You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Sebastian Toader <st...@hortonworks.com> on 2016/04/26 15:55:55 UTC
Review Request 46695: User imported from AD is unable to login to
Ambari
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46695/
-----------------------------------------------------------
Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.
Bugs: AMBARI-16119
https://issues.apache.org/jira/browse/AMBARI-16119
Repository: ambari
Description
-------
When user authenticates againts AD the user details are pulled (ldap binding) from AD. In case the user logged in with a login alias (e.g. when a user is present in multiple subdomains within a forest than the user name appears in multiple places. In this case the user has to login with a login alias that contains domain information which uniquelly identifies the user in AD) Ambari created an override for the user detail behind the scenes in order to replace the login user name with the ambari user name that maps to it.
The override is nothing else than copying all fields from origin user details object but user name. Among the fields being copied over there is user password which apparently is populated when OpenLDAP is used however in case of AD its left null. The override user details object Ambari creates always expects a non-null password thus the creation of it failed when AD was used.
The overriding of user details has been modified to pass empty string as password is the passowrd in the original user details object is null.
Also some optimisation was added to create the override if the user logged in with a login alias.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java 98b97b2
Diff: https://reviews.apache.org/r/46695/diff/
Testing
-------
Tested manually on both OpenLDAP and AD.
Unit tests are in progress.
Thanks,
Sebastian Toader
Re: Review Request 46695: User imported from AD is unable to login to
Ambari
Posted by Sandor Magyari <sm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46695/#review130641
-----------------------------------------------------------
Ship it!
Ship It!
- Sandor Magyari
On April 26, 2016, 4:51 p.m., Sebastian Toader wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46695/
> -----------------------------------------------------------
>
> (Updated April 26, 2016, 4:51 p.m.)
>
>
> Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.
>
>
> Bugs: AMBARI-16119
> https://issues.apache.org/jira/browse/AMBARI-16119
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When user authenticates againts AD the user details are pulled (ldap binding) from AD. In case the user logged in with a login alias (e.g. when a user is present in multiple subdomains within a forest than the user name appears in multiple places. In this case the user has to login with a login alias that contains domain information which uniquelly identifies the user in AD) Ambari created an override for the user detail behind the scenes in order to replace the login user name with the ambari user name that maps to it.
>
> The override is nothing else than copying all fields from origin user details object but user name. Among the fields being copied over there is user password which apparently is populated when OpenLDAP is used however in case of AD its left null. The override user details object Ambari creates always expects a non-null password thus the creation of it failed when AD was used.
>
>
> The overriding of user details has been modified to pass empty string as password is the passowrd in the original user details object is null.
>
> Also some optimisation was added to create the override if the user logged in with a login alias.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java 98b97b2
>
> Diff: https://reviews.apache.org/r/46695/diff/
>
>
> Testing
> -------
>
> Tested manually on both OpenLDAP and AD.
>
> Unit test results:
>
> Results :
>
> Tests run: 4291, Failures: 0, Errors: 0, Skipped: 32
>
> ----------------------------------------------------------------------
> Total run:996
> Total errors:0
> Total failures:0
>
>
> Thanks,
>
> Sebastian Toader
>
>
Re: Review Request 46695: User imported from AD is unable to login to
Ambari
Posted by Sebastian Toader <st...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46695/
-----------------------------------------------------------
(Updated April 26, 2016, 6:51 p.m.)
Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.
Changes
-------
Added unit test results.
Bugs: AMBARI-16119
https://issues.apache.org/jira/browse/AMBARI-16119
Repository: ambari
Description
-------
When user authenticates againts AD the user details are pulled (ldap binding) from AD. In case the user logged in with a login alias (e.g. when a user is present in multiple subdomains within a forest than the user name appears in multiple places. In this case the user has to login with a login alias that contains domain information which uniquelly identifies the user in AD) Ambari created an override for the user detail behind the scenes in order to replace the login user name with the ambari user name that maps to it.
The override is nothing else than copying all fields from origin user details object but user name. Among the fields being copied over there is user password which apparently is populated when OpenLDAP is used however in case of AD its left null. The override user details object Ambari creates always expects a non-null password thus the creation of it failed when AD was used.
The overriding of user details has been modified to pass empty string as password is the passowrd in the original user details object is null.
Also some optimisation was added to create the override if the user logged in with a login alias.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java 98b97b2
Diff: https://reviews.apache.org/r/46695/diff/
Testing (updated)
-------
Tested manually on both OpenLDAP and AD.
Unit test results:
Results :
Tests run: 4291, Failures: 0, Errors: 0, Skipped: 32
----------------------------------------------------------------------
Total run:996
Total errors:0
Total failures:0
Thanks,
Sebastian Toader
Re: Review Request 46695: User imported from AD is unable to login to
Ambari
Posted by Daniel Gergely <dg...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46695/#review130615
-----------------------------------------------------------
Ship it!
Ship It!
- Daniel Gergely
On ápr. 26, 2016, 2:17 du, Sebastian Toader wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46695/
> -----------------------------------------------------------
>
> (Updated ápr. 26, 2016, 2:17 du)
>
>
> Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.
>
>
> Bugs: AMBARI-16119
> https://issues.apache.org/jira/browse/AMBARI-16119
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When user authenticates againts AD the user details are pulled (ldap binding) from AD. In case the user logged in with a login alias (e.g. when a user is present in multiple subdomains within a forest than the user name appears in multiple places. In this case the user has to login with a login alias that contains domain information which uniquelly identifies the user in AD) Ambari created an override for the user detail behind the scenes in order to replace the login user name with the ambari user name that maps to it.
>
> The override is nothing else than copying all fields from origin user details object but user name. Among the fields being copied over there is user password which apparently is populated when OpenLDAP is used however in case of AD its left null. The override user details object Ambari creates always expects a non-null password thus the creation of it failed when AD was used.
>
>
> The overriding of user details has been modified to pass empty string as password is the passowrd in the original user details object is null.
>
> Also some optimisation was added to create the override if the user logged in with a login alias.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java 98b97b2
>
> Diff: https://reviews.apache.org/r/46695/diff/
>
>
> Testing
> -------
>
> Tested manually on both OpenLDAP and AD.
>
> Unit tests are in progress.
>
>
> Thanks,
>
> Sebastian Toader
>
>
Re: Review Request 46695: User imported from AD is unable to login to
Ambari
Posted by Oliver Szabo <os...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46695/#review130616
-----------------------------------------------------------
Ship it!
Ship It!
- Oliver Szabo
On April 26, 2016, 2:17 p.m., Sebastian Toader wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46695/
> -----------------------------------------------------------
>
> (Updated April 26, 2016, 2:17 p.m.)
>
>
> Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.
>
>
> Bugs: AMBARI-16119
> https://issues.apache.org/jira/browse/AMBARI-16119
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When user authenticates againts AD the user details are pulled (ldap binding) from AD. In case the user logged in with a login alias (e.g. when a user is present in multiple subdomains within a forest than the user name appears in multiple places. In this case the user has to login with a login alias that contains domain information which uniquelly identifies the user in AD) Ambari created an override for the user detail behind the scenes in order to replace the login user name with the ambari user name that maps to it.
>
> The override is nothing else than copying all fields from origin user details object but user name. Among the fields being copied over there is user password which apparently is populated when OpenLDAP is used however in case of AD its left null. The override user details object Ambari creates always expects a non-null password thus the creation of it failed when AD was used.
>
>
> The overriding of user details has been modified to pass empty string as password is the passowrd in the original user details object is null.
>
> Also some optimisation was added to create the override if the user logged in with a login alias.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java 98b97b2
>
> Diff: https://reviews.apache.org/r/46695/diff/
>
>
> Testing
> -------
>
> Tested manually on both OpenLDAP and AD.
>
> Unit tests are in progress.
>
>
> Thanks,
>
> Sebastian Toader
>
>
Re: Review Request 46695: User imported from AD is unable to login to
Ambari
Posted by Sebastian Toader <st...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46695/
-----------------------------------------------------------
(Updated April 26, 2016, 4:17 p.m.)
Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.
Changes
-------
Refining the code.
Bugs: AMBARI-16119
https://issues.apache.org/jira/browse/AMBARI-16119
Repository: ambari
Description
-------
When user authenticates againts AD the user details are pulled (ldap binding) from AD. In case the user logged in with a login alias (e.g. when a user is present in multiple subdomains within a forest than the user name appears in multiple places. In this case the user has to login with a login alias that contains domain information which uniquelly identifies the user in AD) Ambari created an override for the user detail behind the scenes in order to replace the login user name with the ambari user name that maps to it.
The override is nothing else than copying all fields from origin user details object but user name. Among the fields being copied over there is user password which apparently is populated when OpenLDAP is used however in case of AD its left null. The override user details object Ambari creates always expects a non-null password thus the creation of it failed when AD was used.
The overriding of user details has been modified to pass empty string as password is the passowrd in the original user details object is null.
Also some optimisation was added to create the override if the user logged in with a login alias.
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java 98b97b2
Diff: https://reviews.apache.org/r/46695/diff/
Testing
-------
Tested manually on both OpenLDAP and AD.
Unit tests are in progress.
Thanks,
Sebastian Toader
Re: Review Request 46695: User imported from AD is unable to login to
Ambari
Posted by Sebastian Toader <st...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46695/
-----------------------------------------------------------
(Updated April 26, 2016, 4:11 p.m.)
Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.
Changes
-------
Addressed listed issues.
Bugs: AMBARI-16119
https://issues.apache.org/jira/browse/AMBARI-16119
Repository: ambari
Description
-------
When user authenticates againts AD the user details are pulled (ldap binding) from AD. In case the user logged in with a login alias (e.g. when a user is present in multiple subdomains within a forest than the user name appears in multiple places. In this case the user has to login with a login alias that contains domain information which uniquelly identifies the user in AD) Ambari created an override for the user detail behind the scenes in order to replace the login user name with the ambari user name that maps to it.
The override is nothing else than copying all fields from origin user details object but user name. Among the fields being copied over there is user password which apparently is populated when OpenLDAP is used however in case of AD its left null. The override user details object Ambari creates always expects a non-null password thus the creation of it failed when AD was used.
The overriding of user details has been modified to pass empty string as password is the passowrd in the original user details object is null.
Also some optimisation was added to create the override if the user logged in with a login alias.
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java 98b97b2
Diff: https://reviews.apache.org/r/46695/diff/
Testing
-------
Tested manually on both OpenLDAP and AD.
Unit tests are in progress.
Thanks,
Sebastian Toader
Re: Review Request 46695: User imported from AD is unable to login to
Ambari
Posted by Daniel Gergely <dg...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46695/#review130611
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java (line 195)
<https://reviews.apache.org/r/46695/#comment194429>
Why is password assigned to the usernameOrig?
- Daniel Gergely
On ápr. 26, 2016, 1:55 du, Sebastian Toader wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46695/
> -----------------------------------------------------------
>
> (Updated ápr. 26, 2016, 1:55 du)
>
>
> Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.
>
>
> Bugs: AMBARI-16119
> https://issues.apache.org/jira/browse/AMBARI-16119
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When user authenticates againts AD the user details are pulled (ldap binding) from AD. In case the user logged in with a login alias (e.g. when a user is present in multiple subdomains within a forest than the user name appears in multiple places. In this case the user has to login with a login alias that contains domain information which uniquelly identifies the user in AD) Ambari created an override for the user detail behind the scenes in order to replace the login user name with the ambari user name that maps to it.
>
> The override is nothing else than copying all fields from origin user details object but user name. Among the fields being copied over there is user password which apparently is populated when OpenLDAP is used however in case of AD its left null. The override user details object Ambari creates always expects a non-null password thus the creation of it failed when AD was used.
>
>
> The overriding of user details has been modified to pass empty string as password is the passowrd in the original user details object is null.
>
> Also some optimisation was added to create the override if the user logged in with a login alias.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java 98b97b2
>
> Diff: https://reviews.apache.org/r/46695/diff/
>
>
> Testing
> -------
>
> Tested manually on both OpenLDAP and AD.
>
> Unit tests are in progress.
>
>
> Thanks,
>
> Sebastian Toader
>
>