This is an automated email from the ASF dual-hosted git repository. smolnar pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push: new f3e6276 AMBARI-24951. New CLI option and question to populate existing 'ambari.ldap.attributes.user.group_member_attr' Ambari configuration property (#2656) f3e6276 is described below commit f3e627666a6c9c6eda73d5ee8977e7d941c104a7 Author: Sandor Molnar <smol...@apache.org> AuthorDate: Tue Nov 27 15:10:07 2018 +0100 AMBARI-24951. New CLI option and question to populate existing 'ambari.ldap.attributes.user.group_member_attr' Ambari configuration property (#2656) --- .../server/configuration/AmbariServerConfigurationKey.java | 2 +- ambari-server/src/main/python/ambari-server.py | 1 + ambari-server/src/main/python/ambari_server/setupSecurity.py | 1 + ambari-server/src/test/python/TestAmbariServer.py | 12 ++++++++---- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java index 5603d46..a0b66f9 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java @@ -54,7 +54,7 @@ public enum AmbariServerConfigurationKey { USER_OBJECT_CLASS(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.object_class", PLAINTEXT, "person", "The class to which user objects in LDAP belong.", false), USER_NAME_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.name_attr", PLAINTEXT, "uid", "The attribute used for determining the user name, such as 'uid'.", false), - USER_GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.group_member_attr", PLAINTEXT, "", "", false), //TODO + USER_GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.group_member_attr", PLAINTEXT, "memberof", "The LDAP attribute which identifies user group membership.", false), USER_SEARCH_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.search_base", PLAINTEXT, "dc=ambari,dc=apache,dc=org", "The base DN to use when filtering LDAP users and groups. This is only used when LDAP authentication is enabled.", false), USER_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.search_user_base", PLAINTEXT, "ou=people,dc=ambari,dc=apache,dc=org", "The filter used when searching for users in LDAP.", false), diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py index e5a943f..fccd758 100755 --- a/ambari-server/src/main/python/ambari-server.py +++ b/ambari-server/src/main/python/ambari-server.py @@ -560,6 +560,7 @@ def init_ldap_setup_parser_options(parser): parser.add_option('--ldap-type', default=None, help="Specify ldap type [{}] for offering defaults for missing options.".format("/".join(LDAP_TYPES)), dest="ldap_type") parser.add_option('--ldap-user-class', default=None, help="User Attribute Object Class for LDAP", dest="ldap_user_class") parser.add_option('--ldap-user-attr', default=None, help="User Attribute Name for LDAP", dest="ldap_user_attr") + parser.add_option('--ldap-user-group-member-attr', default=None, help="User Group Member Attribute for LDAP", dest="ldap_user_group_member_attr") parser.add_option('--ldap-group-class', default=None, help="Group Attribute Object Class for LDAP", dest="ldap_group_class") parser.add_option('--ldap-group-attr', default=None, help="Group Attribute Name for LDAP", dest="ldap_group_attr") parser.add_option('--ldap-member-attr', default=None, help="Group Membership Attribute Name for LDAP", dest="ldap_member_attr") diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py index e281c16..76c4731 100644 --- a/ambari-server/src/main/python/ambari_server/setupSecurity.py +++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py @@ -731,6 +731,7 @@ def init_ldap_properties_list_reqd(properties, options): LdapPropTemplate(properties, options.ldap_ssl, "ambari.ldap.connectivity.use_ssl", "Use SSL [true/false]{0}: ", REGEX_TRUE_FALSE, False, LdapDefaultMap({LDAP_AD:'false', LDAP_IPA:'true', LDAP_GENERIC:'false'})), LdapPropTemplate(properties, options.ldap_user_class, "ambari.ldap.attributes.user.object_class", "User object class{0}: ", REGEX_ANYTHING, False, LdapDefaultMap({LDAP_AD:'user', LDAP_IPA:'posixAccount', LDAP_GENERIC:'posixUser'})), LdapPropTemplate(properties, options.ldap_user_attr, "ambari.ldap.attributes.user.name_attr", "User ID attribute{0}: ", REGEX_ANYTHING, False, LdapDefaultMap({LDAP_AD:'sAMAccountName', LDAP_IPA:'uid', LDAP_GENERIC:'uid'})), + LdapPropTemplate(properties, options.ldap_user_group_member_attr, "ambari.ldap.attributes.user.group_member_attr", "User group member attribute{0}: ", REGEX_ANYTHING, False, LdapDefaultMap({LDAP_AD:'memberof', LDAP_IPA:'member', LDAP_GENERIC:'memberof'})), LdapPropTemplate(properties, options.ldap_group_class, "ambari.ldap.attributes.group.object_class", "Group object class{0}: ", REGEX_ANYTHING, False, LdapDefaultMap({LDAP_AD:'group', LDAP_IPA:'posixGroup', LDAP_GENERIC:'posixGroup'})), LdapPropTemplate(properties, options.ldap_group_attr, "ambari.ldap.attributes.group.name_attr", "Group name attribute{0}: ", REGEX_ANYTHING, False, LdapDefault("cn")), LdapPropTemplate(properties, options.ldap_member_attr, "ambari.ldap.attributes.group.member_attr", "Group member attribute{0}: ", REGEX_ANYTHING, False, LdapDefaultMap({LDAP_AD:'member', LDAP_IPA:'member', LDAP_GENERIC:'memberUid'})), diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py index 4e5db52..fc0ffe9 100644 --- a/ambari-server/src/test/python/TestAmbariServer.py +++ b/ambari-server/src/test/python/TestAmbariServer.py @@ -7065,6 +7065,7 @@ class TestAmbariServer(TestCase): "ambari.ldap.connectivity.use_ssl": "false", "ambari.ldap.attributes.user.object_class": "user", "ambari.ldap.attributes.user.name_attr": "uid", + "ambari.ldap.attributes.user.group_member_attr": "memberof", "ambari.ldap.attributes.group.object_class": "group", "ambari.ldap.attributes.group.name_attr": "cn", "ambari.ldap.attributes.group.member_attr": "member", @@ -7112,6 +7113,7 @@ class TestAmbariServer(TestCase): "ambari.ldap.connectivity.use_ssl": "false", "ambari.ldap.attributes.user.object_class": "user", "ambari.ldap.attributes.user.name_attr": "uid", + "ambari.ldap.attributes.user.group_member_attr": "memberof", "ambari.ldap.attributes.group.object_class": "group", "ambari.ldap.attributes.group.name_attr": "cn", "ambari.ldap.attributes.group.member_attr": "member", @@ -7159,7 +7161,7 @@ class TestAmbariServer(TestCase): properties.process_pair(CLIENT_API_PORT_PROPERTY, '8080') get_ambari_properties_method.return_value = properties - raw_input_mock.side_effect = [LDAP_GENERIC, 'a', '3', 'b', 'b', 'hody', 'b', '2', 'false', 'user', 'uid', 'group', 'cn', 'member', 'dn', 'base', 'follow', 'true', 'skip', 'false', 'false', 'admin'] + raw_input_mock.side_effect = [LDAP_GENERIC, 'a', '3', 'b', 'b', 'hody', 'b', '2', 'false', 'user', 'uid', 'memberof', 'group', 'cn', 'member', 'dn', 'base', 'follow', 'true', 'skip', 'false', 'false', 'admin'] get_password_mock.side_effect = ['admin'] set_silent(False) get_YN_input_method.return_value = True @@ -7189,11 +7191,11 @@ class TestAmbariServer(TestCase): self.assertTrue(urlopen_mock.called) self.assertTrue(update_properties_method.called) self.assertTrue(get_YN_input_method.called) - self.assertEquals(21, raw_input_mock.call_count) + self.assertEquals(22, raw_input_mock.call_count) self.assertEqual(1, get_password_mock.call_count) raw_input_mock.reset_mock() - raw_input_mock.side_effect = [LDAP_GENERIC, 'a', '3', '', '', 'b', '2', 'false', 'user', 'uid', 'group', 'cn', 'member', 'dn', 'base', 'follow', 'true', 'skip', 'false', 'false', 'admin'] + raw_input_mock.side_effect = [LDAP_GENERIC, 'a', '3', '', '', 'b', '2', 'false', 'user', 'uid', 'memberof', 'group', 'cn', 'member', 'dn', 'base', 'follow', 'true', 'skip', 'false', 'false', 'admin'] get_password_mock.reset_mock() get_password_mock.side_effect = ['admin'] @@ -7219,7 +7221,7 @@ class TestAmbariServer(TestCase): self.assertTrue(urlopen_mock.called) self.assertTrue(update_properties_method.called) self.assertTrue(get_YN_input_method.called) - self.assertEquals(20, raw_input_mock.call_count) + self.assertEquals(21, raw_input_mock.call_count) self.assertEqual(1, get_password_mock.call_count) sys.stdout = sys.__stdout__ @@ -7276,6 +7278,7 @@ class TestAmbariServer(TestCase): "ambari.ldap.connectivity.use_ssl": "false", "ambari.ldap.attributes.user.object_class": "test", "ambari.ldap.attributes.user.name_attr": "test", + "ambari.ldap.attributes.user.group_member_attr": "test", "ambari.ldap.attributes.user.search_base": "test", "ambari.ldap.connectivity.anonymous_bind": "false", "ambari.ldap.advanced.collision_behavior": "skip", @@ -8815,6 +8818,7 @@ class TestAmbariServer(TestCase): options.ldap_ssl = None options.ldap_user_class = None options.ldap_user_attr = None + options.ldap_user_group_member_attr = None options.ldap_group_class = None options.ldap_group_attr = None options.ldap_member_attr = None