You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2015/12/01 19:20:22 UTC
[32/50] ambari git commit: AMBARI-13767. LDAP Group Membership not
pulled in with FreeIPA/RHELIDM. (Oliver Szabo via rnettleton)
AMBARI-13767. LDAP Group Membership not pulled in with FreeIPA/RHELIDM. (Oliver Szabo via rnettleton)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/006f0fe3
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/006f0fe3
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/006f0fe3
Branch: refs/heads/branch-dev-patch-upgrade
Commit: 006f0fe3f8aa7f288d77e3192542e8478cc60933
Parents: a62c4b8
Author: Bob Nettleton <rn...@hortonworks.com>
Authored: Mon Nov 30 19:05:29 2015 -0500
Committer: Bob Nettleton <rn...@hortonworks.com>
Committed: Mon Nov 30 19:05:40 2015 -0500
----------------------------------------------------------------------
.../security/ldap/AmbariLdapDataPopulator.java | 99 +++++++++++---------
.../ldap/AmbariLdapDataPopulatorTest.java | 66 ++++++++-----
2 files changed, 97 insertions(+), 68 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/006f0fe3/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
index 103cfcb..3d2685e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
@@ -42,7 +42,6 @@ import org.springframework.ldap.control.PagedResultsDirContextProcessor;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextProcessor;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.filter.AndFilter;
@@ -176,16 +175,8 @@ public class AmbariLdapDataPopulator {
for (LdapGroupDto groupDto : externalLdapGroupInfo) {
String groupName = groupDto.getGroupName();
- if (internalGroupsMap.containsKey(groupName)) {
- final Group group = internalGroupsMap.get(groupName);
- if (!group.isLdapGroup()) {
- batchInfo.getGroupsToBecomeLdap().add(groupName);
- }
- internalGroupsMap.remove(groupName);
- } else {
- batchInfo.getGroupsToBeCreated().add(groupName);
- }
- refreshGroupMembers(batchInfo, groupDto, internalUsersMap, null);
+ addLdapGroup(batchInfo, internalGroupsMap, groupName);
+ refreshGroupMembers(batchInfo, groupDto, internalUsersMap, internalGroupsMap, null);
}
for (Entry<String, Group> internalGroup : internalGroupsMap.entrySet()) {
if (internalGroup.getValue().isLdapGroup()) {
@@ -250,16 +241,8 @@ public class AmbariLdapDataPopulator {
for (LdapGroupDto groupDto : specifiedGroups) {
String groupName = groupDto.getGroupName();
- if (internalGroupsMap.containsKey(groupName)) {
- final Group group = internalGroupsMap.get(groupName);
- if (!group.isLdapGroup()) {
- batchInfo.getGroupsToBecomeLdap().add(groupName);
- }
- internalGroupsMap.remove(groupName);
- } else {
- batchInfo.getGroupsToBeCreated().add(groupName);
- }
- refreshGroupMembers(batchInfo, groupDto, internalUsersMap, null);
+ addLdapGroup(batchInfo, internalGroupsMap, groupName);
+ refreshGroupMembers(batchInfo, groupDto, internalUsersMap, internalGroupsMap, null);
}
return batchInfo;
@@ -317,7 +300,7 @@ public class AmbariLdapDataPopulator {
batchInfo.getGroupsToBeRemoved().add(group.getGroupName());
} else {
LdapGroupDto groupDto = groupDtos.iterator().next();
- refreshGroupMembers(batchInfo, groupDto, internalUsersMap, null);
+ refreshGroupMembers(batchInfo, groupDto, internalUsersMap, internalGroupsMap, null);
}
}
}
@@ -354,7 +337,8 @@ public class AmbariLdapDataPopulator {
* @param groupMemberAttributes set of group member attributes that have already been refreshed
* @throws AmbariException if group refresh failed
*/
- protected void refreshGroupMembers(LdapBatchDto batchInfo, LdapGroupDto group, Map<String, User> internalUsers, Set<String> groupMemberAttributes)
+ protected void refreshGroupMembers(LdapBatchDto batchInfo, LdapGroupDto group, Map<String, User> internalUsers,
+ Map<String, Group> internalGroupsMap, Set<String> groupMemberAttributes)
throws AmbariException {
Set<String> externalMembers = new HashSet<String>();
@@ -373,7 +357,8 @@ public class AmbariLdapDataPopulator {
LdapGroupDto subGroup = getLdapGroupByMemberAttr(memberAttributeValue);
if (subGroup != null) {
groupMemberAttributes.add(memberAttributeValue);
- refreshGroupMembers(batchInfo, subGroup, internalUsers, groupMemberAttributes);
+ addLdapGroup(batchInfo, internalGroupsMap, subGroup.getGroupName());
+ refreshGroupMembers(batchInfo, subGroup, internalUsers, internalGroupsMap, groupMemberAttributes);
}
}
}
@@ -419,7 +404,7 @@ public class AmbariLdapDataPopulator {
Filter groupObjectFilter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE,
ldapServerProperties.getGroupObjectClass());
Filter groupNameFilter = new LikeFilter(ldapServerProperties.getGroupNamingAttr(), groupName);
- return getFilteredLdapGroups(groupObjectFilter, groupNameFilter);
+ return getFilteredLdapGroups(ldapServerProperties.getBaseDN(), groupObjectFilter, groupNameFilter);
}
/**
@@ -432,7 +417,7 @@ public class AmbariLdapDataPopulator {
protected Set<LdapUserDto> getLdapUsers(String username) {
Filter userObjectFilter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getUserObjectClass());
Filter userNameFilter = new LikeFilter(ldapServerProperties.getUsernameAttribute(), username);
- return getFilteredLdapUsers(userObjectFilter, userNameFilter);
+ return getFilteredLdapUsers(ldapServerProperties.getBaseDN(), userObjectFilter, userNameFilter);
}
/**
@@ -443,10 +428,16 @@ public class AmbariLdapDataPopulator {
* @return the user for the given member attribute; null if not found
*/
protected LdapUserDto getLdapUserByMemberAttr(String memberAttributeValue) {
- Set<LdapUserDto> filteredLdapUsers = getFilteredLdapUsers(
- new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getUserObjectClass()),
- getMemberFilter(memberAttributeValue));
-
+ Set<LdapUserDto> filteredLdapUsers = new HashSet<LdapUserDto>();
+ if (memberAttributeValue!= null && isMemberAttributeBaseDn(memberAttributeValue)) {
+ Filter filter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getUserObjectClass());
+ filteredLdapUsers = getFilteredLdapUsers(memberAttributeValue, filter);
+ } else {
+ Filter filter = new AndFilter()
+ .and(new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getUserObjectClass()))
+ .and(new EqualsFilter(ldapServerProperties.getUsernameAttribute(), memberAttributeValue));
+ filteredLdapUsers = getFilteredLdapUsers(ldapServerProperties.getBaseDN(), filter);
+ }
return (filteredLdapUsers.isEmpty()) ? null : filteredLdapUsers.iterator().next();
}
@@ -458,11 +449,17 @@ public class AmbariLdapDataPopulator {
* @return the group for the given member attribute; null if not found
*/
protected LdapGroupDto getLdapGroupByMemberAttr(String memberAttributeValue) {
- Set<LdapGroupDto> filteredLdapUsers = getFilteredLdapGroups(
+ Set<LdapGroupDto> filteredLdapGroups = new HashSet<LdapGroupDto>();
+ if (memberAttributeValue != null && isMemberAttributeBaseDn(memberAttributeValue)) {
+ Filter filter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getGroupObjectClass());
+ filteredLdapGroups = getFilteredLdapGroups(memberAttributeValue, filter);
+ } else {
+ filteredLdapGroups = getFilteredLdapGroups(ldapServerProperties.getBaseDN(),
new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getGroupObjectClass()),
getMemberFilter(memberAttributeValue));
+ }
- return (filteredLdapUsers.isEmpty()) ? null : filteredLdapUsers.iterator().next();
+ return (filteredLdapGroups.isEmpty()) ? null : filteredLdapGroups.iterator().next();
}
/**
@@ -481,6 +478,26 @@ public class AmbariLdapDataPopulator {
// Utility methods
+ private void addLdapGroup(LdapBatchDto batchInfo, Map<String, Group> internalGroupsMap, String groupName) {
+ if (internalGroupsMap.containsKey(groupName)) {
+ final Group group = internalGroupsMap.get(groupName);
+ if (!group.isLdapGroup()) {
+ batchInfo.getGroupsToBecomeLdap().add(groupName);
+ }
+ internalGroupsMap.remove(groupName);
+ } else {
+ batchInfo.getGroupsToBeCreated().add(groupName);
+ }
+ }
+
+ /**
+ * Determines that the member attribute can be used as a 'dn'
+ */
+ private boolean isMemberAttributeBaseDn(String memberAttributeValue) {
+ return memberAttributeValue.startsWith(ldapServerProperties.getUsernameAttribute() + "=")
+ || memberAttributeValue.startsWith(ldapServerProperties.getGroupNamingAttr() + "=");
+ }
+
/**
* Retrieves groups from external LDAP server.
*
@@ -489,7 +506,7 @@ public class AmbariLdapDataPopulator {
protected Set<LdapGroupDto> getExternalLdapGroupInfo() {
EqualsFilter groupObjectFilter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE,
ldapServerProperties.getGroupObjectClass());
- return getFilteredLdapGroups(groupObjectFilter);
+ return getFilteredLdapGroups(ldapServerProperties.getBaseDN(), groupObjectFilter);
}
// get a filter based on the given member attribute
@@ -500,18 +517,17 @@ public class AmbariLdapDataPopulator {
or(new EqualsFilter(UID_ATTRIBUTE, memberAttributeValue));
}
- private Set<LdapGroupDto> getFilteredLdapGroups(Filter...filters) {
+ private Set<LdapGroupDto> getFilteredLdapGroups(String baseDn, Filter...filters) {
AndFilter andFilter = new AndFilter();
for (Filter filter : filters) {
andFilter.and(filter);
}
- return getFilteredLdapGroups(andFilter);
+ return getFilteredLdapGroups(baseDn, andFilter);
}
- private Set<LdapGroupDto> getFilteredLdapGroups(Filter filter) {
+ private Set<LdapGroupDto> getFilteredLdapGroups(String baseDn, Filter filter) {
final Set<LdapGroupDto> groups = new HashSet<LdapGroupDto>();
final LdapTemplate ldapTemplate = loadLdapTemplate();
- String baseDn = ldapServerProperties.getBaseDN();
ldapTemplate.search(baseDn, filter.encode(), new LdapGroupContextMapper(groups, ldapServerProperties));
return groups;
}
@@ -524,21 +540,20 @@ public class AmbariLdapDataPopulator {
protected Set<LdapUserDto> getExternalLdapUserInfo() {
EqualsFilter userObjectFilter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE,
ldapServerProperties.getUserObjectClass());
- return getFilteredLdapUsers(userObjectFilter);
+ return getFilteredLdapUsers(ldapServerProperties.getBaseDN(), userObjectFilter);
}
- private Set<LdapUserDto> getFilteredLdapUsers(Filter...filters) {
+ private Set<LdapUserDto> getFilteredLdapUsers(String baseDn, Filter...filters) {
AndFilter andFilter = new AndFilter();
for (Filter filter : filters) {
andFilter.and(filter);
}
- return getFilteredLdapUsers(andFilter);
+ return getFilteredLdapUsers(baseDn, andFilter);
}
- private Set<LdapUserDto> getFilteredLdapUsers(Filter filter) {
+ private Set<LdapUserDto> getFilteredLdapUsers(String baseDn, Filter filter) {
final Set<LdapUserDto> users = new HashSet<LdapUserDto>();
final LdapTemplate ldapTemplate = loadLdapTemplate();
- String baseDn = ldapServerProperties.getBaseDN();
PagedResultsDirContextProcessor processor = createPagingProcessor();
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
http://git-wip-us.apache.org/repos/asf/ambari/blob/006f0fe3/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
index 3f4f7b5..be92871 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
@@ -249,7 +249,7 @@ public class AmbariLdapDataPopulatorTest {
expect(populator.getLdapGroups("group2")).andReturn(Collections.EMPTY_SET);
LdapGroupDto externalGroup1 = createNiceMock(LdapGroupDto.class);
LdapBatchDto batchInfo = new LdapBatchDto();
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
expect(populator.getLdapGroups("group4")).andReturn(Collections.singleton(externalGroup1));
expect(populator.getLdapGroups("group5")).andReturn(Collections.EMPTY_SET);
@@ -320,12 +320,12 @@ public class AmbariLdapDataPopulatorTest {
LdapBatchDto batchInfo = new LdapBatchDto();
Set<LdapGroupDto> externalGroups = createSet(externalGroup3, externalGroup4);
for (LdapGroupDto externalGroup : externalGroups) {
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
}
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup2), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup2), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
expect(populator.getLdapGroups("x*")).andReturn(externalGroups);
expect(populator.getLdapGroups("group1")).andReturn(Collections.singleton(externalGroup1));
@@ -399,10 +399,10 @@ public class AmbariLdapDataPopulatorTest {
LdapBatchDto batchInfo = new LdapBatchDto();
Set<LdapGroupDto> externalGroups = createSet(externalGroup3, externalGroup4);
for (LdapGroupDto externalGroup : externalGroups) {
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
}
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup2), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup2), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
expect(populator.getLdapGroups("x*")).andReturn(externalGroups);
expect(populator.getLdapGroups("group2")).andReturn(Collections.singleton(externalGroup2));
@@ -473,7 +473,7 @@ public class AmbariLdapDataPopulatorTest {
LdapBatchDto batchInfo = new LdapBatchDto();
Set<LdapGroupDto> externalGroups = createSet(externalGroup1, externalGroup2, externalGroup3, externalGroup4);
for (LdapGroupDto externalGroup : externalGroups) {
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
}
expect(populator.getLdapGroups("group*")).andReturn(externalGroups);
@@ -603,7 +603,7 @@ public class AmbariLdapDataPopulatorTest {
LdapBatchDto batchInfo = new LdapBatchDto();
Set<LdapGroupDto> externalGroups = createSet(externalGroup1, externalGroup2, externalGroup3, externalGroup4);
for (LdapGroupDto externalGroup : externalGroups) {
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
}
@@ -664,7 +664,7 @@ public class AmbariLdapDataPopulatorTest {
LdapBatchDto batchInfo = new LdapBatchDto();
Set<LdapGroupDto> externalGroups = createSet(externalGroup1, externalGroup2);
for (LdapGroupDto externalGroup : externalGroups) {
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
}
expect(populator.getExternalLdapGroupInfo()).andReturn(externalGroups);
@@ -728,7 +728,7 @@ public class AmbariLdapDataPopulatorTest {
LdapBatchDto batchInfo = new LdapBatchDto();
Set<LdapGroupDto> externalGroups = createSet(externalGroup1);
for (LdapGroupDto externalGroup : externalGroups) {
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
}
expect(populator.getExternalLdapGroupInfo()).andReturn(externalGroups);
@@ -791,7 +791,7 @@ public class AmbariLdapDataPopulatorTest {
LdapBatchDto batchInfo = new LdapBatchDto();
Set<LdapGroupDto> externalGroups = createSet(externalGroup1, externalGroup2);
for (LdapGroupDto externalGroup : externalGroups) {
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class));
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class));
expectLastCall();
}
expect(populator.getExternalLdapGroupInfo()).andReturn(externalGroups);
@@ -1344,19 +1344,28 @@ public class AmbariLdapDataPopulatorTest {
expect(user3.isLdapUser()).andReturn(true).anyTimes();
expect(user4.isLdapUser()).andReturn(false).anyTimes();
+ Group group1 = createNiceMock(Group.class);
+ Group group2 = createNiceMock(Group.class);
+ expect(group1.isLdapGroup()).andReturn(true).anyTimes();
+ expect(group2.isLdapGroup()).andReturn(true).anyTimes();
+ expect(group1.getGroupName()).andReturn("group1").anyTimes();
+ expect(group2.getGroupName()).andReturn("group2").anyTimes();
Configuration configuration = createNiceMock(Configuration.class);
Users users = createNiceMock(Users.class);
LdapTemplate ldapTemplate = createNiceMock(LdapTemplate.class);
LdapServerProperties ldapServerProperties = createNiceMock(LdapServerProperties.class);
-
+ expect(ldapServerProperties.getGroupNamingAttr()).andReturn("cn").anyTimes();
+ expect(ldapServerProperties.getUsernameAttribute()).andReturn("uid").anyTimes();
replay(ldapTemplate, ldapServerProperties, users, configuration);
replay(user1, user2, user3, user4);
+ replay(group1, group2);
AmbariLdapDataPopulatorTestInstance populator = createMockBuilder(AmbariLdapDataPopulatorTestInstance.class)
- .addMockedMethod("getLdapUserByMemberAttr")
- .addMockedMethod("getInternalMembers")
- .withConstructor(configuration, users)
- .createNiceMock();
+ .addMockedMethod("getLdapUserByMemberAttr")
+ .addMockedMethod("getLdapGroupByMemberAttr")
+ .addMockedMethod("getInternalMembers")
+ .withConstructor(configuration, users)
+ .createNiceMock();
LdapGroupDto externalGroup = createNiceMock(LdapGroupDto.class);
expect(externalGroup.getGroupName()).andReturn("group1").anyTimes();
@@ -1380,9 +1389,10 @@ public class AmbariLdapDataPopulatorTest {
replay(externalUser1, externalUser2, externalUser3, externalUser4);
expect(populator.getLdapUserByMemberAttr("user1")).andReturn(externalUser1).anyTimes();
expect(populator.getLdapUserByMemberAttr("user2")).andReturn(externalUser2).anyTimes();
- expect(populator.getLdapUserByMemberAttr("user4")).andReturn(externalUser3).anyTimes();
+ expect(populator.getLdapUserByMemberAttr("user4")).andReturn(null).anyTimes();
+ expect(populator.getLdapGroupByMemberAttr("user4")).andReturn(externalGroup).anyTimes();
expect(populator.getLdapUserByMemberAttr("user6")).andReturn(externalUser4).anyTimes();
- expect(populator.getInternalMembers("group1")).andReturn(internalMembers);
+ expect(populator.getInternalMembers("group1")).andReturn(internalMembers).anyTimes();
replay(populator);
populator.setLdapTemplate(ldapTemplate);
@@ -1391,29 +1401,31 @@ public class AmbariLdapDataPopulatorTest {
Map<String, User> internalUsers = new HashMap<String, User>();
internalUsers.putAll(internalMembers);
internalUsers.put("user2", user2);
+ Map<String, Group> internalGroups = new HashMap<String, Group>();
+ internalGroups.put("group2", group2);
- populator.refreshGroupMembers(batchInfo, externalGroup, internalUsers, null);
+ populator.refreshGroupMembers(batchInfo, externalGroup, internalUsers, internalGroups, null);
Set<String> groupMembersToAdd = new HashSet<String>();
for (LdapUserGroupMemberDto ldapUserGroupMemberDto : batchInfo.getMembershipToAdd()) {
groupMembersToAdd.add(ldapUserGroupMemberDto.getUserName());
}
- assertEquals(2, groupMembersToAdd.size());
+ assertEquals(3, groupMembersToAdd.size());
assertTrue(groupMembersToAdd.contains("user2"));
assertTrue(groupMembersToAdd.contains("user6"));
Set<String> groupMembersToRemove = new HashSet<String>();
for (LdapUserGroupMemberDto ldapUserGroupMemberDto : batchInfo.getMembershipToRemove()) {
groupMembersToRemove.add(ldapUserGroupMemberDto.getUserName());
}
- assertEquals(1, groupMembersToRemove.size());
+ assertEquals(2, groupMembersToRemove.size());
assertTrue(groupMembersToRemove.contains("user3"));
assertEquals(1, batchInfo.getUsersToBeCreated().size());
assertTrue(batchInfo.getUsersToBeCreated().contains("user6"));
- assertEquals(2, batchInfo.getUsersToBecomeLdap().size());
+ assertEquals(1, batchInfo.getUsersToBecomeLdap().size());
assertTrue(batchInfo.getUsersToBecomeLdap().contains("user1"));
- assertTrue(batchInfo.getUsersToBecomeLdap().contains("user4"));
+ assertTrue(!batchInfo.getUsersToBecomeLdap().contains("user4"));
assertTrue(batchInfo.getGroupsToBecomeLdap().isEmpty());
- assertTrue(batchInfo.getGroupsToBeCreated().isEmpty());
+ assertEquals(1, batchInfo.getGroupsToBeCreated().size());
assertTrue(batchInfo.getGroupsToBeRemoved().isEmpty());
assertTrue(batchInfo.getUsersToBeRemoved().isEmpty());
verify(populator.loadLdapTemplate(), populator);
@@ -1496,10 +1508,11 @@ public class AmbariLdapDataPopulatorTest {
expect(ldapServerProperties.getUserObjectClass()).andReturn("objectClass").anyTimes();
expect(ldapServerProperties.getDnAttribute()).andReturn("dn").anyTimes();
expect(ldapServerProperties.getBaseDN()).andReturn("baseDN").anyTimes();
+ expect(ldapServerProperties.getUsernameAttribute()).andReturn("uid").anyTimes();
expect(processor.getCookie()).andReturn(cookie).anyTimes();
expect(cookie.getCookie()).andReturn(null).anyTimes();
- expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(|(dn=foo)(uid=foo)))"), anyObject(SearchControls.class), capture(contextMapperCapture), eq(processor))).andReturn(list);
+ expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(uid=foo))"), anyObject(SearchControls.class), capture(contextMapperCapture), eq(processor))).andReturn(list);
replay(ldapTemplate, ldapServerProperties, users, configuration, processor, cookie);
@@ -1532,10 +1545,11 @@ public class AmbariLdapDataPopulatorTest {
expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).anyTimes();
expect(ldapServerProperties.isPaginationEnabled()).andReturn(false).anyTimes();
expect(ldapServerProperties.getUserObjectClass()).andReturn("objectClass").anyTimes();
+ expect(ldapServerProperties.getUsernameAttribute()).andReturn("uid").anyTimes();
expect(ldapServerProperties.getDnAttribute()).andReturn("dn").anyTimes();
expect(ldapServerProperties.getBaseDN()).andReturn("baseDN").anyTimes();
- expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(|(dn=foo)(uid=foo)))"), anyObject(SearchControls.class), capture(contextMapperCapture))).andReturn(list);
+ expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(uid=foo))"), anyObject(SearchControls.class), capture(contextMapperCapture))).andReturn(list);
replay(ldapTemplate, ldapServerProperties, users, configuration, processor, cookie);