AMBARI-21307 Implemented more detectors. Organized the code
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ac71c44c Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ac71c44c Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ac71c44c Branch: refs/heads/feature-branch-AMBARI-21307 Commit: ac71c44c53f9170fdc3f94342a381a27bf42d5d6 Parents: 7b91bc5 Author: lpuskas <lpus...@apache.org> Authored: Tue Sep 12 11:58:45 2017 +0200 Committer: lpuskas <laszlo.pus...@sequenceiq.com> Committed: Thu Sep 14 16:37:32 2017 +0200 ---------------------------------------------------------------------- .../server/ldap/AmbariLdapConfiguration.java | 1 + .../ads/DefaultAttributeDetectionService.java | 134 ++++++++++++++----- .../ldap/service/ads/ObjectClassDetector.java | 81 ----------- .../ads/OccurranceAndWeightBasedDetector.java | 81 ----------- .../service/ads/UserNameAttributeDetector.java | 75 ----------- .../ads/detectors/GroupMemberAttrDetector.java | 56 ++++++++ .../ads/detectors/GroupNameAttrDetector.java | 61 +++++++++ .../ads/detectors/GroupObjectClassDetector.java | 64 +++++++++ .../OccurranceAndWeightBasedDetector.java | 103 ++++++++++++++ .../detectors/UserGroupMemberAttrDetector.java | 56 ++++++++ .../ads/detectors/UserNameAttrDetector.java | 60 +++++++++ .../ads/detectors/UserObjectClassDetector.java | 64 +++++++++ .../DefaultAttributeDetectionServiceTest.java | 10 +- 13 files changed, 571 insertions(+), 275 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java index e28c6ed..ebb567d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java @@ -56,6 +56,7 @@ public class AmbariLdapConfiguration { USER_OBJECT_CLASS("ambari.ldap.attributes.user.object_class"), USER_NAME_ATTRIBUTE("ambari.ldap.attributes.user.name_attr"), + USER_GROUP_MEMBER_ATTRIBUTE("ambari.ldap.attributes.user.group_member_attr"), USER_SEARCH_BASE("ambari.ldap.attributes.user.search_base"), GROUP_OBJECT_CLASS("ambari.ldap.attributes.group.object_class"), http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultAttributeDetectionService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultAttributeDetectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultAttributeDetectionService.java index 710adf1..b3a4fde 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultAttributeDetectionService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultAttributeDetectionService.java @@ -14,15 +14,18 @@ package org.apache.ambari.server.ldap.service.ads; -import java.util.Set; - import javax.inject.Inject; import javax.inject.Singleton; import org.apache.ambari.server.ldap.AmbariLdapConfiguration; import org.apache.ambari.server.ldap.service.AmbariLdapException; -import org.apache.ambari.server.ldap.service.AttributeDetector; import org.apache.ambari.server.ldap.service.LdapAttributeDetectionService; +import org.apache.ambari.server.ldap.service.ads.detectors.GroupMemberAttrDetector; +import org.apache.ambari.server.ldap.service.ads.detectors.GroupNameAttrDetector; +import org.apache.ambari.server.ldap.service.ads.detectors.GroupObjectClassDetector; +import org.apache.ambari.server.ldap.service.ads.detectors.UserGroupMemberAttrDetector; +import org.apache.ambari.server.ldap.service.ads.detectors.UserNameAttrDetector; +import org.apache.ambari.server.ldap.service.ads.detectors.UserObjectClassDetector; import org.apache.directory.api.ldap.model.cursor.SearchCursor; import org.apache.directory.api.ldap.model.entry.Entry; import org.apache.directory.api.ldap.model.message.Response; @@ -37,24 +40,29 @@ import org.apache.directory.ldap.client.api.search.FilterBuilder; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.collect.Sets; - @Singleton public class DefaultAttributeDetectionService implements LdapAttributeDetectionService<LdapConnection> { private static final Logger LOGGER = LoggerFactory.getLogger(DefaultAttributeDetectionService.class); private static final int SAMPLE_RESULT_SIZE = 50; - // ordered list of possible username attribute values (the most significant valus should be first) - private static final Set<String> USER_OBJECT_CLASS_VALUES = Sets.newHashSet("person", "posixAccount"); - private static final Set<String> USER_GROUP_MEMBER_ATTR_VALUES = Sets.newHashSet("memberOf", "ismemberOf"); + @Inject + private UserNameAttrDetector userNameAttrDetector = new UserNameAttrDetector(); // todo remove instantition + + @Inject + private UserObjectClassDetector userObjectClassDetector = new UserObjectClassDetector(); // todo remove instantition @Inject - private UserNameAttributeDetector userNameAttrDetector = new UserNameAttributeDetector(); // todo remove instantition + private UserGroupMemberAttrDetector userGroupMemberAttrDetector = new UserGroupMemberAttrDetector(); // todo remove instantition @Inject - private ObjectClassDetector objectClassDetector = new ObjectClassDetector(); // todo remove instantition + private GroupNameAttrDetector groupNameAttrDetector = new GroupNameAttrDetector(); // todo remove instantition + + @Inject + private GroupObjectClassDetector groupObjectClassDetector = new GroupObjectClassDetector(); // todo remove instantition + + private GroupMemberAttrDetector groupMemberAttrDetector = new GroupMemberAttrDetector(); // todo remove instantition @Inject public DefaultAttributeDetectionService() { @@ -76,7 +84,7 @@ public class DefaultAttributeDetectionService implements LdapAttributeDetectionS // todo should the bind operation be done in the facade? connection.bind(ambariLdapConfiguration.bindDn(), ambariLdapConfiguration.bindPassword()); - SearchRequest searchRequest = assembleSearchRequest(ambariLdapConfiguration); + SearchRequest searchRequest = assembleUserSearchRequest(ambariLdapConfiguration); // do the search searchCursor = connection.search(searchRequest); @@ -95,15 +103,19 @@ public class DefaultAttributeDetectionService implements LdapAttributeDetectionS if (response instanceof SearchResultEntry) { Entry resultEntry = ((SearchResultEntry) response).getEntry(); - LOGGER.info("Processing sample entry: [{}]", resultEntry.getDn()); + LOGGER.info("Processing sample entry with dn: [{}]", resultEntry.getDn()); + userNameAttrDetector.collect(resultEntry); - objectClassDetector.collect(resultEntry); + userObjectClassDetector.collect(resultEntry); + userGroupMemberAttrDetector.collect(resultEntry); + processedUserCnt++; } } ambariLdapConfiguration.setValueFor(AmbariLdapConfiguration.AmbariLdapConfig.USER_NAME_ATTRIBUTE, userNameAttrDetector.detect()); - ambariLdapConfiguration.setValueFor(AmbariLdapConfiguration.AmbariLdapConfig.USER_OBJECT_CLASS, objectClassDetector.detect()); + ambariLdapConfiguration.setValueFor(AmbariLdapConfiguration.AmbariLdapConfig.USER_OBJECT_CLASS, userObjectClassDetector.detect()); + ambariLdapConfiguration.setValueFor(AmbariLdapConfiguration.AmbariLdapConfig.USER_GROUP_MEMBER_ATTRIBUTE, userGroupMemberAttrDetector.detect()); LOGGER.info("Decorated ambari ldap config : [{}]", ambariLdapConfiguration); @@ -120,25 +132,72 @@ public class DefaultAttributeDetectionService implements LdapAttributeDetectionS return ambariLdapConfiguration; } - private void detectUserAttributes(Entry resultEntry, AttributeDetector attributeDetector) { - attributeDetector.collect(resultEntry); + @Override + public AmbariLdapConfiguration detectLdapGroupAttributes(LdapConnection connection, AmbariLdapConfiguration ambariLdapConfiguration) { + LOGGER.info("Detecting LDAP group attributes ..."); -// Set<String> objectClasses = detectUserObjectClass(resultEntry); -// if (!objectClasses.isEmpty()) { -// ambariLdapConfiguration.setValueFor(AmbariLdapConfiguration.AmbariLdapConfig.USER_OBJECT_CLASS, StringUtils.join(objectClasses, ",")); -// } + // perform a search using the user search base + if (Strings.isEmpty(ambariLdapConfiguration.groupSearchBase())) { + LOGGER.warn("No group search base provided"); + return ambariLdapConfiguration; + } + SearchCursor searchCursor = null; - } + try { + // todo should the bind operation be done in the facade? + connection.bind(ambariLdapConfiguration.bindDn(), ambariLdapConfiguration.bindPassword()); - @Override - public AmbariLdapConfiguration detectLdapGroupAttributes(LdapConnection connection, AmbariLdapConfiguration ambariLdapConfiguration) { - LOGGER.info("Detecting LDAP group attributes ..."); - return null; + SearchRequest searchRequest = assembleGroupSearchRequest(ambariLdapConfiguration); + + // do the search + searchCursor = connection.search(searchRequest); + + int processedGroupCnt = 0; + + while (searchCursor.next()) { + + if (processedGroupCnt >= SAMPLE_RESULT_SIZE) { + LOGGER.debug("The maximum number of results for attribute detection has exceeded. Quit detection."); + break; + } + + Response response = searchCursor.get(); + // process the SearchResultEntry + + if (response instanceof SearchResultEntry) { + Entry resultEntry = ((SearchResultEntry) response).getEntry(); + LOGGER.info("Processing sample entry with dn: [{}]", resultEntry.getDn()); + + groupNameAttrDetector.collect(resultEntry); + groupObjectClassDetector.collect(resultEntry); + groupMemberAttrDetector.collect(resultEntry); + + processedGroupCnt++; + } + } + + ambariLdapConfiguration.setValueFor(AmbariLdapConfiguration.AmbariLdapConfig.GROUP_NAME_ATTRIBUTE, groupNameAttrDetector.detect()); + ambariLdapConfiguration.setValueFor(AmbariLdapConfiguration.AmbariLdapConfig.GROUP_OBJECT_CLASS, groupObjectClassDetector.detect()); + ambariLdapConfiguration.setValueFor(AmbariLdapConfiguration.AmbariLdapConfig.GROUP_MEMBER_ATTRIBUTE, groupMemberAttrDetector.detect()); + + LOGGER.info("Decorated ambari ldap config : [{}]", ambariLdapConfiguration); + + } catch (Exception e) { + + LOGGER.error("Ldap operation failed", e); + } finally { + // housekeeping + if (null != searchCursor) { + searchCursor.close(); + } + } + + return ambariLdapConfiguration; } - private SearchRequest assembleSearchRequest(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException { + private SearchRequest assembleUserSearchRequest(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException { try { SearchRequest req = new SearchRequestImpl(); @@ -157,18 +216,23 @@ public class DefaultAttributeDetectionService implements LdapAttributeDetectionS } } + private SearchRequest assembleGroupSearchRequest(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException { + try { - private Set<String> detectUserObjectClass(Entry entry) { - LOGGER.info("Detecting user object class. Attributes: {}", entry.getAttributes()); - throw new UnsupportedOperationException("Not yet implemented"); - } + SearchRequest req = new SearchRequestImpl(); + req.setScope(SearchScope.SUBTREE); + req.addAttributes("*"); + req.setTimeLimit(0); + req.setBase(new Dn(ambariLdapConfiguration.groupSearchBase())); + // the filter must be set! + req.setFilter(FilterBuilder.present(ambariLdapConfiguration.dnAttribute()).toString()); - private String detectGroupNameAttribute(Entry entry) { - throw new UnsupportedOperationException("Not yet implemented"); - } + return req; - private Set<String> detectGroupObjectClass(Entry entry) { - throw new UnsupportedOperationException("Not yet implemented"); + } catch (Exception e) { + LOGGER.error("Could not assemble ldap search request", e); + throw new AmbariLdapException(e); + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/ObjectClassDetector.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/ObjectClassDetector.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/ObjectClassDetector.java deleted file mode 100644 index 2613517..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/ObjectClassDetector.java +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.ldap.service.ads; - -import java.util.Map; - -import javax.inject.Inject; - -import org.apache.directory.api.ldap.model.entry.Entry; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Maps; - -public class ObjectClassDetector extends OccurranceAndWeightBasedDetector { - - private static final Logger LOGGER = LoggerFactory.getLogger(ObjectClassDetector.class); - private Map<String, Integer> occurranceMap = Maps.newHashMap(); - private Map<String, Integer> weightsMap = Maps.newHashMap(); - - - private enum ObjectClassValue { - PERSON("person", 1), - POSIX_ACCOUNT("posixAccount", 1); - - private String ocVal; - private Integer weight; - - ObjectClassValue(String attr, Integer weght) { - this.ocVal = attr; - this.weight = weght; - } - - Integer weight() { - return this.weight; - } - - String ocVal() { - return this.ocVal; - } - - } - - @Inject - public ObjectClassDetector() { - for (ObjectClassValue ocVal : ObjectClassValue.values()) { - occurranceMap.put(ocVal.ocVal(), 0); - weightsMap.put(ocVal.ocVal(), ocVal.weight()); - } - - } - - @Override - protected Map<String, Integer> occurranceMap() { - return occurranceMap; - } - - @Override - protected Map<String, Integer> weightsMap() { - return weightsMap; - } - - @Override - protected boolean applies(Entry entry, String value) { - LOGGER.info("Checking for object class [{}] in entry [{}]", value, entry.getDn()); - return entry.hasObjectClass(value); - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/OccurranceAndWeightBasedDetector.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/OccurranceAndWeightBasedDetector.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/OccurranceAndWeightBasedDetector.java deleted file mode 100644 index 32dc238..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/OccurranceAndWeightBasedDetector.java +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.ldap.service.ads; - -import java.util.Map; - -import org.apache.ambari.server.ldap.service.AttributeDetector; -import org.apache.directory.api.ldap.model.entry.Entry; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public abstract class OccurranceAndWeightBasedDetector implements AttributeDetector<Entry> { - - private static final Logger LOGGER = LoggerFactory.getLogger(OccurranceAndWeightBasedDetector.class); - - protected abstract Map<String, Integer> occurranceMap(); - - protected abstract Map<String, Integer> weightsMap(); - - protected abstract boolean applies(Entry entry, String value); - - @Override - public String detect() { - Map.Entry<String, Integer> selectedEntry = null; - - for (Map.Entry<String, Integer> entry : occurranceMap().entrySet()) { - if (selectedEntry == null) { - - selectedEntry = entry; - LOGGER.info("Initial name attribute: {}", selectedEntry); - continue; - - } - - if (selectedEntry.getValue() < entry.getValue()) { - - LOGGER.info("Changing potential name attribute from : [{}] to: [{}]", selectedEntry, entry); - selectedEntry = entry; - - } - } - return selectedEntry.getKey(); - } - - @Override - public void collect(Entry entry) { - LOGGER.info("Detecting ldap attributes/values ..."); - - for (String attributeValue : occurranceMap().keySet()) { - if (applies(entry, attributeValue)) { - - Integer cnt = occurranceMap().get(attributeValue).intValue(); - if (weightsMap().containsKey(attributeValue)) { - cnt = cnt + weightsMap().get(attributeValue); - } else { - cnt = cnt + 1; - } - occurranceMap().put(attributeValue, cnt); - - LOGGER.info("Collected potential name attr: {}, count: {}", attributeValue, cnt); - - } else { - LOGGER.info("The result entry doesn't contain the attribute: [{}]", attributeValue); - } - } - } - - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/UserNameAttributeDetector.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/UserNameAttributeDetector.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/UserNameAttributeDetector.java deleted file mode 100644 index bbb4b43..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/UserNameAttributeDetector.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.ldap.service.ads; - -import java.util.Map; - -import org.apache.directory.api.ldap.model.entry.Entry; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Maps; - -public class UserNameAttributeDetector extends OccurranceAndWeightBasedDetector { - private static final Logger LOGGER = LoggerFactory.getLogger(UserNameAttributeDetector.class); - - private Map<String, Integer> occurranceMap = Maps.newHashMap(); - private Map<String, Integer> weightsMap = Maps.newHashMap(); - - private enum NameAttrs { - SAM_ACCOUNT_NAME("sAMAccountName", 5), - UID("uid", 3), - CN("cn", 1); - - private String attrName; - private Integer weight; - - NameAttrs(String attr, Integer weght) { - this.attrName = attr; - this.weight = weght; - } - - Integer weight() { - return this.weight; - } - - String attrName() { - return this.attrName; - } - - } - - public UserNameAttributeDetector() { - for (NameAttrs nameAttr : NameAttrs.values()) { - occurranceMap.put(nameAttr.attrName(), 0); - weightsMap.put(nameAttr.attrName(), nameAttr.weight()); - } - } - - protected Map<String, Integer> occurranceMap() { - return occurranceMap; - } - - protected Map<String, Integer> weightsMap() { - return weightsMap; - } - - @Override - protected boolean applies(Entry entry, String value) { - LOGGER.info("Checking for attribute [{}] in entry [{}]", value, entry.getDn()); - return entry.containsAttribute(value); - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupMemberAttrDetector.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupMemberAttrDetector.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupMemberAttrDetector.java new file mode 100644 index 0000000..6931736 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupMemberAttrDetector.java @@ -0,0 +1,56 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service.ads.detectors; + +import org.apache.directory.api.ldap.model.entry.Entry; + +public class GroupMemberAttrDetector extends OccurranceAndWeightBasedDetector { + + private enum GroupMemberAttr { + + MEMBER("member", 1), + MEMBER_UID("memberUid", 1), + UNIQUE_MEMBER("uniqueMember", 1); + + private String attrName; + private Integer weight; + + GroupMemberAttr(String attr, Integer weght) { + this.attrName = attr; + this.weight = weght; + } + + Integer weight() { + return this.weight; + } + + String attrName() { + return this.attrName; + } + + } + + public GroupMemberAttrDetector() { + for (GroupMemberAttr groupMemberAttr : GroupMemberAttr.values()) { + occurranceMap().put(groupMemberAttr.attrName(), 0); + weightsMap().put(groupMemberAttr.attrName(), groupMemberAttr.weight()); + } + } + + @Override + protected boolean applies(Entry entry, String value) { + return entry.containsAttribute(value); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupNameAttrDetector.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupNameAttrDetector.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupNameAttrDetector.java new file mode 100644 index 0000000..f868383 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupNameAttrDetector.java @@ -0,0 +1,61 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service.ads.detectors; + +import org.apache.directory.api.ldap.model.entry.Entry; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class GroupNameAttrDetector extends OccurranceAndWeightBasedDetector { + private static final Logger LOGGER = LoggerFactory.getLogger(UserNameAttrDetector.class); + + private enum GroupNameAttr { + + DISTINGUISHED_NAME("distinguishedName", 1), + + CN("cn", 1); + + private String attrName; + private Integer weight; + + GroupNameAttr(String attr, Integer weght) { + this.attrName = attr; + this.weight = weght; + } + + Integer weight() { + return this.weight; + } + + String attrName() { + return this.attrName; + } + + } + + public GroupNameAttrDetector() { + + for (GroupNameAttr groupNameAttr : GroupNameAttr.values()) { + occurranceMap().put(groupNameAttr.attrName(), 0); + weightsMap().put(groupNameAttr.attrName(), groupNameAttr.weight()); + } + } + + + @Override + protected boolean applies(Entry entry, String value) { + return entry.containsAttribute(value); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupObjectClassDetector.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupObjectClassDetector.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupObjectClassDetector.java new file mode 100644 index 0000000..fddc5a5 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupObjectClassDetector.java @@ -0,0 +1,64 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service.ads.detectors; + +import org.apache.directory.api.ldap.model.entry.Entry; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class GroupObjectClassDetector extends OccurranceAndWeightBasedDetector { + + private static final Logger LOGGER = LoggerFactory.getLogger(GroupObjectClassDetector.class); + + private enum ObjectClassValue { + + GROUP("group", 1), + + GROUP_OF_NAMES("groupOfNames", 1), + + POSIX_GROUP("posixGroup", 1), + + GROUP_OF_UNIQUE_NAMES("groupOfUniqueNames", 1); + + private String ocVal; + private Integer weight; + + ObjectClassValue(String attr, Integer weght) { + this.ocVal = attr; + this.weight = weght; + } + + Integer weight() { + return this.weight; + } + + String ocVal() { + return this.ocVal; + } + + } + + public GroupObjectClassDetector() { + for (ObjectClassValue ocVal : ObjectClassValue.values()) { + occurranceMap().put(ocVal.ocVal(), 0); + weightsMap().put(ocVal.ocVal(), ocVal.weight()); + } + } + + @Override + protected boolean applies(Entry entry, String value) { + return entry.hasObjectClass(value); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/OccurranceAndWeightBasedDetector.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/OccurranceAndWeightBasedDetector.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/OccurranceAndWeightBasedDetector.java new file mode 100644 index 0000000..8aaf6c1 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/OccurranceAndWeightBasedDetector.java @@ -0,0 +1,103 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service.ads.detectors; + +import java.util.Map; + +import org.apache.ambari.server.ldap.service.AttributeDetector; +import org.apache.directory.api.ldap.model.entry.Entry; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.Maps; + +public abstract class OccurranceAndWeightBasedDetector implements AttributeDetector<Entry> { + + private static final Logger LOGGER = LoggerFactory.getLogger(OccurranceAndWeightBasedDetector.class); + + private Map<String, Integer> occurranceMap = Maps.newHashMap(); + private Map<String, Integer> weightsMap = Maps.newHashMap(); + + protected Map<String, Integer> occurranceMap() { + return occurranceMap; + } + + protected Map<String, Integer> weightsMap() { + return weightsMap; + } + + + protected abstract boolean applies(Entry entry, String value); + + @Override + public String detect() { + LOGGER.info("Calculating the most probable attribute/value ..."); + Map.Entry<String, Integer> selectedEntry = null; + + for (Map.Entry<String, Integer> entry : occurranceMap().entrySet()) { + if (selectedEntry == null) { + + selectedEntry = entry; + LOGGER.debug("Initial attribute / value entry: {}", selectedEntry); + continue; + + } + + if (selectedEntry.getValue() < entry.getValue()) { + + LOGGER.info("Changing potential attribute / value entry from : [{}] to: [{}]", selectedEntry, entry); + selectedEntry = entry; + + } + } + + // check whether the selected entry is valid (has occured in the sample result set) + String detectedVal = "N/A"; + + if (selectedEntry.getValue() > 0) { + detectedVal = selectedEntry.getKey(); + } else { + LOGGER.warn("Unable to detect attribute or attribute value"); + } + + LOGGER.info("Detected attribute or value: [{}]", detectedVal); + return detectedVal; + } + + @Override + public void collect(Entry entry) { + LOGGER.info("Collecting ldap attributes/values form entry with dn: [{]]", entry.getDn()); + + for (String attributeValue : occurranceMap().keySet()) { + if (applies(entry, attributeValue)) { + + Integer cnt = occurranceMap().get(attributeValue).intValue(); + if (weightsMap().containsKey(attributeValue)) { + cnt = cnt + weightsMap().get(attributeValue); + } else { + cnt = cnt + 1; + } + occurranceMap().put(attributeValue, cnt); + + LOGGER.info("Collected potential name attr: {}, count: {}", attributeValue, cnt); + + } else { + LOGGER.info("The result entry doesn't contain the attribute: [{}]", attributeValue); + } + } + } + + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserGroupMemberAttrDetector.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserGroupMemberAttrDetector.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserGroupMemberAttrDetector.java new file mode 100644 index 0000000..c3f2ab4 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserGroupMemberAttrDetector.java @@ -0,0 +1,56 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service.ads.detectors; + +import org.apache.directory.api.ldap.model.entry.Entry; + +public class UserGroupMemberAttrDetector extends OccurranceAndWeightBasedDetector { + private static String[] userGroupMemAttrValues = {"memberOf", "ismemberOf"}; + + private enum UserGroupMemberAttr { + + MEMBER_OF("memberOf", 1), + IS_MEMBER_OF("ismemberOf", 1); + + private String attrName; + private Integer weight; + + UserGroupMemberAttr(String attr, Integer weght) { + this.attrName = attr; + this.weight = weght; + } + + Integer weight() { + return this.weight; + } + + String attrName() { + return this.attrName; + } + + } + + public UserGroupMemberAttrDetector() { + for (UserGroupMemberAttr userGroupMemberAttr : UserGroupMemberAttr.values()) { + occurranceMap().put(userGroupMemberAttr.attrName(), 0); + weightsMap().put(userGroupMemberAttr.attrName(), userGroupMemberAttr.weight); + } + } + + @Override + protected boolean applies(Entry entry, String value) { + return entry.containsAttribute(value); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserNameAttrDetector.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserNameAttrDetector.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserNameAttrDetector.java new file mode 100644 index 0000000..40bf09b --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserNameAttrDetector.java @@ -0,0 +1,60 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service.ads.detectors; + +import org.apache.directory.api.ldap.model.entry.Entry; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class UserNameAttrDetector extends OccurranceAndWeightBasedDetector { + private static final Logger LOGGER = LoggerFactory.getLogger(UserNameAttrDetector.class); + + private enum UserNameAttrs { + SAM_ACCOUNT_NAME("sAMAccountName", 5), + UID("uid", 3), + CN("cn", 1); + + private String attrName; + private Integer weight; + + UserNameAttrs(String attr, Integer weght) { + this.attrName = attr; + this.weight = weght; + } + + Integer weight() { + return this.weight; + } + + String attrName() { + return this.attrName; + } + + } + + public UserNameAttrDetector() { + for (UserNameAttrs nameAttr : UserNameAttrs.values()) { + occurranceMap().put(nameAttr.attrName(), 0); + weightsMap().put(nameAttr.attrName(), nameAttr.weight()); + } + } + + @Override + protected boolean applies(Entry entry, String value) { + LOGGER.info("Checking for attribute [{}] in entry [{}]", value, entry.getDn()); + return entry.containsAttribute(value); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserObjectClassDetector.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserObjectClassDetector.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserObjectClassDetector.java new file mode 100644 index 0000000..97b3c52 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserObjectClassDetector.java @@ -0,0 +1,64 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.ldap.service.ads.detectors; + +import javax.inject.Inject; + +import org.apache.directory.api.ldap.model.entry.Entry; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class UserObjectClassDetector extends OccurranceAndWeightBasedDetector { + + private static final Logger LOGGER = LoggerFactory.getLogger(UserObjectClassDetector.class); + + private enum ObjectClassValue { + PERSON("person", 1), + POSIX_ACCOUNT("posixAccount", 1); + + private String ocVal; + private Integer weight; + + ObjectClassValue(String attr, Integer weght) { + this.ocVal = attr; + this.weight = weght; + } + + Integer weight() { + return this.weight; + } + + String ocVal() { + return this.ocVal; + } + + } + + @Inject + public UserObjectClassDetector() { + for (ObjectClassValue ocVal : ObjectClassValue.values()) { + occurranceMap().put(ocVal.ocVal(), 0); + weightsMap().put(ocVal.ocVal(), ocVal.weight()); + } + + } + + @Override + protected boolean applies(Entry entry, String value) { + LOGGER.info("Checking for object class [{}] in entry [{}]", value, entry.getDn()); + return entry.hasObjectClass(value); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/ac71c44c/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/DefaultAttributeDetectionServiceTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/DefaultAttributeDetectionServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/DefaultAttributeDetectionServiceTest.java index 5cddf1a..08f2d6c 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/DefaultAttributeDetectionServiceTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/DefaultAttributeDetectionServiceTest.java @@ -32,6 +32,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.google.common.collect.Maps; +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; public class DefaultAttributeDetectionServiceTest { @@ -78,9 +80,12 @@ public class DefaultAttributeDetectionServiceTest { // WHEN AmbariLdapConfiguration config = attributeDetectionService.detectLdapUserAttributes(ldapConnection, ambariLdapConfiguration); + config = attributeDetectionService.detectLdapGroupAttributes(ldapConnection, ambariLdapConfiguration); - // THEN + Gson gson = new GsonBuilder().create(); + LOGGER.info(gson.toJson(config)); + // THEN ldapConnection.close(); } @@ -95,9 +100,8 @@ public class DefaultAttributeDetectionServiceTest { ldapPropsMap.put(AmbariLdapConfiguration.AmbariLdapConfig.BIND_PASSWORD.key(), "password"); ldapPropsMap.put(AmbariLdapConfiguration.AmbariLdapConfig.DN_ATTRIBUTE.key(), SchemaConstants.CN_AT); - ldapPropsMap.put(AmbariLdapConfiguration.AmbariLdapConfig.USER_OBJECT_CLASS.key(), SchemaConstants.PERSON_OC); - ldapPropsMap.put(AmbariLdapConfiguration.AmbariLdapConfig.USER_NAME_ATTRIBUTE.key(), SchemaConstants.UID_AT); ldapPropsMap.put(AmbariLdapConfiguration.AmbariLdapConfig.USER_SEARCH_BASE.key(), "dc=example,dc=com"); + ldapPropsMap.put(AmbariLdapConfiguration.AmbariLdapConfig.GROUP_SEARCH_BASE.key(), "dc=example,dc=com"); return ldapPropsMap;