You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by Greg Senia <gs...@apache.org> on 2017/02/07 12:56:14 UTC
Review Request 56386: ATLAS-1508 Make AtlasADAuthenticationProvider
like Ranger ADLdap Methods
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56386/
-----------------------------------------------------------
Review request for atlas, Shwetha GS and Venkat Ranganathan.
Bugs: ATLAS-1508
https://issues.apache.org/jira/browse/ATLAS-1508
Repository: atlas
Description
-------
After upgrading to HDP 2.5.3.x from HDP 2.4.x we noticed kerberos authentication for the UI no longer works. So we switched to utilize Active Directory and noticed that with ActiveDirectory it was attempting use UPN which is risky in a large Active Directory environment instead samAccountName should be used like in https://issues.apache.org/jira/browse/RANGER-457. I worked on a previous JIRA with Zeppelin https://issues.apache.org/jira/browse/ZEPPELIN-1472. So this has been addressed in Knox, Ranger, and Zeppelin. I propose the attached fix to address this issue as the Ranger folks addressed this issue. Without this Atlas will not function in a Large multi-forest Active Directory environment.
Diffs
-----
webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java 3a6a9e1
Diff: https://reviews.apache.org/r/56386/diff/
Testing
-------
Maven build completed without issue and this fix is now running in our Production and Test environments before this fix Atlas UI was not usable due to multiple directories
Thanks,
Greg Senia
Re: Review Request 56386: ATLAS-1508 Make
AtlasADAuthenticationProvider like Ranger ADLdap Methods
Posted by Greg Senia <gs...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56386/
-----------------------------------------------------------
(Updated Feb. 7, 2017, 8:01 p.m.)
Review request for atlas, Shwetha GS and Venkat Ranganathan.
Changes
-------
Adjusted throw and handling of nulls to that fall back to old AD mechanism can occur. I guess the next question are the throw's used at all if they aren't I propose to remove them and just log the failure.
Bugs: ATLAS-1508
https://issues.apache.org/jira/browse/ATLAS-1508
Repository: atlas
Description
-------
After upgrading to HDP 2.5.3.x from HDP 2.4.x we noticed kerberos authentication for the UI no longer works. So we switched to utilize Active Directory and noticed that with ActiveDirectory it was attempting use UPN which is risky in a large Active Directory environment instead samAccountName should be used like in https://issues.apache.org/jira/browse/RANGER-457. I worked on a previous JIRA with Zeppelin https://issues.apache.org/jira/browse/ZEPPELIN-1472. So this has been addressed in Knox, Ranger, and Zeppelin. I propose the attached fix to address this issue as the Ranger folks addressed this issue. Without this Atlas will not function in a Large multi-forest Active Directory environment.
Diffs (updated)
-----
webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java 3a6a9e1
Diff: https://reviews.apache.org/r/56386/diff/
Testing
-------
Maven build completed without issue and this fix is now running in our Production and Test environments before this fix Atlas UI was not usable due to multiple directories
Thanks,
Greg Senia
Re: Review Request 56386: ATLAS-1508 Make
AtlasADAuthenticationProvider like Ranger ADLdap Methods
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56386/#review164505
-----------------------------------------------------------
webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java (line 129)
<https://reviews.apache.org/r/56386/#comment236270>
Incase of exception in getADBindAuthentication method the fallback of authentication to getADAuthentication method will not happen.so prefer either commenting the throw of excpetion here or try catching it where it is called.
- Nixon Rodrigues
On Feb. 7, 2017, 12:56 p.m., Greg Senia wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56386/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2017, 12:56 p.m.)
>
>
> Review request for atlas, Shwetha GS and Venkat Ranganathan.
>
>
> Bugs: ATLAS-1508
> https://issues.apache.org/jira/browse/ATLAS-1508
>
>
> Repository: atlas
>
>
> Description
> -------
>
> After upgrading to HDP 2.5.3.x from HDP 2.4.x we noticed kerberos authentication for the UI no longer works. So we switched to utilize Active Directory and noticed that with ActiveDirectory it was attempting use UPN which is risky in a large Active Directory environment instead samAccountName should be used like in https://issues.apache.org/jira/browse/RANGER-457. I worked on a previous JIRA with Zeppelin https://issues.apache.org/jira/browse/ZEPPELIN-1472. So this has been addressed in Knox, Ranger, and Zeppelin. I propose the attached fix to address this issue as the Ranger folks addressed this issue. Without this Atlas will not function in a Large multi-forest Active Directory environment.
>
>
> Diffs
> -----
>
> webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java 3a6a9e1
>
> Diff: https://reviews.apache.org/r/56386/diff/
>
>
> Testing
> -------
>
> Maven build completed without issue and this fix is now running in our Production and Test environments before this fix Atlas UI was not usable due to multiple directories
>
>
> Thanks,
>
> Greg Senia
>
>