Repository: incubator-ranger Updated Branches: refs/heads/master 13f3b9981 -> 02b4790aa
Ranger-803: Rebuild the patch with latest merge from master to resolve conflicts Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/02b4790a Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/02b4790a Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/02b4790a Branch: refs/heads/master Commit: 02b4790aae3e0b3da797499f6a275edb3385bdda Parents: 13f3b99 Author: Sailaja Polavarapu <[email protected]> Authored: Wed Feb 17 10:20:18 2016 -0800 Committer: Velmurugan Periasamy <[email protected]> Committed: Thu Feb 18 12:15:21 2016 -0500 ---------------------------------------------------------------------- .../handler/RangerAuthenticationProvider.java | 3 +- .../process/LdapUserGroupBuilder.java | 289 ++++++++++--------- .../config/UserGroupSyncConfig.java | 10 + .../ranger/usergroupsync/LdapUserGroupTest.java | 82 ++++++ ugsync/src/test/resources/ADSchema.ldif | 79 ++++- 5 files changed, 320 insertions(+), 143 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02b4790a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java index cfdd9bc..8cd4bac 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java +++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java @@ -218,7 +218,8 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { // Creating BindAuthenticator using Ldap Context Source. BindAuthenticator bindAuthenticator = new BindAuthenticator( ldapContextSource); - String[] userDnPatterns = new String[] { rangerLdapUserDNPattern }; + //String[] userDnPatterns = new String[] { rangerLdapUserDNPattern }; + String[] userDnPatterns = rangerLdapUserDNPattern.split(";"); bindAuthenticator.setUserDnPatterns(userDnPatterns); // Creating Ldap authentication provider using BindAuthenticator and http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02b4790a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java index 529af72..6c3aa74 100644 --- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java @@ -19,6 +19,7 @@ package org.apache.ranger.ldapusersync.process; + import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; @@ -63,7 +64,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { private String ldapReferral; private String searchBase; - private String userSearchBase; + private String[] userSearchBase; private String userNameAttribute; private int userSearchScope; private String userObjectClass; @@ -76,7 +77,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { private int pagedResultsSize = 500; private boolean groupSearchEnabled = true; - private String groupSearchBase; + private String[] groupSearchBase; private int groupSearchScope; private String groupObjectClass; private String groupSearchFilter; @@ -97,7 +98,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { Mapper userNameRegExInst = null; Mapper groupNameRegExInst = null; - private List<UserInfo> userGroupMap; + private Map<String, UserInfo> userGroupMap; public static void main(String[] args) throws Throwable { LdapUserGroupBuilder ugBuilder = new LdapUserGroupBuilder(); @@ -180,20 +181,19 @@ public class LdapUserGroupBuilder implements UserGroupSource { env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, ldapUrl); - env.put(Context.SECURITY_PRINCIPAL, ldapBindDn); env.put(Context.SECURITY_CREDENTIALS, ldapBindPassword); env.put(Context.SECURITY_AUTHENTICATION, ldapAuthenticationMechanism); env.put(Context.REFERRAL, ldapReferral) ; if (ldapUrl.startsWith("ldaps") && (config.getSSLTrustStorePath() != null && !config.getSSLTrustStorePath().trim().isEmpty())) { - env.put("java.naming.ldap.factory.socket", "org.apache.ranger.ldapusersync.process.CustomSSLSocketFactory"); - } + env.put("java.naming.ldap.factory.socket", "org.apache.ranger.ldapusersync.process.CustomSSLSocketFactory"); + } ldapContext = new InitialLdapContext(env, null); + + searchBase = config.getSearchBase(); - searchBase = config.getSearchBase(); - - userSearchBase = config.getUserSearchBase(); + userSearchBase = config.getUserSearchBase().split(";"); userSearchScope = config.getUserSearchScope(); userObjectClass = config.getUserObjectClass(); userSearchFilter = config.getUserSearchFilter(); @@ -226,7 +226,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { pagedResultsSize = config.getPagedResultsSize(); groupSearchEnabled = config.isGroupSearchEnabled(); - groupSearchBase = config.getGroupSearchBase(); + groupSearchBase = config.getGroupSearchBase().split(";"); groupSearchScope = config.getGroupSearchScope(); groupObjectClass = config.getGroupObjectClass(); groupSearchFilter = config.getGroupSearchFilter(); @@ -299,165 +299,170 @@ public class LdapUserGroupBuilder implements UserGroupSource { @Override public void updateSink(UserGroupSink sink) throws Throwable { LOG.info("LDAPUserGroupBuilder updateSink started"); - userGroupMap = new ArrayList<UserInfo>(); + userGroupMap = new HashMap<String, UserInfo>(); NamingEnumeration<SearchResult> userSearchResultEnum = null; NamingEnumeration<SearchResult> groupSearchResultEnum = null; try { createLdapContext(); int total; // Activate paged results - byte[] cookie = null; if (pagedResultsEnabled) { ldapContext.setRequestControls(new Control[]{ new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) }); } - int counter = 0; - do { - userSearchResultEnum = ldapContext - .search(userSearchBase, extendedUserSearchFilter, - userSearchControls); - while (userSearchResultEnum.hasMore()) { - // searchResults contains all the user entries - final SearchResult userEntry = userSearchResultEnum.next(); - - if (userEntry == null) { - if (LOG.isInfoEnabled()) { - LOG.info("userEntry null, skipping sync for the entry"); + // When multiple OUs are configured, go through each OU as the user search base to search for users. + for (int ou=0; ou<userSearchBase.length; ou++) { + byte[] cookie = null; + int counter = 0; + do { + userSearchResultEnum = ldapContext + .search(userSearchBase[ou], extendedUserSearchFilter, + userSearchControls); + while (userSearchResultEnum.hasMore()) { + // searchResults contains all the user entries + final SearchResult userEntry = userSearchResultEnum.next(); + + if (userEntry == null) { + if (LOG.isInfoEnabled()) { + LOG.info("userEntry null, skipping sync for the entry"); + } + continue; } - continue; - } - Attributes attributes = userEntry.getAttributes(); - if (attributes == null) { - if (LOG.isInfoEnabled()) { - LOG.info("attributes missing for entry " + userEntry.getNameInNamespace() + - ", skipping sync"); + Attributes attributes = userEntry.getAttributes(); + if (attributes == null) { + if (LOG.isInfoEnabled()) { + LOG.info("attributes missing for entry " + userEntry.getNameInNamespace() + + ", skipping sync"); + } + continue; } - continue; - } - Attribute userNameAttr = attributes.get(userNameAttribute); - if (userNameAttr == null) { - if (LOG.isInfoEnabled()) { - LOG.info(userNameAttribute + " missing for entry " + userEntry.getNameInNamespace() + - ", skipping sync"); + Attribute userNameAttr = attributes.get(userNameAttribute); + if (userNameAttr == null) { + if (LOG.isInfoEnabled()) { + LOG.info(userNameAttribute + " missing for entry " + userEntry.getNameInNamespace() + + ", skipping sync"); + } + continue; } - continue; - } - String userName = (String) userNameAttr.get(); + String userName = (String) userNameAttr.get(); - if (userName == null || userName.trim().isEmpty()) { - if (LOG.isInfoEnabled()) { - LOG.info(userNameAttribute + " empty for entry " + userEntry.getNameInNamespace() + - ", skipping sync"); + if (userName == null || userName.trim().isEmpty()) { + if (LOG.isInfoEnabled()) { + LOG.info(userNameAttribute + " empty for entry " + userEntry.getNameInNamespace() + + ", skipping sync"); + } + continue; } - continue; - } - if (userNameCaseConversionFlag) { - if (userNameLowerCaseFlag) { - userName = userName.toLowerCase() ; - } - else { - userName = userName.toUpperCase() ; + if (userNameCaseConversionFlag) { + if (userNameLowerCaseFlag) { + userName = userName.toLowerCase() ; + } + else { + userName = userName.toUpperCase() ; + } } - } - if (userNameRegExInst != null) { - userName = userNameRegExInst.transform(userName); - } + if (userNameRegExInst != null) { + userName = userNameRegExInst.transform(userName); + } - UserInfo userInfo = new UserInfo(userName, userEntry.getNameInNamespace()); - Set<String> groups = new HashSet<String>(); - - // Get all the groups from the group name attribute of the user only when group search is not enabled. - if (!groupSearchEnabled) { - for (String useGroupNameAttribute : userGroupNameAttributeSet) { - Attribute userGroupfAttribute = userEntry.getAttributes().get(useGroupNameAttribute); - if (userGroupfAttribute != null) { - NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll(); - while (groupEnum.hasMore()) { - String gName = getShortGroupName((String) groupEnum - .next()); - if (groupNameCaseConversionFlag) { - if (groupNameLowerCaseFlag) { - gName = gName.toLowerCase(); - } else { - gName = gName.toUpperCase(); + UserInfo userInfo = new UserInfo(userName, userEntry.getNameInNamespace()); + Set<String> groups = new HashSet<String>(); + + // Get all the groups from the group name attribute of the user only when group search is not enabled. + if (!groupSearchEnabled) { + for (String useGroupNameAttribute : userGroupNameAttributeSet) { + Attribute userGroupfAttribute = userEntry.getAttributes().get(useGroupNameAttribute); + if (userGroupfAttribute != null) { + NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll(); + while (groupEnum.hasMore()) { + String gName = getShortGroupName((String) groupEnum + .next()); + if (groupNameCaseConversionFlag) { + if (groupNameLowerCaseFlag) { + gName = gName.toLowerCase(); + } else { + gName = gName.toUpperCase(); + } } + if (groupNameRegExInst != null) { + gName = groupNameRegExInst.transform(gName); + } + groups.add(gName); } - if (groupNameRegExInst != null) { - gName = groupNameRegExInst.transform(gName); - } - groups.add(gName); } } } - } - userInfo.addGroups(groups); - //populate the userGroupMap with username, userInfo. - //userInfo contains details of user that will be later used for - //group search to compute group membership as well as to call sink.addOrUpdateUser() - userGroupMap.add(userInfo); - - //List<String> groupList = new ArrayList<String>(groups); - List<String> groupList = userInfo.getGroups(); - counter++; - if (counter <= 2000) { - if (LOG.isInfoEnabled()) { - LOG.info("Updating user count: " + counter - + ", userName: " + userName + ", groupList: " - + groupList); - } - if ( counter == 2000 ) { - LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <==="); + userInfo.addGroups(groups); + //populate the userGroupMap with username, userInfo. + //userInfo contains details of user that will be later used for + //group search to compute group membership as well as to call sink.addOrUpdateUser() + if (userGroupMap.containsKey(userName)) { + LOG.warn("user object with username " + userName + " already exists and is replaced with the latest user object." ); } - } else { - if (LOG.isTraceEnabled()) { - LOG.trace("Updating user count: " + counter - + ", userName: " + userName + ", groupList: " - + groupList); - } else { - if ( counter % 100 == 0) { - LOG.info("Synced " + counter + " users till now"); + userGroupMap.put(userName, userInfo); + + //List<String> groupList = new ArrayList<String>(groups); + List<String> groupList = userInfo.getGroups(); + counter++; + if (counter <= 2000) { + if (LOG.isInfoEnabled()) { + LOG.info("Updating user count: " + counter + + ", userName: " + userName + ", groupList: " + + groupList); + } + if ( counter == 2000 ) { + LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <==="); + } + } else { + if (LOG.isTraceEnabled()) { + LOG.trace("Updating user count: " + counter + + ", userName: " + userName + ", groupList: " + + groupList); + } else { + if ( counter % 100 == 0) { + LOG.info("Synced " + counter + " users till now"); + } } } - } - } + } - // Examine the paged results control response - Control[] controls = ldapContext.getResponseControls(); - if (controls != null) { - for (int i = 0; i < controls.length; i++) { - if (controls[i] instanceof PagedResultsResponseControl) { - PagedResultsResponseControl prrc = - (PagedResultsResponseControl)controls[i]; - total = prrc.getResultSize(); - if (total != 0) { - LOG.debug("END-OF-PAGE total : " + total); - } else { - LOG.debug("END-OF-PAGE total : unknown"); + // Examine the paged results control response + Control[] controls = ldapContext.getResponseControls(); + if (controls != null) { + for (int i = 0; i < controls.length; i++) { + if (controls[i] instanceof PagedResultsResponseControl) { + PagedResultsResponseControl prrc = + (PagedResultsResponseControl)controls[i]; + total = prrc.getResultSize(); + if (total != 0) { + LOG.debug("END-OF-PAGE total : " + total); + } else { + LOG.debug("END-OF-PAGE total : unknown"); + } + cookie = prrc.getCookie(); } - cookie = prrc.getCookie(); } + } else { + LOG.debug("No controls were sent from the server"); } - } else { - LOG.debug("No controls were sent from the server"); - } - // Re-activate paged results - if (pagedResultsEnabled) { - ldapContext.setRequestControls(new Control[]{ - new PagedResultsControl(PAGE_SIZE, cookie, Control.CRITICAL) }); - } - } while (cookie != null); - LOG.info("LDAPUserGroupBuilder.updateSink() completed with user count: " - + counter); + // Re-activate paged results + if (pagedResultsEnabled) { + ldapContext.setRequestControls(new Control[]{ + new PagedResultsControl(PAGE_SIZE, cookie, Control.CRITICAL) }); + } + } while (cookie != null); + LOG.info("LDAPUserGroupBuilder.updateSink() completed with user count: " + + counter); - + } } finally { if (userSearchResultEnum != null) { @@ -480,21 +485,22 @@ public class LdapUserGroupBuilder implements UserGroupSource { createLdapContext(); } - Iterator<UserInfo> userInfoIterator = userGroupMap.iterator(); - while(userInfoIterator.hasNext()) { - UserInfo userInfo = userInfoIterator.next(); + //Iterator<UserInfo> userInfoIterator = userGroupMap. + for (UserInfo userInfo : userGroupMap.values()) { + //UserInfo userInfo = userInfoIterator.next(); String userName = userInfo.getUserName(); if (groupSearchEnabled) { - try { + for (int ou=0; ou<groupSearchBase.length; ou++) { + try { groupSearchResultEnum = ldapContext - .search(groupSearchBase, extendedGroupSearchFilter, + .search(groupSearchBase[ou], extendedGroupSearchFilter, new Object[]{userInfo.getUserFullName()}, groupSearchControls); Set<String> computedGroups = new HashSet<String>(); while (groupSearchResultEnum.hasMore()) { final SearchResult groupEntry = groupSearchResultEnum.next(); if (groupEntry != null) { - Attribute groupNameAttr = groupEntry.getAttributes() != null? groupEntry.getAttributes().get(groupNameAttribute) : null; + Attribute groupNameAttr = groupEntry.getAttributes().get(groupNameAttribute); if (groupNameAttr == null) { if (LOG.isInfoEnabled()) { LOG.info(groupNameAttribute + " empty for entry " + groupEntry.getNameInNamespace() + @@ -521,9 +527,10 @@ public class LdapUserGroupBuilder implements UserGroupSource { } userInfo.addGroups(computedGroups); - } finally { - if (groupSearchResultEnum != null) { - groupSearchResultEnum.close(); + } finally { + if (groupSearchResultEnum != null) { + groupSearchResultEnum.close(); + } } } } @@ -582,4 +589,4 @@ class UserInfo { public List<String> getGroups() { return (new ArrayList<String>(groupList)); } -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02b4790a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java index 43cd982..e342cae 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java @@ -863,4 +863,14 @@ public class UserGroupSyncConfig { public void setProperty(String name, String value) { prop.setProperty(name, value); } + + /* Used only for unit testing */ + public void setUserSearchBase(String userSearchBase) throws Throwable { + prop.setProperty(LGSYNC_USER_SEARCH_BASE, userSearchBase); + } + + /* Used only for unit testing */ + public void setGroupSearchBase(String groupSearchBase) throws Throwable { + prop.setProperty(LGSYNC_GROUP_SEARCH_BASE, groupSearchBase); + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02b4790a/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java ---------------------------------------------------------------------- diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java index ae87aee..68ddfef 100644 --- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java +++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java @@ -95,7 +95,9 @@ public class LdapUserGroupTest extends AbstractLdapTestUnit{ @Test public void testUpdateSinkTotalUsers() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setUserSearchFilter(""); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setGroupSearchEnabled(false); config.setPagedResultsEnabled(true); PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); @@ -106,7 +108,9 @@ public class LdapUserGroupTest extends AbstractLdapTestUnit{ @Test public void testUpdateSinkWithoutPagedResults() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setUserSearchFilter(""); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setGroupSearchEnabled(false); config.setPagedResultsEnabled(false); PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); @@ -117,8 +121,10 @@ public class LdapUserGroupTest extends AbstractLdapTestUnit{ @Test public void testUpdateSinkUserFilter() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); //config.setUserSearchFilter("(|(memberof=cn=usersGroup9,ou=Group,dc=openstacklocal)(memberof=cn=usersGroup4,ou=Group,dc=openstacklocal))"); config.setUserSearchFilter("(|(memberof=CN=Group10,OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com)(memberof=CN=Group11,OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com))"); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setGroupSearchEnabled(false); PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); sink.init(); @@ -128,7 +134,9 @@ public class LdapUserGroupTest extends AbstractLdapTestUnit{ @Test public void testUpdateSinkTotalGroups() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setUserSearchFilter(""); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setGroupSearchFilter(""); config.setGroupSearchEnabled(true); PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); @@ -139,7 +147,9 @@ public class LdapUserGroupTest extends AbstractLdapTestUnit{ @Test public void testUpdateSinkGroupFilter() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setUserSearchFilter(""); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setGroupSearchFilter("cn=Group19"); config.setGroupSearchEnabled(true); PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); @@ -150,7 +160,9 @@ public class LdapUserGroupTest extends AbstractLdapTestUnit{ @Test public void testUpdateSinkGroupSearchDisable() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setUserSearchFilter(""); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setGroupSearchFilter("cn=Group19"); config.setGroupSearchEnabled(false); PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); @@ -159,6 +171,76 @@ public class LdapUserGroupTest extends AbstractLdapTestUnit{ assertEquals(11, sink.getTotalGroups()); } + @Test + public void testUpdateSinkMultipleOUs() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setGroupSearchEnabled(true); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(111, sink.getTotalUsers()); + assertEquals(1, sink.getTotalGroups()); + } + + @Test + public void testUpdateSinkMultipleOUsNoGroupSearch() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setGroupSearchEnabled(false); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(111, sink.getTotalUsers()); + assertEquals(12, sink.getTotalGroups()); + } + + @Test + public void testMultipleOUGroupsNoGroupSearch() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setGroupSearchEnabled(false); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(111, sink.getTotalUsers()); + assertEquals(12, sink.getTotalGroups()); + } + + @Test + public void testMultipleOUGroupsWithGroupSearch() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*"); + config.setGroupSearchEnabled(true); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(111, sink.getTotalUsers()); + assertEquals(11, sink.getTotalGroups()); + } + + @Test + public void testUpdateSinkMultipleOUGroups() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setGroupSearchEnabled(true); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(111, sink.getTotalUsers()); + assertEquals(2, sink.getTotalGroups()); + } + @After public void shutdown() throws Exception { if (getService().isStarted()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02b4790a/ugsync/src/test/resources/ADSchema.ldif ---------------------------------------------------------------------- diff --git a/ugsync/src/test/resources/ADSchema.ldif b/ugsync/src/test/resources/ADSchema.ldif index 092d018..9d5a4c2 100644 --- a/ugsync/src/test/resources/ADSchema.ldif +++ b/ugsync/src/test/resources/ADSchema.ldif @@ -45,7 +45,7 @@ m-oid: 1.3.840.113556.1.4.221 m-name: memberOf m-equality: caseIgnoreMatch m-syntax: 1.3.6.1.4.1.1466.115.121.1.15 -m-singleValue: TRUE +m-singleValue: FALSE dn: m-oid=1.4.840.113556.1.4.221, ou=attributetypes, cn=microsoft, ou=schema changetype: add @@ -97,6 +97,30 @@ distinguishedName: CN=Users,DC=ranger,DC=qe,DC=hortonworks,DC=com sn: Users sAMAccountName: Users +dn: OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: organizationalUnit +ou: HadoopUsers +distinguishedName: OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com + +dn: OU=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: organizationalUnit +ou: BusinessUsers +distinguishedName: OU=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com + +dn: OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: organizationalUnit +ou: HdpGroups +distinguishedName: OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com + dn: OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com changetype: add objectClass: extensibleObject @@ -105,6 +129,47 @@ objectClass: organizationalUnit ou: Groups distinguishedName: OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com + +dn: CN=HdpUser1,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: person +objectClass: organizationalPerson +#objectClass: user +cn: HdpUser1 +userPassword: password +distinguishedName: CN=HdpUser1,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +memberOf: CN=Group10,OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com +memberOf: CN=HdpGroup10,OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +sAMAccountName: HdpUser1 +#codePage: 0 +#badPasswordTime: 0 +pwdLastSet: 130850196406172191 +#accountExpires: 9223372036854775807 +sn: HdpUser1 +userPrincipalName: [email protected] + +dn: CN=BusUser1,OU=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: person +objectClass: organizationalPerson +#objectClass: user +cn: BusUser1 +userPassword: password +distinguishedName: CN=BusUser1,OU=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +memberOf: CN=Group10,OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com +sAMAccountName: BusUser1 +#codePage: 0 +#badPasswordTime: 0 +pwdLastSet: 130850196406172191 +#accountExpires: 9223372036854775807 +sn: BusUser1 +userPrincipalName: [email protected] + + dn: CN=User1000,CN=Users,DC=ranger,DC=qe,DC=hortonworks,DC=com changetype: add objectClass: extensibleObject @@ -2178,6 +2243,18 @@ sn: User1910 #userPrincipalName: [email protected] +dn: CN=HdpGroup10,OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: groupOfNames +cn: HdpGroup10 +member: CN=HdpUser1,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +distinguishedName: CN=HdpGroup10,OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com +sAMAccountName: HdpGroup10 +sn: Group10 +#groupType: -2147483644 + dn: CN=Group10,OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com changetype: add objectClass: extensibleObject
