ambari git commit: AMBARI-18860. LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled (BE).(vbrodetskyi)

[vbrodetskyi]

Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 f1c0c6ade -> 2fdd066cf


AMBARI-18860. LDAPS must be used to communicate with an Active Directory when 
Kerberos is being enabled (BE).(vbrodetskyi)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/2fdd066c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/2fdd066c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/2fdd066c

Branch: refs/heads/branch-2.5
Commit: 2fdd066cf9eb81025738d75a5b8a0f1e83e4e85b
Parents: f1c0c6a
Author: Vitaly Brodetskyi <vbrodets...@hortonworks.com>
Authored: Sun Nov 13 21:47:07 2016 +0200
Committer: Vitaly Brodetskyi <vbrodets...@hortonworks.com>
Committed: Sun Nov 13 21:47:07 2016 +0200

----------------------------------------------------------------------
 .../kerberos/ADKerberosOperationHandler.java          |  3 +++
 .../kerberos/ADKerberosOperationHandlerTest.java      | 14 ++++++++++++++
 2 files changed, 17 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/2fdd066c/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
index 48e04f4..32efa3e 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
@@ -149,6 +149,9 @@ public class ADKerberosOperationHandler extends 
KerberosOperationHandler {
     if (this.ldapUrl == null) {
       throw new KerberosKDCConnectionException("ldapUrl not provided");
     }
+    if (!this.ldapUrl.startsWith("ldaps://")) {
+      throw new KerberosKDCConnectionException("ldapUrl is not valid ldaps 
URL");
+    }
 
     this.principalContainerDn = 
kerberosConfiguration.get(KERBEROS_ENV_PRINCIPAL_CONTAINER_DN);
     if (this.principalContainerDn == null) {

http://git-wip-us.apache.org/repos/asf/ambari/blob/2fdd066c/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
 
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
index 52cd372..a2304b8 100644
--- 
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
+++ 
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
@@ -91,6 +91,20 @@ public class ADKerberosOperationHandlerTest extends 
KerberosOperationHandlerTest
     handler.close();
   }
 
+  @Test(expected = KerberosKDCConnectionException.class)
+  public void testOpenExceptionNoLdaps() throws Exception {
+    PrincipalKeyCredential kc = new 
PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, "hello");
+    KerberosOperationHandler handler = new ADKerberosOperationHandler();
+    Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
+      {
+        put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, 
"ldap://this_wont_work";);
+        put(ADKerberosOperationHandler.KERBEROS_ENV_PRINCIPAL_CONTAINER_DN, 
DEFAULT_PRINCIPAL_CONTAINER_DN);
+      }
+    };
+    handler.open(kc, DEFAULT_REALM, kerberosEnvMap);
+    handler.close();
+  }
+
   @Test(expected = KerberosAdminAuthenticationException.class)
   public void testTestAdministratorCredentialsIncorrectAdminPassword() throws 
Exception {
     PrincipalKeyCredential kc = new 
PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, "wrong");