Repository: ambari Updated Branches: refs/heads/trunk a62c4b8aa -> 006f0fe3f
AMBARI-13767. LDAP Group Membership not pulled in with FreeIPA/RHELIDM. (Oliver Szabo via rnettleton) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/006f0fe3 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/006f0fe3 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/006f0fe3 Branch: refs/heads/trunk Commit: 006f0fe3f8aa7f288d77e3192542e8478cc60933 Parents: a62c4b8 Author: Bob Nettleton <[email protected]> Authored: Mon Nov 30 19:05:29 2015 -0500 Committer: Bob Nettleton <[email protected]> Committed: Mon Nov 30 19:05:40 2015 -0500 ---------------------------------------------------------------------- .../security/ldap/AmbariLdapDataPopulator.java | 99 +++++++++++--------- .../ldap/AmbariLdapDataPopulatorTest.java | 66 ++++++++----- 2 files changed, 97 insertions(+), 68 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/006f0fe3/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java index 103cfcb..3d2685e 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java @@ -42,7 +42,6 @@ import org.springframework.ldap.control.PagedResultsDirContextProcessor; import org.springframework.ldap.core.AttributesMapper; import org.springframework.ldap.core.ContextMapper; import org.springframework.ldap.core.DirContextAdapter; -import org.springframework.ldap.core.DirContextProcessor; import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.core.support.LdapContextSource; import org.springframework.ldap.filter.AndFilter; @@ -176,16 +175,8 @@ public class AmbariLdapDataPopulator { for (LdapGroupDto groupDto : externalLdapGroupInfo) { String groupName = groupDto.getGroupName(); - if (internalGroupsMap.containsKey(groupName)) { - final Group group = internalGroupsMap.get(groupName); - if (!group.isLdapGroup()) { - batchInfo.getGroupsToBecomeLdap().add(groupName); - } - internalGroupsMap.remove(groupName); - } else { - batchInfo.getGroupsToBeCreated().add(groupName); - } - refreshGroupMembers(batchInfo, groupDto, internalUsersMap, null); + addLdapGroup(batchInfo, internalGroupsMap, groupName); + refreshGroupMembers(batchInfo, groupDto, internalUsersMap, internalGroupsMap, null); } for (Entry<String, Group> internalGroup : internalGroupsMap.entrySet()) { if (internalGroup.getValue().isLdapGroup()) { @@ -250,16 +241,8 @@ public class AmbariLdapDataPopulator { for (LdapGroupDto groupDto : specifiedGroups) { String groupName = groupDto.getGroupName(); - if (internalGroupsMap.containsKey(groupName)) { - final Group group = internalGroupsMap.get(groupName); - if (!group.isLdapGroup()) { - batchInfo.getGroupsToBecomeLdap().add(groupName); - } - internalGroupsMap.remove(groupName); - } else { - batchInfo.getGroupsToBeCreated().add(groupName); - } - refreshGroupMembers(batchInfo, groupDto, internalUsersMap, null); + addLdapGroup(batchInfo, internalGroupsMap, groupName); + refreshGroupMembers(batchInfo, groupDto, internalUsersMap, internalGroupsMap, null); } return batchInfo; @@ -317,7 +300,7 @@ public class AmbariLdapDataPopulator { batchInfo.getGroupsToBeRemoved().add(group.getGroupName()); } else { LdapGroupDto groupDto = groupDtos.iterator().next(); - refreshGroupMembers(batchInfo, groupDto, internalUsersMap, null); + refreshGroupMembers(batchInfo, groupDto, internalUsersMap, internalGroupsMap, null); } } } @@ -354,7 +337,8 @@ public class AmbariLdapDataPopulator { * @param groupMemberAttributes set of group member attributes that have already been refreshed * @throws AmbariException if group refresh failed */ - protected void refreshGroupMembers(LdapBatchDto batchInfo, LdapGroupDto group, Map<String, User> internalUsers, Set<String> groupMemberAttributes) + protected void refreshGroupMembers(LdapBatchDto batchInfo, LdapGroupDto group, Map<String, User> internalUsers, + Map<String, Group> internalGroupsMap, Set<String> groupMemberAttributes) throws AmbariException { Set<String> externalMembers = new HashSet<String>(); @@ -373,7 +357,8 @@ public class AmbariLdapDataPopulator { LdapGroupDto subGroup = getLdapGroupByMemberAttr(memberAttributeValue); if (subGroup != null) { groupMemberAttributes.add(memberAttributeValue); - refreshGroupMembers(batchInfo, subGroup, internalUsers, groupMemberAttributes); + addLdapGroup(batchInfo, internalGroupsMap, subGroup.getGroupName()); + refreshGroupMembers(batchInfo, subGroup, internalUsers, internalGroupsMap, groupMemberAttributes); } } } @@ -419,7 +404,7 @@ public class AmbariLdapDataPopulator { Filter groupObjectFilter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getGroupObjectClass()); Filter groupNameFilter = new LikeFilter(ldapServerProperties.getGroupNamingAttr(), groupName); - return getFilteredLdapGroups(groupObjectFilter, groupNameFilter); + return getFilteredLdapGroups(ldapServerProperties.getBaseDN(), groupObjectFilter, groupNameFilter); } /** @@ -432,7 +417,7 @@ public class AmbariLdapDataPopulator { protected Set<LdapUserDto> getLdapUsers(String username) { Filter userObjectFilter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getUserObjectClass()); Filter userNameFilter = new LikeFilter(ldapServerProperties.getUsernameAttribute(), username); - return getFilteredLdapUsers(userObjectFilter, userNameFilter); + return getFilteredLdapUsers(ldapServerProperties.getBaseDN(), userObjectFilter, userNameFilter); } /** @@ -443,10 +428,16 @@ public class AmbariLdapDataPopulator { * @return the user for the given member attribute; null if not found */ protected LdapUserDto getLdapUserByMemberAttr(String memberAttributeValue) { - Set<LdapUserDto> filteredLdapUsers = getFilteredLdapUsers( - new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getUserObjectClass()), - getMemberFilter(memberAttributeValue)); - + Set<LdapUserDto> filteredLdapUsers = new HashSet<LdapUserDto>(); + if (memberAttributeValue!= null && isMemberAttributeBaseDn(memberAttributeValue)) { + Filter filter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getUserObjectClass()); + filteredLdapUsers = getFilteredLdapUsers(memberAttributeValue, filter); + } else { + Filter filter = new AndFilter() + .and(new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getUserObjectClass())) + .and(new EqualsFilter(ldapServerProperties.getUsernameAttribute(), memberAttributeValue)); + filteredLdapUsers = getFilteredLdapUsers(ldapServerProperties.getBaseDN(), filter); + } return (filteredLdapUsers.isEmpty()) ? null : filteredLdapUsers.iterator().next(); } @@ -458,11 +449,17 @@ public class AmbariLdapDataPopulator { * @return the group for the given member attribute; null if not found */ protected LdapGroupDto getLdapGroupByMemberAttr(String memberAttributeValue) { - Set<LdapGroupDto> filteredLdapUsers = getFilteredLdapGroups( + Set<LdapGroupDto> filteredLdapGroups = new HashSet<LdapGroupDto>(); + if (memberAttributeValue != null && isMemberAttributeBaseDn(memberAttributeValue)) { + Filter filter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getGroupObjectClass()); + filteredLdapGroups = getFilteredLdapGroups(memberAttributeValue, filter); + } else { + filteredLdapGroups = getFilteredLdapGroups(ldapServerProperties.getBaseDN(), new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getGroupObjectClass()), getMemberFilter(memberAttributeValue)); + } - return (filteredLdapUsers.isEmpty()) ? null : filteredLdapUsers.iterator().next(); + return (filteredLdapGroups.isEmpty()) ? null : filteredLdapGroups.iterator().next(); } /** @@ -481,6 +478,26 @@ public class AmbariLdapDataPopulator { // Utility methods + private void addLdapGroup(LdapBatchDto batchInfo, Map<String, Group> internalGroupsMap, String groupName) { + if (internalGroupsMap.containsKey(groupName)) { + final Group group = internalGroupsMap.get(groupName); + if (!group.isLdapGroup()) { + batchInfo.getGroupsToBecomeLdap().add(groupName); + } + internalGroupsMap.remove(groupName); + } else { + batchInfo.getGroupsToBeCreated().add(groupName); + } + } + + /** + * Determines that the member attribute can be used as a 'dn' + */ + private boolean isMemberAttributeBaseDn(String memberAttributeValue) { + return memberAttributeValue.startsWith(ldapServerProperties.getUsernameAttribute() + "=") + || memberAttributeValue.startsWith(ldapServerProperties.getGroupNamingAttr() + "="); + } + /** * Retrieves groups from external LDAP server. * @@ -489,7 +506,7 @@ public class AmbariLdapDataPopulator { protected Set<LdapGroupDto> getExternalLdapGroupInfo() { EqualsFilter groupObjectFilter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getGroupObjectClass()); - return getFilteredLdapGroups(groupObjectFilter); + return getFilteredLdapGroups(ldapServerProperties.getBaseDN(), groupObjectFilter); } // get a filter based on the given member attribute @@ -500,18 +517,17 @@ public class AmbariLdapDataPopulator { or(new EqualsFilter(UID_ATTRIBUTE, memberAttributeValue)); } - private Set<LdapGroupDto> getFilteredLdapGroups(Filter...filters) { + private Set<LdapGroupDto> getFilteredLdapGroups(String baseDn, Filter...filters) { AndFilter andFilter = new AndFilter(); for (Filter filter : filters) { andFilter.and(filter); } - return getFilteredLdapGroups(andFilter); + return getFilteredLdapGroups(baseDn, andFilter); } - private Set<LdapGroupDto> getFilteredLdapGroups(Filter filter) { + private Set<LdapGroupDto> getFilteredLdapGroups(String baseDn, Filter filter) { final Set<LdapGroupDto> groups = new HashSet<LdapGroupDto>(); final LdapTemplate ldapTemplate = loadLdapTemplate(); - String baseDn = ldapServerProperties.getBaseDN(); ldapTemplate.search(baseDn, filter.encode(), new LdapGroupContextMapper(groups, ldapServerProperties)); return groups; } @@ -524,21 +540,20 @@ public class AmbariLdapDataPopulator { protected Set<LdapUserDto> getExternalLdapUserInfo() { EqualsFilter userObjectFilter = new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapServerProperties.getUserObjectClass()); - return getFilteredLdapUsers(userObjectFilter); + return getFilteredLdapUsers(ldapServerProperties.getBaseDN(), userObjectFilter); } - private Set<LdapUserDto> getFilteredLdapUsers(Filter...filters) { + private Set<LdapUserDto> getFilteredLdapUsers(String baseDn, Filter...filters) { AndFilter andFilter = new AndFilter(); for (Filter filter : filters) { andFilter.and(filter); } - return getFilteredLdapUsers(andFilter); + return getFilteredLdapUsers(baseDn, andFilter); } - private Set<LdapUserDto> getFilteredLdapUsers(Filter filter) { + private Set<LdapUserDto> getFilteredLdapUsers(String baseDn, Filter filter) { final Set<LdapUserDto> users = new HashSet<LdapUserDto>(); final LdapTemplate ldapTemplate = loadLdapTemplate(); - String baseDn = ldapServerProperties.getBaseDN(); PagedResultsDirContextProcessor processor = createPagingProcessor(); SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); http://git-wip-us.apache.org/repos/asf/ambari/blob/006f0fe3/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java index 3f4f7b5..be92871 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java @@ -249,7 +249,7 @@ public class AmbariLdapDataPopulatorTest { expect(populator.getLdapGroups("group2")).andReturn(Collections.EMPTY_SET); LdapGroupDto externalGroup1 = createNiceMock(LdapGroupDto.class); LdapBatchDto batchInfo = new LdapBatchDto(); - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); expect(populator.getLdapGroups("group4")).andReturn(Collections.singleton(externalGroup1)); expect(populator.getLdapGroups("group5")).andReturn(Collections.EMPTY_SET); @@ -320,12 +320,12 @@ public class AmbariLdapDataPopulatorTest { LdapBatchDto batchInfo = new LdapBatchDto(); Set<LdapGroupDto> externalGroups = createSet(externalGroup3, externalGroup4); for (LdapGroupDto externalGroup : externalGroups) { - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); } - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup2), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup2), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); expect(populator.getLdapGroups("x*")).andReturn(externalGroups); expect(populator.getLdapGroups("group1")).andReturn(Collections.singleton(externalGroup1)); @@ -399,10 +399,10 @@ public class AmbariLdapDataPopulatorTest { LdapBatchDto batchInfo = new LdapBatchDto(); Set<LdapGroupDto> externalGroups = createSet(externalGroup3, externalGroup4); for (LdapGroupDto externalGroup : externalGroups) { - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); } - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup2), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup2), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); expect(populator.getLdapGroups("x*")).andReturn(externalGroups); expect(populator.getLdapGroups("group2")).andReturn(Collections.singleton(externalGroup2)); @@ -473,7 +473,7 @@ public class AmbariLdapDataPopulatorTest { LdapBatchDto batchInfo = new LdapBatchDto(); Set<LdapGroupDto> externalGroups = createSet(externalGroup1, externalGroup2, externalGroup3, externalGroup4); for (LdapGroupDto externalGroup : externalGroups) { - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); } expect(populator.getLdapGroups("group*")).andReturn(externalGroups); @@ -603,7 +603,7 @@ public class AmbariLdapDataPopulatorTest { LdapBatchDto batchInfo = new LdapBatchDto(); Set<LdapGroupDto> externalGroups = createSet(externalGroup1, externalGroup2, externalGroup3, externalGroup4); for (LdapGroupDto externalGroup : externalGroups) { - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); } @@ -664,7 +664,7 @@ public class AmbariLdapDataPopulatorTest { LdapBatchDto batchInfo = new LdapBatchDto(); Set<LdapGroupDto> externalGroups = createSet(externalGroup1, externalGroup2); for (LdapGroupDto externalGroup : externalGroups) { - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); } expect(populator.getExternalLdapGroupInfo()).andReturn(externalGroups); @@ -728,7 +728,7 @@ public class AmbariLdapDataPopulatorTest { LdapBatchDto batchInfo = new LdapBatchDto(); Set<LdapGroupDto> externalGroups = createSet(externalGroup1); for (LdapGroupDto externalGroup : externalGroups) { - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); } expect(populator.getExternalLdapGroupInfo()).andReturn(externalGroups); @@ -791,7 +791,7 @@ public class AmbariLdapDataPopulatorTest { LdapBatchDto batchInfo = new LdapBatchDto(); Set<LdapGroupDto> externalGroups = createSet(externalGroup1, externalGroup2); for (LdapGroupDto externalGroup : externalGroups) { - populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Set.class)); + populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup), anyObject(Map.class), anyObject(Map.class), anyObject(Set.class)); expectLastCall(); } expect(populator.getExternalLdapGroupInfo()).andReturn(externalGroups); @@ -1344,19 +1344,28 @@ public class AmbariLdapDataPopulatorTest { expect(user3.isLdapUser()).andReturn(true).anyTimes(); expect(user4.isLdapUser()).andReturn(false).anyTimes(); + Group group1 = createNiceMock(Group.class); + Group group2 = createNiceMock(Group.class); + expect(group1.isLdapGroup()).andReturn(true).anyTimes(); + expect(group2.isLdapGroup()).andReturn(true).anyTimes(); + expect(group1.getGroupName()).andReturn("group1").anyTimes(); + expect(group2.getGroupName()).andReturn("group2").anyTimes(); Configuration configuration = createNiceMock(Configuration.class); Users users = createNiceMock(Users.class); LdapTemplate ldapTemplate = createNiceMock(LdapTemplate.class); LdapServerProperties ldapServerProperties = createNiceMock(LdapServerProperties.class); - + expect(ldapServerProperties.getGroupNamingAttr()).andReturn("cn").anyTimes(); + expect(ldapServerProperties.getUsernameAttribute()).andReturn("uid").anyTimes(); replay(ldapTemplate, ldapServerProperties, users, configuration); replay(user1, user2, user3, user4); + replay(group1, group2); AmbariLdapDataPopulatorTestInstance populator = createMockBuilder(AmbariLdapDataPopulatorTestInstance.class) - .addMockedMethod("getLdapUserByMemberAttr") - .addMockedMethod("getInternalMembers") - .withConstructor(configuration, users) - .createNiceMock(); + .addMockedMethod("getLdapUserByMemberAttr") + .addMockedMethod("getLdapGroupByMemberAttr") + .addMockedMethod("getInternalMembers") + .withConstructor(configuration, users) + .createNiceMock(); LdapGroupDto externalGroup = createNiceMock(LdapGroupDto.class); expect(externalGroup.getGroupName()).andReturn("group1").anyTimes(); @@ -1380,9 +1389,10 @@ public class AmbariLdapDataPopulatorTest { replay(externalUser1, externalUser2, externalUser3, externalUser4); expect(populator.getLdapUserByMemberAttr("user1")).andReturn(externalUser1).anyTimes(); expect(populator.getLdapUserByMemberAttr("user2")).andReturn(externalUser2).anyTimes(); - expect(populator.getLdapUserByMemberAttr("user4")).andReturn(externalUser3).anyTimes(); + expect(populator.getLdapUserByMemberAttr("user4")).andReturn(null).anyTimes(); + expect(populator.getLdapGroupByMemberAttr("user4")).andReturn(externalGroup).anyTimes(); expect(populator.getLdapUserByMemberAttr("user6")).andReturn(externalUser4).anyTimes(); - expect(populator.getInternalMembers("group1")).andReturn(internalMembers); + expect(populator.getInternalMembers("group1")).andReturn(internalMembers).anyTimes(); replay(populator); populator.setLdapTemplate(ldapTemplate); @@ -1391,29 +1401,31 @@ public class AmbariLdapDataPopulatorTest { Map<String, User> internalUsers = new HashMap<String, User>(); internalUsers.putAll(internalMembers); internalUsers.put("user2", user2); + Map<String, Group> internalGroups = new HashMap<String, Group>(); + internalGroups.put("group2", group2); - populator.refreshGroupMembers(batchInfo, externalGroup, internalUsers, null); + populator.refreshGroupMembers(batchInfo, externalGroup, internalUsers, internalGroups, null); Set<String> groupMembersToAdd = new HashSet<String>(); for (LdapUserGroupMemberDto ldapUserGroupMemberDto : batchInfo.getMembershipToAdd()) { groupMembersToAdd.add(ldapUserGroupMemberDto.getUserName()); } - assertEquals(2, groupMembersToAdd.size()); + assertEquals(3, groupMembersToAdd.size()); assertTrue(groupMembersToAdd.contains("user2")); assertTrue(groupMembersToAdd.contains("user6")); Set<String> groupMembersToRemove = new HashSet<String>(); for (LdapUserGroupMemberDto ldapUserGroupMemberDto : batchInfo.getMembershipToRemove()) { groupMembersToRemove.add(ldapUserGroupMemberDto.getUserName()); } - assertEquals(1, groupMembersToRemove.size()); + assertEquals(2, groupMembersToRemove.size()); assertTrue(groupMembersToRemove.contains("user3")); assertEquals(1, batchInfo.getUsersToBeCreated().size()); assertTrue(batchInfo.getUsersToBeCreated().contains("user6")); - assertEquals(2, batchInfo.getUsersToBecomeLdap().size()); + assertEquals(1, batchInfo.getUsersToBecomeLdap().size()); assertTrue(batchInfo.getUsersToBecomeLdap().contains("user1")); - assertTrue(batchInfo.getUsersToBecomeLdap().contains("user4")); + assertTrue(!batchInfo.getUsersToBecomeLdap().contains("user4")); assertTrue(batchInfo.getGroupsToBecomeLdap().isEmpty()); - assertTrue(batchInfo.getGroupsToBeCreated().isEmpty()); + assertEquals(1, batchInfo.getGroupsToBeCreated().size()); assertTrue(batchInfo.getGroupsToBeRemoved().isEmpty()); assertTrue(batchInfo.getUsersToBeRemoved().isEmpty()); verify(populator.loadLdapTemplate(), populator); @@ -1496,10 +1508,11 @@ public class AmbariLdapDataPopulatorTest { expect(ldapServerProperties.getUserObjectClass()).andReturn("objectClass").anyTimes(); expect(ldapServerProperties.getDnAttribute()).andReturn("dn").anyTimes(); expect(ldapServerProperties.getBaseDN()).andReturn("baseDN").anyTimes(); + expect(ldapServerProperties.getUsernameAttribute()).andReturn("uid").anyTimes(); expect(processor.getCookie()).andReturn(cookie).anyTimes(); expect(cookie.getCookie()).andReturn(null).anyTimes(); - expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(|(dn=foo)(uid=foo)))"), anyObject(SearchControls.class), capture(contextMapperCapture), eq(processor))).andReturn(list); + expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(uid=foo))"), anyObject(SearchControls.class), capture(contextMapperCapture), eq(processor))).andReturn(list); replay(ldapTemplate, ldapServerProperties, users, configuration, processor, cookie); @@ -1532,10 +1545,11 @@ public class AmbariLdapDataPopulatorTest { expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).anyTimes(); expect(ldapServerProperties.isPaginationEnabled()).andReturn(false).anyTimes(); expect(ldapServerProperties.getUserObjectClass()).andReturn("objectClass").anyTimes(); + expect(ldapServerProperties.getUsernameAttribute()).andReturn("uid").anyTimes(); expect(ldapServerProperties.getDnAttribute()).andReturn("dn").anyTimes(); expect(ldapServerProperties.getBaseDN()).andReturn("baseDN").anyTimes(); - expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(|(dn=foo)(uid=foo)))"), anyObject(SearchControls.class), capture(contextMapperCapture))).andReturn(list); + expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(uid=foo))"), anyObject(SearchControls.class), capture(contextMapperCapture))).andReturn(list); replay(ldapTemplate, ldapServerProperties, users, configuration, processor, cookie);
