This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 6827eb7 RANGER-2705: Group sync does does not parse DNs properly
6827eb7 is described below
commit 6827eb7351708c22d45481fda8cfa61467f60741
Author: Sailaja Polavarapu <[email protected]>
AuthorDate: Wed Apr 8 07:07:01 2020 -0700
RANGER-2705: Group sync does does not parse DNs properly
---
.../process/LdapDeltaUserGroupBuilder.java | 145 +++++++++++-------
.../process/LdapPolicyMgrUserGroupBuilder.java | 93 ++++++++----
.../ldapusersync/process/LdapUserGroupBuilder.java | 163 ++++++++++++++-------
.../process/PolicyMgrUserGroupBuilder.java | 60 +++++---
.../unixusersync/process/UnixUserGroupBuilder.java | 76 +++++++---
5 files changed, 375 insertions(+), 162 deletions(-)
diff --git
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
index 0c54f71..3ff2470 100644
---
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
+++
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
@@ -31,13 +31,14 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
-import java.util.StringTokenizer;
import java.util.HashMap;
import java.util.UUID;
+import java.util.NoSuchElementException;
import javax.naming.Context;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
@@ -49,6 +50,8 @@ import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
import org.apache.commons.collections.BidiMap;
import org.apache.commons.collections.bidimap.DualHashBidiMap;
@@ -426,7 +429,9 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
}
List<String> userList = new ArrayList<>(userSet);
String transformGroupName =
groupNameTransform(groupName);
- LOG.debug("addOrUpdateGroup(): group = " + groupName +
" users = " + userList);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("addOrUpdateGroup(): group = " +
groupName + " users = " + userList);
+ }
try {
sink.addOrUpdateGroup(transformGroupName,
groupInfoMap.get(groupName), userList);
} catch (Throwable t) {
@@ -435,7 +440,9 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
+ ", users: " + userList);
}
}
- LOG.debug("postUserGroupAuditInfo(): noOfUsers = " +
noOfNewUsers + " noOfGroups = " + noOfNewGroups);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("postUserGroupAuditInfo(): noOfUsers = " +
noOfNewUsers + " noOfGroups = " + noOfNewGroups);
+ }
ugsyncAuditInfo.setNoOfNewUsers(Integer.toUnsignedLong(noOfNewUsers));
ugsyncAuditInfo.setNoOfNewGroups(Integer.toUnsignedLong(noOfNewGroups));
@@ -597,7 +604,7 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
if
(userGroupfAttribute != null) {
NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll();
while (groupEnum.hasMore()) {
-
String gName = getShortGroupName((String) groupEnum
+
String gName = getShortName((String) groupEnum
.next());
String transformGroupName = groupNameTransform(gName);
groups.add(transformGroupName);
@@ -618,7 +625,9 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
} else {
// If the user from the
search result is present in the group user table,
// then addorupdate
user to ranger admin.
- LOG.debug("Chekcing if
the user " + userFullName + " is part of the retrieved groups");
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("Chekcing if the user " + userFullName + " is part of the retrieved
groups");
+ }
if
((groupUserTable.containsColumn(userFullName) ||
groupUserTable.containsColumn(userName))) {
if
(!userNameMap.containsKey(userFullName)) {
String
transformUserName = userNameTransform(userName);
@@ -632,7 +641,9 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
//Also
update the username in the groupUserTable with the one from username attribute.
Map<String, String> userMap = groupUserTable.column(userFullName);
for
(Map.Entry<String, String> entry : userMap.entrySet()) {
-
LOG.debug("Updating groupUserTable " + entry.getValue() + " with: " +
transformUserName + " for " + entry.getKey());
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("Updating groupUserTable " + entry.getValue() + " with: " +
transformUserName + " for " + entry.getKey());
+
}
groupUserTable.put(entry.getKey(), userFullName, transformUserName);
}
counter++;
@@ -674,19 +685,27 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
(PagedResultsResponseControl)controls[i];
total =
prrc.getResultSize();
if (total != 0)
{
-
LOG.debug("END-OF-PAGE total : " + total);
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : " + total);
+ }
} else {
-
LOG.debug("END-OF-PAGE total : unknown");
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : unknown");
+ }
}
cookie =
prrc.getCookie();
}
}
} else {
- LOG.debug("No controls were
sent from the server");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No controls
were sent from the server");
+ }
}
// Re-activate paged results
if (pagedResultsEnabled) {
-
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
+ if (LOG.isDebugEnabled()) {
+
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
+ }
ldapContext.setRequestControls(new Control[]{
new
PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
@@ -785,7 +804,9 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
// update the group
name to ranger admin
// check for group
members and populate userInfo object with user's full name and group mapping
if
(groupSearchFirstEnabled) {
-
LOG.debug("Update Ranger admin with " + transformGroupName);
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("Update Ranger admin with " + transformGroupName);
+ }
sink.addOrUpdateGroup(transformGroupName, groupAttrMap);
}
@@ -831,7 +852,7 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
continue;
}
userCount++;
- String userName
= getShortUserName(originalUserFullName);
+ String userName
= getShortName(originalUserFullName);
originalUserFullName = originalUserFullName.toLowerCase();
if
(groupSearchFirstEnabled && !userSearchEnabled) {
String
transformUserName = userNameTransform(userName);
@@ -876,19 +897,27 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
(PagedResultsResponseControl)controls[i];
total =
prrc.getResultSize();
if
(total != 0) {
-
LOG.debug("END-OF-PAGE total : " + total);
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : " + total);
+
}
} else {
-
LOG.debug("END-OF-PAGE total : unknown");
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : unknown");
+
}
}
cookie
= prrc.getCookie();
}
}
} else {
- LOG.debug("No controls
were sent from the server");
+ if
(LOG.isDebugEnabled()) {
+ LOG.debug("No
controls were sent from the server");
+ }
}
// Re-activate paged results
if (pagedResultsEnabled) {
-
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
+ }
ldapContext.setRequestControls(new Control[]{
new
PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
@@ -910,7 +939,9 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
}
if (groupHierarchyLevels > 0) {
- LOG.debug("deltaSyncGroupTime = " + deltaSyncGroupTime);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("deltaSyncGroupTime = " +
deltaSyncGroupTime);
+ }
if (deltaSyncGroupTime > 0) {
LOG.info("LdapDeltaUserGroupBuilder.getGroups(): Going through group hierarchy
for nested group evaluation for deltasync");
goUpGroupHierarchyLdap(groupNameMap.keySet(),
groupHierarchyLevels-1);
@@ -925,37 +956,47 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
}
}
-
- private static String getShortGroupName(String longGroupName) throws
InvalidNameException {
- if (longGroupName == null) {
- return null;
- }
- StringTokenizer stc = new StringTokenizer(longGroupName, ",");
- String firstToken = stc.nextToken();
- StringTokenizer ste = new StringTokenizer(firstToken, "=");
- String groupName = ste.nextToken();
- if (ste.hasMoreTokens()) {
- groupName = ste.nextToken();
- }
- groupName = groupName.trim();
- LOG.info("longGroupName: " + longGroupName + ", groupName: " +
groupName);
- return groupName;
- }
-
- private static String getShortUserName(String longUserName) throws
InvalidNameException {
- if (longUserName == null) {
+ private static String getShortName(String longName) {
+ if (StringUtils.isEmpty(longName)) {
return null;
}
- StringTokenizer stc = new StringTokenizer(longUserName, ",");
- String firstToken = stc.nextToken();
- StringTokenizer ste = new StringTokenizer(firstToken, "=");
- String userName = ste.nextToken();
- if (ste.hasMoreTokens()) {
- userName = ste.nextToken();
+ String shortName = "";
+ try {
+ LdapName subjectDN = new LdapName(longName);
+ List<Rdn> rdns = subjectDN.getRdns();
+ for (int i = rdns.size() - 1; i >= 0; i--) {
+ if (StringUtils.isNotEmpty(shortName)) {
+ break;
+ }
+ Rdn rdn = rdns.get(i);
+ Attributes attributes = rdn.toAttributes();
+ try {
+ Attribute uid = attributes.get("uid");
+ if (uid != null) {
+ Object value = uid.get();
+ if (value != null) {
+ shortName =
value.toString();
+ }
+ } else {
+ Attribute cn =
attributes.get("cn");
+ if (cn != null) {
+ Object value = cn.get();
+ if (value != null) {
+ shortName =
value.toString();
+ }
+ }
+ }
+ } catch (NoSuchElementException ignore) {
+ shortName = longName;
+ } catch (NamingException ignore) {
+ shortName = longName;
+ }
+ }
+ } catch (InvalidNameException ex) {
+ shortName = longName;
}
- userName = userName.trim();
- LOG.info("longUserName: " + longUserName + ", userName: " +
userName);
- return userName;
+ LOG.info("longName: " + longName + ", userName: " + shortName);
+ return shortName;
}
private String userNameTransform(String userName) {
@@ -1008,7 +1049,7 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
Set<String> allMembers =
groupUserTable.row(groupSName).keySet();
LOG.info("members of " + groupSName + " = " +
allMembers);
for(String member : allMembers) {
- String memberName = getShortGroupName(member);
+ String memberName = getShortName(member);
if (!groupUserTable.containsRow(memberName)) {
//Check if the member of a group is in turn a group
LOG.info("Adding " + member + " to " +
group);
String userSName =
groupUserTable.get(groupSName, member);
@@ -1127,15 +1168,21 @@ public class LdapDeltaUserGroupBuilder extends
AbstractUserGroupSource {
(PagedResultsResponseControl)controls[i];
total =
prrc.getResultSize();
if
(total != 0) {
-
LOG.debug("END-OF-PAGE total : " + total);
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : " + total);
+
}
} else {
-
LOG.debug("END-OF-PAGE total : unknown");
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : unknown");
+
}
}
cookie
= prrc.getCookie();
}
}
} else {
- LOG.debug("No controls
were sent from the server");
+ if
(LOG.isDebugEnabled()) {
+ LOG.debug("No
controls were sent from the server");
+ }
}
// Re-activate paged results
if (pagedResultsEnabled) {
diff --git
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
index 31b4d3d..8dc05b0 100644
---
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
+++
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
@@ -36,6 +36,8 @@ import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
@@ -171,8 +173,10 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
private XGroupInfo addGroupInfo(final String groupName, Map<String,
String> groupAttrs){
XGroupInfo ret = null;
XGroupInfo group = null;
-
- LOG.debug("INFO: addPMXAGroup(" + groupName + ")");
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addPMXAGroup(" + groupName + ")");
+ }
if (! isMockRun) {
group = addXGroupInfo(groupName, groupAttrs);
}
@@ -269,7 +273,9 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
@Override
public void addOrUpdateUser(String userName, Map<String, String>
userAttrs, List<String> groups) throws Throwable {
// First add to x_portal_user
- LOG.debug("INFO: addPMAccount(" + userName + ")" );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addPMAccount(" + userName + ")");
+ }
if (! isMockRun) {
if (addMUser(userName, userAttrs) == null) {
String msg = "Failed to add portal user";
@@ -295,17 +301,24 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
UserGroupInfo ret = null;
XUserInfo user = null;
- LOG.debug("INFO: addPMXAUser(" + userName + ")");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addPMXAUser(" + userName + ")");
+ }
if (! isMockRun) {
user = addXUserInfo(userName, userAttrs);
}
- for(String g : groups) {
- LOG.debug("INFO: addPMXAGroupToUser(" +
userName + "," + g + ")" );
+ if (CollectionUtils.isNotEmpty(groups)) {
+ for (String g : groups) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addPMXAGroupToUser(" +
userName + "," + g + ")");
+ }
+ }
}
if (! isMockRun ) {
addXUserGroupInfo(user, groups);
}
+
if (authenticationType != null &&
AUTH_KERBEROS.equalsIgnoreCase(authenticationType) &&
SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
try {
Subject sub =
SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
@@ -332,35 +345,54 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
private XUserInfo addXUserInfo(String aUserName, Map<String, String>
userAttrs) {
-
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.addXUserInfo " + aUserName + " and " + userAttrs);
+ }
+
XUserInfo xuserInfo = new XUserInfo();
xuserInfo.setName(aUserName);
-
+
xuserInfo.setDescription(aUserName + " - add from Unix box");
- Gson gson = new Gson();
- xuserInfo.setOtherAttributes(gson.toJson(userAttrs));
+ if (MapUtils.isNotEmpty(userAttrs)) {
+ Gson gson = new Gson();
+ xuserInfo.setOtherAttributes(gson.toJson(userAttrs));
+ }
if (userMap.containsKey(aUserName)) {
List<String> roleList = new ArrayList<String>();
roleList.add(userMap.get(aUserName));
xuserInfo.setUserRoleList(roleList);
}
usergroupInfo.setXuserInfo(xuserInfo);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.addXUserInfo " + aUserName + " and " + userAttrs);
+ }
return xuserInfo;
}
private void addXUserGroupInfo(XUserInfo aUserInfo, List<String>
aGroupList) {
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.addXUserGroupInfo ");
+ }
List<XGroupInfo> xGroupInfoList = new ArrayList<XGroupInfo>();
-
- for(String groupName : aGroupList) {
- XGroupInfo group = addXGroupInfo(groupName, null);
- xGroupInfoList.add(group);
- addXUserGroupInfo(aUserInfo, group);
+
+ if (CollectionUtils.isNotEmpty(aGroupList)) {
+ for (String groupName : aGroupList) {
+ XGroupInfo group = addXGroupInfo(groupName,
null);
+ xGroupInfoList.add(group);
+ addXUserGroupInfo(aUserInfo, group);
+ }
}
usergroupInfo.setXgroupInfo(xGroupInfoList);
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.addXUserGroupInfo ");
+ }
}
private XUserGroupInfo addXUserGroupInfo(XUserInfo aUserInfo,
XGroupInfo aGroupInfo) {
@@ -423,7 +455,9 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
public void addOrUpdateGroup(String groupName, Map<String, String>
groupAttrs, List<String> users) throws Throwable {
// First get the existing group user mappings from Ranger admin.
// Then compute the delta and send the updated group user
mappings to ranger admin.
- LOG.debug("addOrUpdateGroup for " + groupName + " with users: "
+ users);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("addOrUpdateGroup for " + groupName + " with
users: " + users);
+ }
GroupUserInfo groupUserInfo = null;
if (authenticationType != null &&
AUTH_KERBEROS.equalsIgnoreCase(authenticationType) &&
SecureClientLogin.isKerberosCredentialExists(principal,keytab)) {
try {
@@ -455,7 +489,9 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
oldUsers.add(xUserInfo.getName());
oldUserMap.put(xUserInfo.getName(),
xUserInfo.getUserRoleList());
}
- LOG.debug("Returned users for group " +
groupUserInfo.getXgroupInfo().getName() + " are: " + oldUsers);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Returned users for group " +
groupUserInfo.getXgroupInfo().getName() + " are: " + oldUsers);
+ }
}
List<String> addUsers = new ArrayList<String>();
@@ -475,8 +511,9 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
}
}
-
- LOG.debug("addUsers = " + addUsers);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("addUsers = " + addUsers);
+ }
delXGroupUserInfo(groupName, delUsers);
//* Add user to group mapping in the x_group_user table.
@@ -501,9 +538,11 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
private void addUserGroupAuditInfo(UgsyncAuditInfo auditInfo) {
- LOG.debug("INFO: addAuditInfo(" + auditInfo.getNoOfNewUsers() +
", " + auditInfo.getNoOfNewGroups() +
- ", " + auditInfo.getNoOfModifiedUsers() + ", "
+ auditInfo.getNoOfModifiedGroups() +
- ", " + auditInfo.getSyncSource() + ")" );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addAuditInfo(" +
auditInfo.getNoOfNewUsers() + ", " + auditInfo.getNoOfNewGroups() +
+ ", " + auditInfo.getNoOfModifiedUsers()
+ ", " + auditInfo.getNoOfModifiedGroups() +
+ ", " + auditInfo.getSyncSource() + ")");
+ }
if (authenticationType != null
&&
AUTH_KERBEROS.equalsIgnoreCase(authenticationType)
@@ -660,13 +699,17 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
GroupUserInfo ret = null;
XGroupInfo group = null;
-
- LOG.debug("INFO: addPMXAGroup(" + groupName + ")" );
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addPMXAGroup(" + groupName + ")");
+ }
if (! isMockRun) {
group = addXGroupInfo(groupName, groupAttrs);
}
for(String u : users) {
- LOG.debug("INFO: addPMXAGroupToUser(" +
groupName + "," + u + ")" );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addPMXAGroupToUser(" +
groupName + "," + u + ")");
+ }
}
if (! isMockRun ) {
addXGroupUserInfo(group, users);
diff --git
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 9563eee..ca3aad8 100644
---
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -28,11 +28,12 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
-import java.util.StringTokenizer;
+import java.util.NoSuchElementException;
import javax.naming.Context;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
@@ -44,7 +45,10 @@ import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.unixusersync.model.LdapSyncSourceInfo;
@@ -317,7 +321,9 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
if (!groupSearchFirstEnabled) {
LOG.info("Performing user search first");
getUsers(sink);
- LOG.debug("Total No. of users saved = " +
userGroupMap.size());
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Total No. of users saved = " +
userGroupMap.size());
+ }
if (!groupSearchEnabled && groupHierarchyLevels > 0) {
getRootDN();
}
@@ -331,13 +337,19 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
getGroups(sink, userInfo);
}
if (groupHierarchyLevels > 0) {
- LOG.debug("Going through group hierarchy for nested group
evaluation");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Going through group
hierarchy for nested group evaluation");
+ }
goUpGroupHierarchyLdap(userInfo.getGroupDNs(),
groupHierarchyLevels - 1, userInfo);
- LOG.debug("Completed group hierarchy computation");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Completed group
hierarchy computation");
+ }
}
List<String> groupList = userInfo.getGroups();
allGroups.addAll(groupList);
- LOG.debug("updateSink(): group list for " + userName + " = " +
groupList);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("updateSink(): group list for
" + userName + " = " + groupList);
+ }
if (userNameCaseConversionFlag) {
if (userNameLowerCaseFlag) {
userName =
userName.toLowerCase();
@@ -373,8 +385,10 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
getGroups(sink, null);
// Go through the userInfo map and update ranger admin.
for (UserInfo userInfo : userGroupMap.values()) {
- LOG.debug("userName from map = " +
userInfo.getUserFullName());
- String userName = getShortUserName(userInfo.getUserFullName());
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("userName from map = " +
userInfo.getUserFullName());
+ }
+ String userName = getShortName(userInfo.getUserFullName());
if (groupHierarchyLevels > 0) {
//System.out.println("Going through group hierarchy for
nested group evaluation");
goUpGroupHierarchyLdap(userInfo.getGroupDNs(),
groupHierarchyLevels - 1, userInfo);
@@ -496,9 +510,11 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll();
while (groupEnum.hasMore()) {
String groupDN = (String)
groupEnum.next();
- LOG.debug("Adding " + groupDN
+ " to " + userName);
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("Adding " + groupDN + " to " + userName);
+
}
userInfo.addGroupDN(groupDN);
-
String gName = getShortGroupName(groupDN);
+
String gName = getShortName(groupDN);
if (groupNameCaseConversionFlag) {
if (groupNameLowerCaseFlag) {
gName = gName.toLowerCase();
@@ -554,7 +570,9 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
// then update
user name in the userInfo map with the value from the search result
// and update
ranger admin.
String
userFullName = (userEntry.getNameInNamespace()).toLowerCase();
-
LOG.debug("Checking if the user " + userFullName + " is part of the retrieved
groups");
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("Checking if the user " + userFullName + " is part of the retrieved
groups");
+ }
userInfo =
userGroupMap.get(userFullName);
if (userInfo ==
null) {
@@ -600,19 +618,27 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
(PagedResultsResponseControl)control;
total =
prrc.getResultSize();
if
(total != 0) {
-
LOG.debug("END-OF-PAGE total : " + total);
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : " + total);
+
}
} else {
-
LOG.debug("END-OF-PAGE total : unknown");
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : unknown");
+
}
}
cookie
= prrc.getCookie();
}
}
} else {
- LOG.debug("No controls
were sent from the server");
+ if
(LOG.isDebugEnabled()) {
+ LOG.debug("No
controls were sent from the server");
+ }
}
// Re-activate paged results
if (pagedResultsEnabled) {
-
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
+ }
ldapContext.setRequestControls(new Control[]{
new
PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
@@ -713,7 +739,9 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
//
update the group name to ranger admin
//
check for group members and populate userInfo object with user's full name and
group mapping
Attribute groupMemberAttr =
groupEntry.getAttributes().get(groupMemberAttributeName);
-
LOG.debug("Update Ranger admin with " + gName);
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("Update Ranger admin with " + gName);
+ }
int
userCount = 0;
if
(groupMemberAttr == null || groupMemberAttr.size() <= 0) {
LOG.info("No members available for " + gName);
@@ -752,19 +780,27 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
(PagedResultsResponseControl)control;
total =
prrc.getResultSize();
if
(total != 0) {
-
LOG.debug("END-OF-PAGE total : " + total);
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : " + total);
+
}
} else {
-
LOG.debug("END-OF-PAGE total : unknown");
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : unknown");
+
}
}
cookie
= prrc.getCookie();
}
}
} else {
- LOG.debug("No controls
were sent from the server");
+ if
(LOG.isDebugEnabled()) {
+ LOG.debug("No
controls were sent from the server");
+ }
}
// Re-activate paged results
if (pagedResultsEnabled) {
-
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug(String.format("Fetched paged results round: %s", ++paged));
+ }
ldapContext.setRequestControls(new Control[]{
new
PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
}
@@ -787,40 +823,53 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
}
- private static String getShortGroupName(String longGroupName) throws
InvalidNameException {
- if (longGroupName == null) {
- return null;
- }
- StringTokenizer stc = new StringTokenizer(longGroupName, ",");
- String firstToken = stc.nextToken();
- StringTokenizer ste = new StringTokenizer(firstToken, "=");
- String groupName = ste.nextToken();
- if (ste.hasMoreTokens()) {
- groupName = ste.nextToken();
- }
- groupName = groupName.trim();
- LOG.info("longGroupName: " + longGroupName + ", groupName: " +
groupName);
- return groupName;
- }
-
- private static String getShortUserName(String longUserName) throws
InvalidNameException {
- if (longUserName == null) {
+ private static String getShortName(String longName) {
+ if (StringUtils.isEmpty(longName)) {
return null;
}
- StringTokenizer stc = new StringTokenizer(longUserName, ",");
- String firstToken = stc.nextToken();
- StringTokenizer ste = new StringTokenizer(firstToken, "=");
- String userName = ste.nextToken();
- if (ste.hasMoreTokens()) {
- userName = ste.nextToken();
+ String shortName = "";
+ try {
+ LdapName subjectDN = new LdapName(longName);
+ List<Rdn> rdns = subjectDN.getRdns();
+ for (int i = rdns.size() - 1; i >= 0; i--) {
+ if (StringUtils.isNotEmpty(shortName)) {
+ break;
+ }
+ Rdn rdn = rdns.get(i);
+ Attributes attributes = rdn.toAttributes();
+ try {
+ Attribute uid = attributes.get("uid");
+ if (uid != null) {
+ Object value = uid.get();
+ if (value != null) {
+ shortName =
value.toString();
+ }
+ } else {
+ Attribute cn =
attributes.get("cn");
+ if (cn != null) {
+ Object value = cn.get();
+ if (value != null) {
+ shortName =
value.toString();
+ }
+ }
+ }
+ } catch (NoSuchElementException ignore) {
+ shortName = longName;
+ } catch (NamingException ignore) {
+ shortName = longName;
+ }
+ }
+ } catch (InvalidNameException ex) {
+ shortName = longName;
}
- userName = userName.trim();
- LOG.info("longUserName: " + longUserName + ", userName: " +
userName);
- return userName;
+ LOG.info("longName: " + longName + ", userName: " + shortName);
+ return shortName;
}
private void goUpGroupHierarchyLdap(Set<String> groupDNs, int
groupHierarchyLevels, UserInfo userInfo) throws Throwable {
- LOG.debug("goUpGroupHierarchyLdap(): Incoming groups " + groupDNs);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("goUpGroupHierarchyLdap(): Incoming groups "
+ groupDNs);
+ }
if (groupHierarchyLevels <= 0 || groupDNs.isEmpty()) {
return;
}
@@ -852,7 +901,9 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
filter.append("))");
groupFilter += filter;
- LOG.debug("extendedAllGroupsSearchFilter = " +
groupFilter);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("extendedAllGroupsSearchFilter = " +
groupFilter);
+ }
for (String ou : groupSearchBase) {
byte[] cookie = null;
int counter = 0;
@@ -904,15 +955,21 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
(PagedResultsResponseControl)control;
total =
prrc.getResultSize();
if
(total != 0) {
-
LOG.debug("END-OF-PAGE total : " + total);
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : " + total);
+
}
} else {
-
LOG.debug("END-OF-PAGE total : unknown");
+
if (LOG.isDebugEnabled()) {
+
LOG.debug("END-OF-PAGE total : unknown");
+
}
}
cookie
= prrc.getCookie();
}
}
} else {
- LOG.debug("No controls
were sent from the server");
+ if
(LOG.isDebugEnabled()) {
+ LOG.debug("No
controls were sent from the server");
+ }
}
// Re-activate paged results
if (pagedResultsEnabled) {
@@ -959,7 +1016,9 @@ public class LdapUserGroupBuilder extends
AbstractUserGroupSource {
Attributes attrs = result1.getAttributes();
Attribute attr = attrs.get("namingContexts");
- LOG.debug("namingContexts = " + attr);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("namingContexts = " + attr);
+ }
groupSearchBase = new String[]
{attr.get(0).toString()};
LOG.info("RootDN = " +
Arrays.toString(groupSearchBase));
}
diff --git
a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index 7402b69..ec986b9 100644
---
a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -347,7 +347,9 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
newGroupList.add(group);
}
}
- LOG.debug("INFO: addPMAccount(" + userName + ")" );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addPMAccount(" + userName +
")");
+ }
if (! isMockRun) {
if (addMUser(userName) == null) {
String msg = "Failed to add portal
user";
@@ -560,7 +562,9 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
LOG.error("Failed to get response,
Error is : " + e.getMessage());
}
}
- LOG.debug("RESPONSE: [" + response + "]");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RESPONSE: [" + response + "]");
+ }
GetXGroupListResponse groupList =
gson.fromJson(response, GetXGroupListResponse.class);
LOG.info("Group List : "+groupList);
totalCount = groupList.getTotalCount();
@@ -570,8 +574,10 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
retrievedCount = xgroupList.size();
for (XGroupInfo g :
groupList.getXgroupInfoList()) {
- LOG.debug("GROUP: Id:" + g.getId() +
", Name: " + g.getName() + ", Description: "
- + g.getDescription());
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("GROUP: Id:" +
g.getId() + ", Name: " + g.getName() + ", Description: "
+ +
g.getDescription());
+ }
}
}
}
@@ -609,7 +615,9 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
LOG.error("Failed to get response,
Error is : "+e.getMessage());
}
}
- LOG.debug("RESPONSE: [" + response + "]");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RESPONSE: [" + response + "]");
+ }
GetXUserListResponse userList = gson.fromJson(response,
GetXUserListResponse.class);
totalCount = userList.getTotalCount();
@@ -619,8 +627,10 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
retrievedCount = xuserList.size();
for (XUserInfo u : userList.getXuserInfoList())
{
- LOG.debug("USER: Id:" + u.getId() + ",
Name: " + u.getName() + ", Description: "
- + u.getDescription());
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("USER: Id:" +
u.getId() + ", Name: " + u.getName() + ", Description: "
+ +
u.getDescription());
+ }
}
}
}
@@ -658,7 +668,9 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
LOG.error("Failed to get response,
Error is : " + e.getMessage());
}
}
- LOG.debug("RESPONSE: [" + response + "]");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RESPONSE: [" + response + "]");
+ }
GetXUserGroupListResponse usergroupList =
gson.fromJson(response, GetXUserGroupListResponse.class);
@@ -669,7 +681,9 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
retrievedCount = xusergroupList.size();
for (XUserGroupInfo ug :
usergroupList.getXusergroupInfoList()) {
- LOG.debug("USER_GROUP: UserId:" +
ug.getUserId() + ", Name: " + ug.getGroupName());
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("USER_GROUP: UserId:"
+ ug.getUserId() + ", Name: " + ug.getGroupName());
+ }
}
}
}
@@ -685,7 +699,9 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
UserGroupInfo ret = null;
XUserInfo user = null;
- LOG.debug("INFO: addPMXAUser(" + userName + ")" );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addPMXAUser(" + userName + ")");
+ }
if (! isMockRun) {
user = addXUserInfo(userName);
if (!groups.isEmpty() && user != null) {
@@ -708,7 +724,9 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
}
for(String g : groups) {
- LOG.debug("INFO: addPMXAGroupToUser(" +
userName + "," + g + ")" );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addPMXAGroupToUser(" +
userName + "," + g + ")");
+ }
}
if (! isMockRun ) {
addXUserGroupInfo(user, groups);
@@ -1055,7 +1073,9 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
if (group != null) {
if (authenticationType != null &&
AUTH_KERBEROS.equalsIgnoreCase(authenticationType) &&
SecureClientLogin.isKerberosCredentialExists(principal, keytab)) {
try {
- LOG.debug("Using principal = "
+ principal + " and keytab = " + keytab);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Using
principal = " + principal + " and keytab = " + keytab);
+ }
Subject sub =
SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
Subject.doAs(sub, new
PrivilegedAction<Void>() {
@Override
@@ -1397,7 +1417,9 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
XGroupInfo ret = null;
XGroupInfo group = null;
- LOG.debug("INFO: addPMXAGroup(" + groupName + ")" );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addPMXAGroup(" + groupName + ")");
+ }
if (! isMockRun) {
group = addXGroupInfo(groupName);
}
@@ -1516,9 +1538,11 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
auditInfo.setNoOfModifiedUsers(Integer.toUnsignedLong(noOfModifiedUsers));
auditInfo.setNoOfModifiedGroups(Integer.toUnsignedLong(noOfModifiedGroups));
auditInfo.setSessionId("");
- LOG.debug("INFO: addAuditInfo(" + auditInfo.getNoOfNewUsers() +
", " + auditInfo.getNoOfNewGroups()
- + ", " + auditInfo.getNoOfModifiedUsers() + ",
" + auditInfo.getNoOfModifiedGroups()
- + ", " + auditInfo.getSyncSource() + ")");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("INFO: addAuditInfo(" +
auditInfo.getNoOfNewUsers() + ", " + auditInfo.getNoOfNewGroups()
+ + ", " +
auditInfo.getNoOfModifiedUsers() + ", " + auditInfo.getNoOfModifiedGroups()
+ + ", " + auditInfo.getSyncSource() +
")");
+ }
if (authenticationType != null
&&
AUTH_KERBEROS.equalsIgnoreCase(authenticationType)
@@ -1578,7 +1602,9 @@ public class PolicyMgrUserGroupBuilder implements
UserGroupSink {
}
UgsyncAuditInfo ret = gson.fromJson(response,
UgsyncAuditInfo.class);
- LOG.debug("AuditInfo Creation successful ");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("AuditInfo Creation successful ");
+ }
if(LOG.isDebugEnabled()){
LOG.debug("<==
PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
diff --git
a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
index 2cf0082..e1540c6 100644
---
a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
+++
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
@@ -109,7 +109,9 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
unixSyncSourceInfo.setMinUserId(config.getMinUserId());
unixSyncSourceInfo.setMinGroupId(config.getMinGroupId());
- LOG.debug("Minimum UserId: " + minimumUserId + ", minimum
GroupId: " + minimumGroupId);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Minimum UserId: " + minimumUserId + ",
minimum GroupId: " + minimumGroupId);
+ }
timeout = config.getUpdateMillisMin();
enumerateGroupMembers = config.isGroupEnumerateEnabled();
@@ -217,11 +219,15 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
private void print() {
for(String user : user2GroupListMap.keySet()) {
- LOG.debug("USER:" + user);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("USER:" + user);
+ }
List<String> groups = user2GroupListMap.get(user);
if (groups != null) {
for(String group : groups) {
- LOG.debug("\tGROUP: " + group);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("\tGROUP: " + group);
+ }
}
}
}
@@ -303,7 +309,9 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
LOG.warn("Group Name could not
be found for group id: [" + groupId + "]. Skipping adding user [" + userName +
"] with id [" + userId + "].");
}
} else {
- LOG.debug("Skipping user [" + userName
+ "] since its userid [" + userId + "] is less than minuserid limit [" +
minimumUserId + "].");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Skipping user [" +
userName + "] since its userid [" + userId + "] is less than minuserid limit ["
+ minimumUserId + "].");
+ }
}
}
} finally {
@@ -318,13 +326,17 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
if (enumerateGroupMembers) {
String line = null;
- LOG.debug("Start drill down group members");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Start drill down group members");
+ }
for (Map.Entry<String, List<String>> entry :
internalUser2GroupListMap.entrySet()) {
// skip users we already now about
if
(user2GroupListMap.containsKey(entry.getKey()))
continue;
- LOG.debug("Enumerating user " + entry.getKey());
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Enumerating user " +
entry.getKey());
+ }
int numUserId = -1;
try {
@@ -350,7 +362,9 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
reader.close();
}
- LOG.debug("id -G returned " + line);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("id -G returned " + line);
+ }
if (line == null || line.trim().isEmpty()) {
LOG.warn("User " + entry.getKey() + "
could not be resolved");
@@ -374,7 +388,9 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
user2GroupListMap.put(entry.getKey(),
allowedGroups);
allGroups.addAll(allowedGroups);
}
- LOG.debug("End drill down group members");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("End drill down group members");
+ }
}
}
@@ -419,7 +435,9 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
}
private void buildUnixGroupList(String allGroupsCmd, String groupCmd,
boolean useGid) throws Throwable {
- LOG.debug("Start enumerating groups");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Start enumerating groups");
+ }
BufferedReader reader = null;
try {
@@ -447,18 +465,24 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
reader.close();
}
- LOG.debug("End enumerating group");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("End enumerating group");
+ }
if (!useNss)
return;
if (enumerateGroupMembers) {
- LOG.debug("Start enumerating group members");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Start enumerating group members");
+ }
String line = null;
Map<String,String> copy = new HashMap<String,
String>(groupId2groupNameMap);
for (Map.Entry<String, String> group : copy.entrySet())
{
- LOG.debug("Enumerating group: " +
group.getValue() + " GID(" + group.getKey() + ")");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Enumerating group: " +
group.getValue() + " GID(" + group.getKey() + ")");
+ }
String command;
if (useGid) {
@@ -468,7 +492,9 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
}
String[] cmd = new String[]{"bash", "-c",
command + " " + group.getKey()};
- LOG.debug("Executing: " + Arrays.toString(cmd));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Executing: " +
Arrays.toString(cmd));
+ }
try {
Process process =
Runtime.getRuntime().exec(cmd);
@@ -478,23 +504,31 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
if (reader != null)
reader.close();
}
- LOG.debug("bash -c " + command + " for group "
+ group + " returned " + line);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("bash -c " + command + " for
group " + group + " returned " + line);
+ }
parseMembers(line);
}
- LOG.debug("End enumerating group members");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("End enumerating group members");
+ }
}
if (config.getEnumerateGroups() != null) {
String line = null;
String[] groups =
config.getEnumerateGroups().split(",");
- LOG.debug("Adding extra groups");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Adding extra groups");
+ }
for (String group : groups) {
String command = String.format(groupCmd, group);
String[] cmd = new String[]{"bash", "-c",
command + " '" + group + "'"};
- LOG.debug("Executing: " + Arrays.toString(cmd));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Executing: " +
Arrays.toString(cmd));
+ }
try {
Process process =
Runtime.getRuntime().exec(cmd);
@@ -505,11 +539,15 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
reader.close();
}
- LOG.debug("bash -c " + command + " for group "
+ group + " returned " + line);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("bash -c " + command + " for
group " + group + " returned " + line);
+ }
parseMembers(line);
}
- LOG.debug("Done adding extra groups");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Done adding extra groups");
+ }
}
}
