RANGER-637 : Make REFERRAL property in Ranger User sync configurable Signed-off-by: Velmurugan Periasamy <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/36740018 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/36740018 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/36740018 Branch: refs/heads/HDP-2.3.2-groupid Commit: 36740018f27a8a691429dad065262c482956564b Parents: af8510a Author: Gautam Borad <[email protected]> Authored: Thu Sep 3 03:25:19 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Mon Sep 7 01:34:06 2015 -0400 ---------------------------------------------------------------------- jisql/src/main/java/org/apache/util/sql/Jisql.java | 1 - .../ldapusersync/process/LdapUserGroupBuilder.java | 7 ++++--- .../unixusersync/config/UserGroupSyncConfig.java | 14 ++++++++++++++ unixauthservice/scripts/install.properties | 2 ++ .../scripts/templates/installprop2xml.properties | 1 + .../scripts/templates/ranger-ugsync-template.xml | 4 ++++ 6 files changed, 25 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/36740018/jisql/src/main/java/org/apache/util/sql/Jisql.java ---------------------------------------------------------------------- diff --git a/jisql/src/main/java/org/apache/util/sql/Jisql.java b/jisql/src/main/java/org/apache/util/sql/Jisql.java index 9c74356..cf7563c 100644 --- a/jisql/src/main/java/org/apache/util/sql/Jisql.java +++ b/jisql/src/main/java/org/apache/util/sql/Jisql.java @@ -755,7 +755,6 @@ public class Jisql { + sqle.getErrorCode()); sqle = sqle.getNextException(); } - System.out.println("java.library.path:"+System.getProperty("java.library.path")); } /** http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/36740018/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java index 93893ef..66c6e28 100644 --- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java @@ -57,7 +57,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { private String ldapBindDn; private String ldapBindPassword; private String ldapAuthenticationMechanism; - + private String ldapReferral; private String searchBase; private String userSearchBase; @@ -135,7 +135,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { ldapBindPassword = config.getLdapBindPassword(); //ldapBindPassword = "admin-password"; ldapAuthenticationMechanism = config.getLdapAuthenticationMechanism(); - + ldapReferral = config.getContextReferral(); Properties env = new Properties(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); @@ -144,7 +144,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { env.put(Context.SECURITY_PRINCIPAL, ldapBindDn); env.put(Context.SECURITY_CREDENTIALS, ldapBindPassword); env.put(Context.SECURITY_AUTHENTICATION, ldapAuthenticationMechanism); - env.put(Context.REFERRAL, "follow") ; + env.put(Context.REFERRAL, ldapReferral) ; ldapContext = new InitialLdapContext(env, null); @@ -235,6 +235,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { + ", groupMemberAttributeName: " + groupMemberAttributeName + ", groupNameAttribute: " + groupNameAttribute + ", groupUserMapSyncEnabled: " + groupUserMapSyncEnabled + + ", ldapReferral: " + ldapReferral ); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/36740018/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java index f8b68f2..7240fce 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java @@ -172,6 +172,8 @@ public class UserGroupSyncConfig { private static final String DEFAULT_POLICYMGR_PASSWORD = "rangerusersync"; private static final String SYNC_SOURCE = "ranger.usersync.sync.source"; + private static final String LGSYNC_REFERRAL = "ranger.usersync.ldap.referral"; + private static final String DEFAULT_LGSYNC_REFERRAL = "ignore"; private Properties prop = new Properties() ; private static volatile UserGroupSyncConfig me = null ; @@ -715,4 +717,16 @@ public class UserGroupSyncConfig { } return syncSource; } + public String getContextReferral() { + String referral="ignore"; + if(prop!=null && prop.containsKey(LGSYNC_REFERRAL)){ + referral=prop.getProperty(LGSYNC_REFERRAL); + if(referral==null||referral.trim().isEmpty()){ + referral=DEFAULT_LGSYNC_REFERRAL; + }else{ + referral=referral.trim().toLowerCase(); + } + } + return referral; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/36740018/unixauthservice/scripts/install.properties ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/install.properties b/unixauthservice/scripts/install.properties index 5215620..f206d0a 100644 --- a/unixauthservice/scripts/install.properties +++ b/unixauthservice/scripts/install.properties @@ -169,3 +169,5 @@ SYNC_PAGED_RESULTS_ENABLED= # search results would be returned page by page with the specified number of entries per page # default value: 500 SYNC_PAGED_RESULTS_SIZE= +#LDAP context referral could be ignore or follow +SYNC_LDAP_REFERRAL =ignore http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/36740018/unixauthservice/scripts/templates/installprop2xml.properties ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/templates/installprop2xml.properties b/unixauthservice/scripts/templates/installprop2xml.properties index f102b52..77b8eac 100644 --- a/unixauthservice/scripts/templates/installprop2xml.properties +++ b/unixauthservice/scripts/templates/installprop2xml.properties @@ -48,3 +48,4 @@ AUTH_SSL_KEYSTORE_PASSWORD = ranger.usersync.keystore.password AUTH_SSL_TRUSTSTORE_FILE = ranger.usersync.truststore.file AUTH_SSL_TRUSTSTORE_PASSWORD = ranger.usersync.truststore.password AUTH_SSL_ENABLED = ranger.usersync.enabled +SYNC_LDAP_REFERRAL = ranger.usersync.ldap.referral http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/36740018/unixauthservice/scripts/templates/ranger-ugsync-template.xml ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/templates/ranger-ugsync-template.xml b/unixauthservice/scripts/templates/ranger-ugsync-template.xml index 268deb3..2bf5562 100644 --- a/unixauthservice/scripts/templates/ranger-ugsync-template.xml +++ b/unixauthservice/scripts/templates/ranger-ugsync-template.xml @@ -181,4 +181,8 @@ <name>ranger.usersync.sync.source</name> <value></value> </property> + <property> + <name>ranger.usersync.ldap.referral</name> + <value></value> + </property> </configuration>
