RANGER-484: added support for referral attribute to be read from config Signed-off-by: sneethiraj <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ec154392 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ec154392 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ec154392 Branch: refs/heads/tag-policy Commit: ec1543926abf2bb88bbad8ac61d84e9b5858b06e Parents: 0336e2b Author: Velmurugan Periasamy <[email protected]> Authored: Sun May 17 16:46:48 2015 -0400 Committer: sneethiraj <[email protected]> Committed: Sun May 17 16:51:57 2015 -0400 ---------------------------------------------------------------------- security-admin/scripts/install.properties | 4 ++++ security-admin/scripts/setup.sh | 8 ++++++++ .../handler/RangerAuthenticationProvider.java | 18 +++++++++--------- .../resources/conf.dist/ranger-admin-site.xml | 10 ++++++++++ 4 files changed, 31 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/scripts/install.properties ---------------------------------------------------------------------- diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties index a7bc120..7490dd6 100644 --- a/security-admin/scripts/install.properties +++ b/security-admin/scripts/install.properties @@ -133,6 +133,7 @@ authServicePort=5151 #xa_ldap_base_dn="dc=xasecure,dc=net" #xa_ldap_bind_dn="cn=admin,ou=users,dc=xasecure,dc=net" #xa_ldap_bind_password= +#xa_ldap_referral=follow|ignore xa_ldap_url= xa_ldap_userDNpattern= @@ -142,6 +143,7 @@ xa_ldap_groupRoleAttribute= xa_ldap_base_dn= xa_ldap_bind_dn= xa_ldap_bind_password= +xa_ldap_referral= ####ACTIVE_DIRECTORY settings - Required only if have selected AD authentication #### # # Sample Settings @@ -151,12 +153,14 @@ xa_ldap_bind_password= #xa_ldap_ad_base_dn="dc=xasecure,dc=net" #xa_ldap_ad_bind_dn="cn=administrator,ou=users,dc=xasecure,dc=net" #xa_ldap_ad_bind_password= +#xa_ldap_ad_referral=follow|ignore xa_ldap_ad_domain= xa_ldap_ad_url= xa_ldap_ad_base_dn= xa_ldap_ad_bind_dn= xa_ldap_ad_bind_password= +xa_ldap_ad_referral= # ----------------------------------------------------------- # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index e1f895c..4b5e6b9 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -1234,6 +1234,10 @@ do_authentication_setup(){ newPropertyValue="${xa_ldap_bind_dn}" updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file + propertyName=ranger.ldap.referral + newPropertyValue="${xa_ldap_referral}" + updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file + keystore="${cred_keystore_filename}" if [ "${keystore}" != "" ] @@ -1311,6 +1315,10 @@ do_authentication_setup(){ newPropertyValue="${xa_ldap_ad_bind_dn}" updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file + propertyName=ranger.ldap.ad.referral + newPropertyValue="${xa_ldap_ad_referral}" + updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file + keystore="${cred_keystore_filename}" if [ "${keystore}" != "" ] http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java index a84736b..5446dc4 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java +++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java @@ -233,7 +233,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { return null; } } catch (Exception e) { - logger.error("LDAP Authentication Failed:"+e.getMessage()); + logger.debug("LDAP Authentication Failed:", e); } return null; } @@ -275,7 +275,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { return null; } }catch (Exception e) { - logger.error("AD Authentication Failed:"+e.getMessage()); + logger.debug("AD Authentication Failed:", e); } return authentication; } @@ -333,7 +333,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { return null; } } catch (Exception e) { - logger.error("Unix Authentication Failed:"+e.getMessage()); + logger.debug("Unix Authentication Failed:", e); } return authentication; @@ -367,7 +367,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { String rangerADBindDN = PropertiesUtil.getProperty("ranger.ldap.ad.bind.dn", ""); String rangerADBindPassword = PropertiesUtil.getProperty("ranger.ldap.ad.bind.password", ""); String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER"); - + String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.ad.referral", "follow"); String userName = authentication.getName(); String userPassword = ""; if (authentication.getCredentials() != null) { @@ -377,7 +377,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerADURL); ldapContextSource.setUserDn(rangerADBindDN); ldapContextSource.setPassword(rangerADBindPassword); - ldapContextSource.setReferral("follow"); + ldapContextSource.setReferral(rangerLdapReferral); ldapContextSource.setCacheEnvironmentProperties(true); ldapContextSource.setAnonymousReadOnly(false); ldapContextSource.setPooled(true); @@ -405,7 +405,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { return null; } } catch (Exception e) { - logger.error("AD Authentication Failed:"+e.getMessage()); + logger.debug("AD Authentication Failed:", e); } return authentication; } @@ -421,7 +421,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { String rangerLdapBase = PropertiesUtil.getProperty("ranger.ldap.base.dn", ""); String rangerLdapBindDN = PropertiesUtil.getProperty("ranger.ldap.bind.dn", ""); String rangerLdapBindPassword = PropertiesUtil.getProperty("ranger.ldap.bind.password", ""); - + String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.referral", "follow"); String userName = authentication.getName(); String userPassword = ""; if (authentication.getCredentials() != null) { @@ -431,7 +431,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerLdapURL); ldapContextSource.setUserDn(rangerLdapBindDN); ldapContextSource.setPassword(rangerLdapBindPassword); - ldapContextSource.setReferral("follow"); + ldapContextSource.setReferral(rangerLdapReferral); ldapContextSource.setCacheEnvironmentProperties(false); ldapContextSource.setAnonymousReadOnly(true); ldapContextSource.setPooled(true); @@ -466,7 +466,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { return null; } } catch (Exception e) { - logger.error("LDAP Authentication Failed:"+e.getMessage()); + logger.debug("LDAP Authentication Failed:", e); } return authentication; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ec154392/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml index dab2067..d0a4fe4 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml @@ -132,6 +132,11 @@ <value>ROLE_USER</value> </property> <property> + <name>ranger.ldap.referral</name> + <value></value> + <description>follow or ignore</description> + </property> + <property> <name>ranger.ldap.ad.domain</name> <value>example.com</value> <description></description> @@ -159,6 +164,11 @@ </property> <property> + <name>ranger.ldap.ad.referral</name> + <value></value> + <description>follow or ignore</description> + </property> + <property> <name>ranger.service.https.attrib.ssl.enabled</name> <value>false</value> </property>
