You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/05/18 06:53:05 UTC
[07/16] incubator-ranger git commit: RANGER-484: added support for
referral attribute to be read from config
RANGER-484: added support for referral attribute to be read from config
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ec154392
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ec154392
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ec154392
Branch: refs/heads/tag-policy
Commit: ec1543926abf2bb88bbad8ac61d84e9b5858b06e
Parents: 0336e2b
Author: Velmurugan Periasamy <ve...@apache.org>
Authored: Sun May 17 16:46:48 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Sun May 17 16:51:57 2015 -0400
----------------------------------------------------------------------
security-admin/scripts/install.properties | 4 ++++
security-admin/scripts/setup.sh | 8 ++++++++
.../handler/RangerAuthenticationProvider.java | 18 +++++++++---------
.../resources/conf.dist/ranger-admin-site.xml | 10 ++++++++++
4 files changed, 31 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index a7bc120..7490dd6 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -133,6 +133,7 @@ authServicePort=5151
#xa_ldap_base_dn="dc=xasecure,dc=net"
#xa_ldap_bind_dn="cn=admin,ou=users,dc=xasecure,dc=net"
#xa_ldap_bind_password=
+#xa_ldap_referral=follow|ignore
xa_ldap_url=
xa_ldap_userDNpattern=
@@ -142,6 +143,7 @@ xa_ldap_groupRoleAttribute=
xa_ldap_base_dn=
xa_ldap_bind_dn=
xa_ldap_bind_password=
+xa_ldap_referral=
####ACTIVE_DIRECTORY settings - Required only if have selected AD authentication ####
#
# Sample Settings
@@ -151,12 +153,14 @@ xa_ldap_bind_password=
#xa_ldap_ad_base_dn="dc=xasecure,dc=net"
#xa_ldap_ad_bind_dn="cn=administrator,ou=users,dc=xasecure,dc=net"
#xa_ldap_ad_bind_password=
+#xa_ldap_ad_referral=follow|ignore
xa_ldap_ad_domain=
xa_ldap_ad_url=
xa_ldap_ad_base_dn=
xa_ldap_ad_bind_dn=
xa_ldap_ad_bind_password=
+xa_ldap_ad_referral=
# -----------------------------------------------------------
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index e1f895c..4b5e6b9 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -1234,6 +1234,10 @@ do_authentication_setup(){
newPropertyValue="${xa_ldap_bind_dn}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+ propertyName=ranger.ldap.referral
+ newPropertyValue="${xa_ldap_referral}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+
keystore="${cred_keystore_filename}"
if [ "${keystore}" != "" ]
@@ -1311,6 +1315,10 @@ do_authentication_setup(){
newPropertyValue="${xa_ldap_ad_bind_dn}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+ propertyName=ranger.ldap.ad.referral
+ newPropertyValue="${xa_ldap_ad_referral}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+
keystore="${cred_keystore_filename}"
if [ "${keystore}" != "" ]
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index a84736b..5446dc4 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -233,7 +233,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
return null;
}
} catch (Exception e) {
- logger.error("LDAP Authentication Failed:"+e.getMessage());
+ logger.debug("LDAP Authentication Failed:", e);
}
return null;
}
@@ -275,7 +275,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
return null;
}
}catch (Exception e) {
- logger.error("AD Authentication Failed:"+e.getMessage());
+ logger.debug("AD Authentication Failed:", e);
}
return authentication;
}
@@ -333,7 +333,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
return null;
}
} catch (Exception e) {
- logger.error("Unix Authentication Failed:"+e.getMessage());
+ logger.debug("Unix Authentication Failed:", e);
}
return authentication;
@@ -367,7 +367,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
String rangerADBindDN = PropertiesUtil.getProperty("ranger.ldap.ad.bind.dn", "");
String rangerADBindPassword = PropertiesUtil.getProperty("ranger.ldap.ad.bind.password", "");
String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
-
+ String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.ad.referral", "follow");
String userName = authentication.getName();
String userPassword = "";
if (authentication.getCredentials() != null) {
@@ -377,7 +377,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerADURL);
ldapContextSource.setUserDn(rangerADBindDN);
ldapContextSource.setPassword(rangerADBindPassword);
- ldapContextSource.setReferral("follow");
+ ldapContextSource.setReferral(rangerLdapReferral);
ldapContextSource.setCacheEnvironmentProperties(true);
ldapContextSource.setAnonymousReadOnly(false);
ldapContextSource.setPooled(true);
@@ -405,7 +405,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
return null;
}
} catch (Exception e) {
- logger.error("AD Authentication Failed:"+e.getMessage());
+ logger.debug("AD Authentication Failed:", e);
}
return authentication;
}
@@ -421,7 +421,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
String rangerLdapBase = PropertiesUtil.getProperty("ranger.ldap.base.dn", "");
String rangerLdapBindDN = PropertiesUtil.getProperty("ranger.ldap.bind.dn", "");
String rangerLdapBindPassword = PropertiesUtil.getProperty("ranger.ldap.bind.password", "");
-
+ String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.referral", "follow");
String userName = authentication.getName();
String userPassword = "";
if (authentication.getCredentials() != null) {
@@ -431,7 +431,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerLdapURL);
ldapContextSource.setUserDn(rangerLdapBindDN);
ldapContextSource.setPassword(rangerLdapBindPassword);
- ldapContextSource.setReferral("follow");
+ ldapContextSource.setReferral(rangerLdapReferral);
ldapContextSource.setCacheEnvironmentProperties(false);
ldapContextSource.setAnonymousReadOnly(true);
ldapContextSource.setPooled(true);
@@ -466,7 +466,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
return null;
}
} catch (Exception e) {
- logger.error("LDAP Authentication Failed:"+e.getMessage());
+ logger.debug("LDAP Authentication Failed:", e);
}
return authentication;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index dab2067..d0a4fe4 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -132,6 +132,11 @@
<value>ROLE_USER</value>
</property>
<property>
+ <name>ranger.ldap.referral</name>
+ <value></value>
+ <description>follow or ignore</description>
+ </property>
+ <property>
<name>ranger.ldap.ad.domain</name>
<value>example.com</value>
<description></description>
@@ -159,6 +164,11 @@
</property>
<property>
+ <name>ranger.ldap.ad.referral</name>
+ <value></value>
+ <description>follow or ignore</description>
+ </property>
+ <property>
<name>ranger.service.https.attrib.ssl.enabled</name>
<value>false</value>
</property>