Repository: ambari Updated Branches: refs/heads/trunk 93bf1d370 -> fd1181f47
AMBARI-13943. Ambari LDAP integration cannot handle LDAP directories with multiple entries for the same user. (Oliver Szabo via rnettleton) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fd1181f4 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fd1181f4 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fd1181f4 Branch: refs/heads/trunk Commit: fd1181f474e39492653fc70ccbf86d31f192a1e6 Parents: 93bf1d3 Author: Bob Nettleton <[email protected]> Authored: Mon Nov 30 14:02:12 2015 -0500 Committer: Bob Nettleton <[email protected]> Committed: Mon Nov 30 14:02:35 2015 -0500 ---------------------------------------------------------------------- .../server/security/authorization/LdapServerProperties.java | 6 ++++-- .../security/authorization/LdapServerPropertiesTest.java | 5 +++-- 2 files changed, 7 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/fd1181f4/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java index f28ee50..8eeaf35 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java @@ -53,7 +53,7 @@ public class LdapServerProperties { private String userSearchBase = ""; private String groupSearchFilter; - private static final String userSearchFilter = "({attribute}={0})"; + private static final String userSearchFilter = "(&({attribute}={0})(objectClass={userObjectClass}))"; //LDAP pagination properties private boolean paginationEnabled = true; @@ -138,7 +138,9 @@ public class LdapServerProperties { } public String getUserSearchFilter() { - return userSearchFilter.replace("{attribute}", usernameAttribute); + return userSearchFilter + .replace("{attribute}", usernameAttribute) + .replace("{userObjectClass}", userObjectClass); } public String getUsernameAttribute() { http://git-wip-us.apache.org/repos/asf/ambari/blob/fd1181f4/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java index 9043439..0797239 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java @@ -57,6 +57,7 @@ public class LdapServerPropertiesTest { ldapServerProperties.setUseSsl(false); ldapServerProperties.setPrimaryUrl("1.2.3.4:389"); ldapServerProperties.setUsernameAttribute("uid"); + ldapServerProperties.setUserObjectClass("dummyObjectClass"); } @Test @@ -76,9 +77,9 @@ public class LdapServerPropertiesTest { @Test public void testGetUserSearchFilter() throws Exception { - assertEquals(INCORRECT_USER_SEARCH_FILTER, "(uid={0})", ldapServerProperties.getUserSearchFilter()); + assertEquals(INCORRECT_USER_SEARCH_FILTER, "(&(uid={0})(objectClass=dummyObjectClass))", ldapServerProperties.getUserSearchFilter()); ldapServerProperties.setUsernameAttribute("anotherName"); - assertEquals(INCORRECT_USER_SEARCH_FILTER, "(anotherName={0})", ldapServerProperties.getUserSearchFilter()); + assertEquals(INCORRECT_USER_SEARCH_FILTER, "(&(anotherName={0})(objectClass=dummyObjectClass))", ldapServerProperties.getUserSearchFilter()); } @Test
