Repository: ambari Updated Branches: refs/heads/branch-2.1 ad79d5a59 -> 589b7c60c
AMBARI-13943. Ambari LDAP integration cannot handle LDAP directories with multiple entries for the same user. (Oliver Szabo via rnettleton) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/589b7c60 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/589b7c60 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/589b7c60 Branch: refs/heads/branch-2.1 Commit: 589b7c60cd2ef4d2001755c079ddf38c8418c82e Parents: ad79d5a Author: Bob Nettleton <[email protected]> Authored: Mon Nov 30 15:33:46 2015 -0500 Committer: Bob Nettleton <[email protected]> Committed: Mon Nov 30 15:35:01 2015 -0500 ---------------------------------------------------------------------- .../server/security/authorization/LdapServerProperties.java | 6 ++++-- .../security/authorization/LdapServerPropertiesTest.java | 5 +++-- 2 files changed, 7 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/589b7c60/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java index f28ee50..8eeaf35 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java @@ -53,7 +53,7 @@ public class LdapServerProperties { private String userSearchBase = ""; private String groupSearchFilter; - private static final String userSearchFilter = "({attribute}={0})"; + private static final String userSearchFilter = "(&({attribute}={0})(objectClass={userObjectClass}))"; //LDAP pagination properties private boolean paginationEnabled = true; @@ -138,7 +138,9 @@ public class LdapServerProperties { } public String getUserSearchFilter() { - return userSearchFilter.replace("{attribute}", usernameAttribute); + return userSearchFilter + .replace("{attribute}", usernameAttribute) + .replace("{userObjectClass}", userObjectClass); } public String getUsernameAttribute() { http://git-wip-us.apache.org/repos/asf/ambari/blob/589b7c60/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java index 9043439..0797239 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java @@ -57,6 +57,7 @@ public class LdapServerPropertiesTest { ldapServerProperties.setUseSsl(false); ldapServerProperties.setPrimaryUrl("1.2.3.4:389"); ldapServerProperties.setUsernameAttribute("uid"); + ldapServerProperties.setUserObjectClass("dummyObjectClass"); } @Test @@ -76,9 +77,9 @@ public class LdapServerPropertiesTest { @Test public void testGetUserSearchFilter() throws Exception { - assertEquals(INCORRECT_USER_SEARCH_FILTER, "(uid={0})", ldapServerProperties.getUserSearchFilter()); + assertEquals(INCORRECT_USER_SEARCH_FILTER, "(&(uid={0})(objectClass=dummyObjectClass))", ldapServerProperties.getUserSearchFilter()); ldapServerProperties.setUsernameAttribute("anotherName"); - assertEquals(INCORRECT_USER_SEARCH_FILTER, "(anotherName={0})", ldapServerProperties.getUserSearchFilter()); + assertEquals(INCORRECT_USER_SEARCH_FILTER, "(&(anotherName={0})(objectClass=dummyObjectClass))", ldapServerProperties.getUserSearchFilter()); } @Test
