You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2015/12/01 19:20:16 UTC
[26/50] ambari git commit: AMBARI-13943. Ambari LDAP integration cannot handle LDAP directories with multiple entries for the same user. (Oliver Szabo via rnettleton)

AMBARI-13943. Ambari LDAP integration cannot handle LDAP directories with multiple entries for the same user. (Oliver Szabo via rnettleton)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fd1181f4
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fd1181f4
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fd1181f4

Branch: refs/heads/branch-dev-patch-upgrade
Commit: fd1181f474e39492653fc70ccbf86d31f192a1e6
Parents: 93bf1d3
Author: Bob Nettleton <rn...@hortonworks.com>
Authored: Mon Nov 30 14:02:12 2015 -0500
Committer: Bob Nettleton <rn...@hortonworks.com>
Committed: Mon Nov 30 14:02:35 2015 -0500

----------------------------------------------------------------------
 .../server/security/authorization/LdapServerProperties.java    | 6 ++++--
 .../security/authorization/LdapServerPropertiesTest.java       | 5 +++--
 2 files changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/fd1181f4/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
index f28ee50..8eeaf35 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
@@ -53,7 +53,7 @@ public class LdapServerProperties {
   private String userSearchBase = "";
 
   private String groupSearchFilter;
-  private static final String userSearchFilter = "({attribute}={0})";
+  private static final String userSearchFilter = "(&({attribute}={0})(objectClass={userObjectClass}))";
 
   //LDAP pagination properties
   private boolean paginationEnabled = true;
@@ -138,7 +138,9 @@ public class LdapServerProperties {
   }
 
   public String getUserSearchFilter() {
-    return userSearchFilter.replace("{attribute}", usernameAttribute);
+    return userSearchFilter
+      .replace("{attribute}", usernameAttribute)
+      .replace("{userObjectClass}", userObjectClass);
   }
 
   public String getUsernameAttribute() {

http://git-wip-us.apache.org/repos/asf/ambari/blob/fd1181f4/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java
index 9043439..0797239 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java
@@ -57,6 +57,7 @@ public class LdapServerPropertiesTest {
     ldapServerProperties.setUseSsl(false);
     ldapServerProperties.setPrimaryUrl("1.2.3.4:389");
     ldapServerProperties.setUsernameAttribute("uid");
+    ldapServerProperties.setUserObjectClass("dummyObjectClass");
   }
 
   @Test
@@ -76,9 +77,9 @@ public class LdapServerPropertiesTest {
 
   @Test
   public void testGetUserSearchFilter() throws Exception {
-    assertEquals(INCORRECT_USER_SEARCH_FILTER, "(uid={0})", ldapServerProperties.getUserSearchFilter());
+    assertEquals(INCORRECT_USER_SEARCH_FILTER, "(&(uid={0})(objectClass=dummyObjectClass))", ldapServerProperties.getUserSearchFilter());
     ldapServerProperties.setUsernameAttribute("anotherName");
-    assertEquals(INCORRECT_USER_SEARCH_FILTER, "(anotherName={0})", ldapServerProperties.getUserSearchFilter());
+    assertEquals(INCORRECT_USER_SEARCH_FILTER, "(&(anotherName={0})(objectClass=dummyObjectClass))", ldapServerProperties.getUserSearchFilter());
   }
 
   @Test