5c9d304
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java
@@ -0,0 +1,156 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.ldap.service.ad;
+
+import static org.junit.Assert.assertNotNull;
+
+import java.util.Map;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
+import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
+import org.apache.ambari.server.ldap.service.LdapConnectionService;
+import org.apache.directory.api.ldap.model.cursor.EntryCursor;
+import org.apache.directory.api.ldap.model.cursor.SearchCursor;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.message.Response;
+import org.apache.directory.api.ldap.model.message.SearchRequest;
+import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
+import org.apache.directory.api.ldap.model.message.SearchResultEntry;
+import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapConnectionConfig;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.apache.directory.ldap.client.api.search.FilterBuilder;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.Maps;
+
+public class DefaultLdapConfigurationValidatorServiceTest {
+ private static final Logger LOGGER = LoggerFactory.getLogger(DefaultLdapConfigurationValidatorService.class);
+ private static final String TEST_USER = "einstein";
+
+ LdapConfigurationValidatorService ldapConfigurationValidatorService = new DefaultLdapConfigurationValidatorService();
+
+
+ @Test
+ public void testCheckAttributes() throws Exception {
+
+ // WHEN
+ LdapConnectionConfig config = new LdapConnectionConfig();
+ config.setLdapHost("localhost");
+ config.setLdapPort(389);
+ LdapConnection connection = new LdapNetworkConnection(config);
+
+ // THEN
+ connection.anonymousBind();
+
+
+ EntryCursor cursor = connection.search("dc=dev,dc=local", "(objectclass=*)", SearchScope.ONELEVEL);
+
+ for (Entry entry : cursor) {
+ assertNotNull(entry);
+ System.out.println(entry);
+ }
+
+ cursor.close();
+
+ }
+
+ @Test
+ public void testCheckUserAttributes() throws Exception {
+ Map<String, Object> ldapPropsMap = Maps.newHashMap();
+
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), false);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "ldap.forumsys.com");
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389");
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=example,dc=com");
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_OBJECT_CLASS.propertyName(), SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_NAME_ATTRIBUTE.propertyName(), SchemaConstants.CN_AT);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE.propertyName(), SchemaConstants.UNIQUE_MEMBER_AT);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT);
+
+ AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap);
+
+
+ try {
+ LOGGER.info("Authenticating user {} against the LDAP server ...", TEST_USER);
+ LdapConnectionService connectionService = new DefaultLdapConnectionService();
+ LdapNetworkConnection connection = connectionService.createLdapConnection(ambariLdapConfiguration);
+
+ String filter = FilterBuilder.and(
+ FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()),
+ FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), TEST_USER))
+ .toString();
+
+ SearchRequest searchRequest = new SearchRequestImpl();
+ searchRequest.setBase(new Dn(ambariLdapConfiguration.baseDn()));
+ searchRequest.setFilter(filter);
+ searchRequest.setScope(SearchScope.SUBTREE);
+
+ LOGGER.info("loking up user: {} based on the filtr: {}", TEST_USER, filter);
+
+ connection.bind();
+ SearchCursor searchCursor = connection.search(searchRequest);
+
+ while (searchCursor.next()) {
+ Response response = searchCursor.get();
+
+ // process the SearchResultEntry
+ if (response instanceof SearchResultEntry) {
+ Entry resultEntry = ((SearchResultEntry) response).getEntry();
+ System.out.println(resultEntry);
+ }
+ }
+
+ searchCursor.close();
+
+ } catch (Exception e) {
+ throw new AmbariException("Error during user authentication check", e);
+ }
+
+ }
+
+ @Test
+ public void testRetrieveGorupsForuser() throws Exception {
+ // GIVEN
+ Map<String, Object> ldapPropsMap = Maps.newHashMap();
+
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), "true");
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "ldap.forumsys.com");
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389");
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=example,dc=com");
+
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT);
+
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_OBJECT_CLASS.propertyName(), SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_NAME_ATTRIBUTE.propertyName(), SchemaConstants.CN_AT);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE.propertyName(), SchemaConstants.UNIQUE_MEMBER_AT);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_SEARCH_BASE.propertyName(), "dc=example,dc=com");
+
+
+ AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap);
+ LdapConnectionService connectionService = new DefaultLdapConnectionService();
+ LdapNetworkConnection ldapConnection = connectionService.createLdapConnection(ambariLdapConfiguration);
+
+ ldapConfigurationValidatorService.checkGroupAttributes(ldapConnection, "uid=einstein,dc=example,dc=com", ambariLdapConfiguration);
+ }
+}
\ No newline at end of file