You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Tom Beerbower <tb...@hortonworks.com> on 2015/06/26 21:31:01 UTC
Review Request 35940: LDAP sync needs to distinguish group vs user
membership
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35940/
-----------------------------------------------------------
Review request for Ambari, Jonathan Hurley and Robert Levas.
Bugs: AMBARI-12176
https://issues.apache.org/jira/browse/AMBARI-12176
Repository: ambari
Description
-------
LDAP sync is pulling in sub groups as users of a parent group. The sync code needs to distinguish group members from user members.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java ada4171
ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java 4968730
Diff: https://reviews.apache.org/r/35940/diff/
Testing
-------
Manually verified that sub groups are no longer imported as users.
mvn clean test
All tests pass ...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 45:27 min
[INFO] Finished at: 2015-06-26T13:02:34-04:00
[INFO] Final Memory: 56M/1585M
[INFO] ------------------------------------------------------------------------
Thanks,
Tom Beerbower
Re: Review Request 35940: LDAP sync needs to distinguish group vs user
membership
Posted by Tom Beerbower <tb...@hortonworks.com>.
> On June 26, 2015, 8:56 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java, line 366
> > <https://reviews.apache.org/r/35940/diff/1/?file=993527#file993527line366>
> >
> > This may be unlikely, but can we get into a cycle here?
> >
> > Maybe the LDAP tree is incorrect such that GroupA contains GroupB, which contains GroupA.
Good point. I guess there is nothing preventing someone from defining a group like that. I'll add a check. Thanks!
- Tom
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35940/#review89558
-----------------------------------------------------------
On June 26, 2015, 7:31 p.m., Tom Beerbower wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35940/
> -----------------------------------------------------------
>
> (Updated June 26, 2015, 7:31 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley and Robert Levas.
>
>
> Bugs: AMBARI-12176
> https://issues.apache.org/jira/browse/AMBARI-12176
>
>
> Repository: ambari
>
>
> Description
> -------
>
> LDAP sync is pulling in sub groups as users of a parent group. The sync code needs to distinguish group members from user members.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java ada4171
> ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java 4968730
>
> Diff: https://reviews.apache.org/r/35940/diff/
>
>
> Testing
> -------
>
> Manually verified that sub groups are no longer imported as users.
>
> mvn clean test
>
> All tests pass ...
>
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 45:27 min
> [INFO] Finished at: 2015-06-26T13:02:34-04:00
> [INFO] Final Memory: 56M/1585M
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Tom Beerbower
>
>
Re: Review Request 35940: LDAP sync needs to distinguish group vs user
membership
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35940/#review89558
-----------------------------------------------------------
Ship it!
Ship It!
ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java (line 366)
<https://reviews.apache.org/r/35940/#comment142183>
This may be unlikely, but can we get into a cycle here?
Maybe the LDAP tree is incorrect such that GroupA contains GroupB, which contains GroupA.
- Robert Levas
On June 26, 2015, 3:31 p.m., Tom Beerbower wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35940/
> -----------------------------------------------------------
>
> (Updated June 26, 2015, 3:31 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley and Robert Levas.
>
>
> Bugs: AMBARI-12176
> https://issues.apache.org/jira/browse/AMBARI-12176
>
>
> Repository: ambari
>
>
> Description
> -------
>
> LDAP sync is pulling in sub groups as users of a parent group. The sync code needs to distinguish group members from user members.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java ada4171
> ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java 4968730
>
> Diff: https://reviews.apache.org/r/35940/diff/
>
>
> Testing
> -------
>
> Manually verified that sub groups are no longer imported as users.
>
> mvn clean test
>
> All tests pass ...
>
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 45:27 min
> [INFO] Finished at: 2015-06-26T13:02:34-04:00
> [INFO] Final Memory: 56M/1585M
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Tom Beerbower
>
>
Re: Review Request 35940: LDAP sync needs to distinguish group vs user
membership
Posted by Jonathan Hurley <jh...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35940/#review89561
-----------------------------------------------------------
Ship it!
Ship It!
- Jonathan Hurley
On June 26, 2015, 3:31 p.m., Tom Beerbower wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35940/
> -----------------------------------------------------------
>
> (Updated June 26, 2015, 3:31 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley and Robert Levas.
>
>
> Bugs: AMBARI-12176
> https://issues.apache.org/jira/browse/AMBARI-12176
>
>
> Repository: ambari
>
>
> Description
> -------
>
> LDAP sync is pulling in sub groups as users of a parent group. The sync code needs to distinguish group members from user members.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java ada4171
> ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java 4968730
>
> Diff: https://reviews.apache.org/r/35940/diff/
>
>
> Testing
> -------
>
> Manually verified that sub groups are no longer imported as users.
>
> mvn clean test
>
> All tests pass ...
>
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 45:27 min
> [INFO] Finished at: 2015-06-26T13:02:34-04:00
> [INFO] Final Memory: 56M/1585M
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Tom Beerbower
>
>