You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/05/18 06:53:05 UTC
[07/16] incubator-ranger git commit: RANGER-484: added support for referral attribute to be read from config

RANGER-484: added support for referral attribute to be read from config

Signed-off-by: sneethiraj <sn...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ec154392
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ec154392
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ec154392

Branch: refs/heads/tag-policy
Commit: ec1543926abf2bb88bbad8ac61d84e9b5858b06e
Parents: 0336e2b
Author: Velmurugan Periasamy <ve...@apache.org>
Authored: Sun May 17 16:46:48 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Sun May 17 16:51:57 2015 -0400

----------------------------------------------------------------------
 security-admin/scripts/install.properties         |  4 ++++
 security-admin/scripts/setup.sh                   |  8 ++++++++
 .../handler/RangerAuthenticationProvider.java     | 18 +++++++++---------
 .../resources/conf.dist/ranger-admin-site.xml     | 10 ++++++++++
 4 files changed, 31 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index a7bc120..7490dd6 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -133,6 +133,7 @@ authServicePort=5151
 #xa_ldap_base_dn="dc=xasecure,dc=net"
 #xa_ldap_bind_dn="cn=admin,ou=users,dc=xasecure,dc=net"
 #xa_ldap_bind_password=
+#xa_ldap_referral=follow|ignore
 
 xa_ldap_url=
 xa_ldap_userDNpattern=
@@ -142,6 +143,7 @@ xa_ldap_groupRoleAttribute=
 xa_ldap_base_dn=
 xa_ldap_bind_dn=
 xa_ldap_bind_password=
+xa_ldap_referral=
 ####ACTIVE_DIRECTORY settings - Required only if have selected AD authentication ####
 #
 # Sample Settings
@@ -151,12 +153,14 @@ xa_ldap_bind_password=
 #xa_ldap_ad_base_dn="dc=xasecure,dc=net"
 #xa_ldap_ad_bind_dn="cn=administrator,ou=users,dc=xasecure,dc=net"
 #xa_ldap_ad_bind_password=
+#xa_ldap_ad_referral=follow|ignore
 
 xa_ldap_ad_domain=
 xa_ldap_ad_url=
 xa_ldap_ad_base_dn=
 xa_ldap_ad_bind_dn=
 xa_ldap_ad_bind_password=
+xa_ldap_ad_referral=
 # -----------------------------------------------------------
 #
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index e1f895c..4b5e6b9 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -1234,6 +1234,10 @@ do_authentication_setup(){
 				newPropertyValue="${xa_ldap_bind_dn}"
 				updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
+				propertyName=ranger.ldap.referral
+				newPropertyValue="${xa_ldap_referral}"
+				updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+
 				keystore="${cred_keystore_filename}"
 
 				if [ "${keystore}" != "" ]
@@ -1311,6 +1315,10 @@ do_authentication_setup(){
 				newPropertyValue="${xa_ldap_ad_bind_dn}"
 				updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
+				propertyName=ranger.ldap.ad.referral
+				newPropertyValue="${xa_ldap_ad_referral}"
+				updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+
 				keystore="${cred_keystore_filename}"
 
 				if [ "${keystore}" != "" ]

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index a84736b..5446dc4 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -233,7 +233,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 				return null;
 			}
 		} catch (Exception e) {
-			logger.error("LDAP Authentication Failed:"+e.getMessage());
+			logger.debug("LDAP Authentication Failed:", e);
 		}
 		return null;
 	}
@@ -275,7 +275,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 				return null;
 			}
 		}catch (Exception e) {
-			logger.error("AD Authentication Failed:"+e.getMessage());
+			logger.debug("AD Authentication Failed:", e);
 		}
 		return authentication;
 	}
@@ -333,7 +333,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 				return null;
 			}
 		} catch (Exception e) {
-			logger.error("Unix Authentication Failed:"+e.getMessage());
+			logger.debug("Unix Authentication Failed:", e);
 		}
 
 		return authentication;
@@ -367,7 +367,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 			String rangerADBindDN = PropertiesUtil.getProperty("ranger.ldap.ad.bind.dn", "");
 			String rangerADBindPassword = PropertiesUtil.getProperty("ranger.ldap.ad.bind.password", "");
 			String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
-
+			String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.ad.referral", "follow");
 			String userName = authentication.getName();
 			String userPassword = "";
 			if (authentication.getCredentials() != null) {
@@ -377,7 +377,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 			LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerADURL);
 			ldapContextSource.setUserDn(rangerADBindDN);
 			ldapContextSource.setPassword(rangerADBindPassword);
-			ldapContextSource.setReferral("follow");
+			ldapContextSource.setReferral(rangerLdapReferral);
 			ldapContextSource.setCacheEnvironmentProperties(true);
 			ldapContextSource.setAnonymousReadOnly(false);
 			ldapContextSource.setPooled(true);
@@ -405,7 +405,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 				return null;
 			}
 		} catch (Exception e) {
-			logger.error("AD Authentication Failed:"+e.getMessage());
+			logger.debug("AD Authentication Failed:", e);
 		}
 		return authentication;
 	}
@@ -421,7 +421,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 			String rangerLdapBase = PropertiesUtil.getProperty("ranger.ldap.base.dn", "");
 			String rangerLdapBindDN = PropertiesUtil.getProperty("ranger.ldap.bind.dn", "");
 			String rangerLdapBindPassword = PropertiesUtil.getProperty("ranger.ldap.bind.password", "");
-
+			String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.referral", "follow");
 			String userName = authentication.getName();
 			String userPassword = "";
 			if (authentication.getCredentials() != null) {
@@ -431,7 +431,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 			LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerLdapURL);
 			ldapContextSource.setUserDn(rangerLdapBindDN);
 			ldapContextSource.setPassword(rangerLdapBindPassword);
-			ldapContextSource.setReferral("follow");
+			ldapContextSource.setReferral(rangerLdapReferral);
 			ldapContextSource.setCacheEnvironmentProperties(false);
 			ldapContextSource.setAnonymousReadOnly(true);
 			ldapContextSource.setPooled(true);
@@ -466,7 +466,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 				return null;
 			}
 		} catch (Exception e) {
-			logger.error("LDAP Authentication Failed:"+e.getMessage());
+			logger.debug("LDAP Authentication Failed:", e);
 		}
 		return authentication;
 	}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index dab2067..d0a4fe4 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -132,6 +132,11 @@
 		<value>ROLE_USER</value>
 	</property>
 	<property>
+		<name>ranger.ldap.referral</name>
+		<value></value>
+		<description>follow or ignore</description>
+	</property>
+	<property>
 		<name>ranger.ldap.ad.domain</name>
 		<value>example.com</value>
 		<description></description>
@@ -159,6 +164,11 @@
 	</property>
 
 	<property>
+		<name>ranger.ldap.ad.referral</name>
+		<value></value>
+		<description>follow or ignore</description>
+	</property>
+	<property>
 		<name>ranger.service.https.attrib.ssl.enabled</name>
 		<value>false</value>
 	</property>