This is an automated email from the ASF dual-hosted git repository.
oleewere pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new 1956283 [AMBARI-24827] LDAP users fail to authenticate using LDAPS
due to 'No subject alternative DNS name' exception (#2522)
1956283 is described below
commit 1956283dd9a4a33d565d264592af7c562502cd25
Author: Robert Levas <[email protected]>
AuthorDate: Fri Oct 26 16:09:09 2018 -0400
[AMBARI-24827] LDAP users fail to authenticate using LDAPS due to 'No
subject alternative DNS name' exception (#2522)
---
.../authorization/AmbariLdapAuthenticationProvider.java | 11 ++++++++++-
.../org/apache/ambari/server/upgrade/UpgradeCatalog270.java | 3 +++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
index 2f1c0dc..deabb2a 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
@@ -52,7 +52,8 @@ import com.google.inject.Inject;
* Provides LDAP user authorization logic for Ambari Server
*/
public class AmbariLdapAuthenticationProvider extends
AmbariAuthenticationProvider {
- static Logger LOG =
LoggerFactory.getLogger(AmbariLdapAuthenticationProvider.class); // exposed and
mutable for "test"
+ private static final String SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION
= "com.sun.jndi.ldap.object.disableEndpointIdentification";
+ private static Logger LOG =
LoggerFactory.getLogger(AmbariLdapAuthenticationProvider.class);
final AmbariLdapConfigurationProvider ldapConfigurationProvider;
@@ -171,6 +172,14 @@ public class AmbariLdapAuthenticationProvider extends
AmbariAuthenticationProvid
springSecurityContextSource.setPassword(ldapServerProperties.get().getManagerPassword());
}
+ if (ldapServerProperties.get().isUseSsl() &&
ldapServerProperties.get().isDisableEndpointIdentification()) {
+ System.setProperty(SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION,
"true");
+ LOG.info("Disabled endpoint identification");
+ } else {
+ System.clearProperty(SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION);
+ LOG.info("Removed endpoint identification disabling");
+ }
+
try {
springSecurityContextSource.afterPropertiesSet();
} catch (Exception e) {
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
index f6270be..10b5508 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
@@ -1764,6 +1764,9 @@ public class UpgradeCatalog270 extends
AbstractUpgradeCatalog {
map.put(AmbariServerConfigurationKey.PAGINATION_ENABLED,
"authentication.ldap.pagination.enabled");
map.put(AmbariServerConfigurationKey.COLLISION_BEHAVIOR,
"ldap.sync.username.collision.behavior");
+ // Added in the event a previous version of Ambari had AMBARI-24827
back-ported to it
+ map.put(AmbariServerConfigurationKey.DISABLE_ENDPOINT_IDENTIFICATION,
"ldap.sync.disable.endpoint.identification");
+
// SSO-related properties
map.put(AmbariServerConfigurationKey.SSO_PROVIDER_URL,
"authentication.jwt.providerUrl");
map.put(AmbariServerConfigurationKey.SSO_PROVIDER_CERTIFICATE,
"authentication.jwt.publicKey");
