Repository: incubator-ranger Updated Branches: refs/heads/master 6b47ac115 -> 906099e1e
Ranger-893: Added support to fetch groups configured with user's short name as the member attribute Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/48ab21bd Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/48ab21bd Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/48ab21bd Branch: refs/heads/master Commit: 48ab21bd1924b1b05574839331031e3e5d97abb8 Parents: 6b47ac1 Author: Sailaja Polavarapu <[email protected]> Authored: Tue Apr 5 13:07:49 2016 -0700 Committer: Velmurugan Periasamy <[email protected]> Committed: Thu Apr 14 18:35:52 2016 -0400 ---------------------------------------------------------------------- .../process/LdapUserGroupBuilder.java | 104 ++- .../config/UserGroupSyncConfig.java | 15 + .../ranger/usergroupsync/LdapUserGroupTest.java | 718 +++++++++++-------- ugsync/src/test/resources/ADSchema.ldif | 126 +++- .../src/test/resources/ranger-ugsync-site.xml | 2 +- 5 files changed, 597 insertions(+), 368 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/48ab21bd/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java index e68a52f..b12d209 100644 --- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java @@ -104,8 +104,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { Mapper userNameRegExInst = null; Mapper groupNameRegExInst = null; private Map<String, UserInfo> userGroupMap; - private Set<String> usersList; - + public static void main(String[] args) throws Throwable { LdapUserGroupBuilder ugBuilder = new LdapUserGroupBuilder(); ugBuilder.init(); @@ -267,14 +266,12 @@ public class LdapUserGroupBuilder implements UserGroupSource { } extendedAllGroupsSearchFilter = "(&" + extendedGroupSearchFilter + ")"; if (!groupSearchFirstEnabled) { - extendedGroupSearchFilter = "(&" + extendedGroupSearchFilter + "(" + groupMemberAttributeName + "={0})" + ")"; + extendedGroupSearchFilter = "(&" + extendedGroupSearchFilter + "(|(" + groupMemberAttributeName + "={0})(" + groupMemberAttributeName + "={1})))"; } groupUserMapSyncEnabled = config.isGroupUserMapSyncEnabled(); groupSearchControls = new SearchControls(); groupSearchControls.setSearchScope(groupSearchScope); - //String[] groupSearchAttributes = new String[]{groupNameAttribute}; - //groupSearchControls.setReturningAttributes(groupSearchAttributes); Set<String> groupSearchAttributes = new HashSet<String>(); groupSearchAttributes.add(groupNameAttribute); @@ -352,6 +349,18 @@ public class LdapUserGroupBuilder implements UserGroupSource { getGroups(sink, userInfo); } List<String> groupList = userInfo.getGroups(); + if (userNameCaseConversionFlag) { + if (userNameLowerCaseFlag) { + userName = userName.toLowerCase() ; + } + else { + userName = userName.toUpperCase() ; + } + } + + if (userNameRegExInst != null) { + userName = userNameRegExInst.transform(userName); + } try { sink.addOrUpdateUser(userName, groupList); } catch (Throwable t) { @@ -371,7 +380,8 @@ public class LdapUserGroupBuilder implements UserGroupSource { LOG.info("User search is disabled and hence using the group member attribute for username."); // Go through the userInfo map and update ranger admin. for (UserInfo userInfo : userGroupMap.values()) { - String userName = userInfo.getUserName(); + String userName = getShortUserName(userInfo.getUserFullName()); + List<String> groupList = userInfo.getGroups(); if (userNameCaseConversionFlag) { if (userNameLowerCaseFlag) { userName = userName.toLowerCase() ; @@ -384,7 +394,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { if (userNameRegExInst != null) { userName = userNameRegExInst.transform(userName); } - List<String> groupList = userInfo.getGroups(); + try { sink.addOrUpdateUser(userName, groupList); } catch (Throwable t) { @@ -402,7 +412,6 @@ public class LdapUserGroupBuilder implements UserGroupSource { NamingEnumeration<SearchResult> userSearchResultEnum = null; NamingEnumeration<SearchResult> groupSearchResultEnum = null; try { - //setConfig(); createLdapContext(); int total; // Activate paged results @@ -459,19 +468,6 @@ public class LdapUserGroupBuilder implements UserGroupSource { continue; } - if (userNameCaseConversionFlag) { - if (userNameLowerCaseFlag) { - userName = userName.toLowerCase() ; - } - else { - userName = userName.toUpperCase() ; - } - } - - if (userNameRegExInst != null) { - userName = userNameRegExInst.transform(userName); - } - if (!groupSearchFirstEnabled) { userInfo = new UserInfo(userName, userEntry.getNameInNamespace()); Set<String> groups = new HashSet<String>(); @@ -502,6 +498,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { } userInfo.addGroups(groups); + //populate the userGroupMap with username, userInfo. //userInfo contains details of user that will be later used for //group search to compute group membership as well as to call sink.addOrUpdateUser() @@ -538,13 +535,30 @@ public class LdapUserGroupBuilder implements UserGroupSource { // then update user name in the userInfo map with the value from the search result // and update ranger admin. String userFullName = (userEntry.getNameInNamespace()).toLowerCase(); - LOG.info("Chekcing if the user " + userFullName + " is part of the retrieved groups"); - if (usersList != null && usersList.contains(userFullName)) { + LOG.debug("Chekcing if the user " + userFullName + " is part of the retrieved groups"); + + userInfo = userGroupMap.get(userFullName); + if (userInfo == null) { + userInfo = userGroupMap.get(userName.toLowerCase()); + } + if (userInfo != null) { counter++; - userInfo = userGroupMap.get(userFullName); LOG.info("Updating username for " + userFullName + " with " + userName); userInfo.updateUserName(userName); List<String> groupList = userInfo.getGroups(); + if (userNameCaseConversionFlag) { + if (userNameLowerCaseFlag) { + userName = userName.toLowerCase() ; + } + else { + userName = userName.toUpperCase() ; + } + } + + if (userNameRegExInst != null) { + userName = userNameRegExInst.transform(userName); + } + try { sink.addOrUpdateUser(userName, groupList); } catch (Throwable t) { @@ -552,7 +566,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { + ", for user: " + userName + ", groups: " + groupList); } - } + } } } @@ -600,9 +614,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { private void getGroups(UserGroupSink sink, UserInfo userInfo) throws Throwable { NamingEnumeration<SearchResult> groupSearchResultEnum = null; - usersList = new HashSet<String>(); try { - //setConfig(); createLdapContext(); int total; // Activate paged results @@ -622,7 +634,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { } groupSearchResultEnum = ldapContext .search(groupSearchBase[ou], extendedGroupSearchFilter, - new Object[]{userInfo.getUserFullName()}, + new Object[]{userInfo.getUserFullName(), userInfo.getUserName()}, groupSearchControls); } else { // If group based search is enabled, then first retrieve all the groups based on the group configuration. @@ -630,7 +642,6 @@ public class LdapUserGroupBuilder implements UserGroupSource { .search(groupSearchBase[ou], extendedAllGroupsSearchFilter, groupSearchControls); } - //Set<String> computedGroups = new HashSet<String>(); while (groupSearchResultEnum.hasMore()) { final SearchResult groupEntry = groupSearchResultEnum.next(); if (groupEntry != null) { @@ -674,37 +685,20 @@ public class LdapUserGroupBuilder implements UserGroupSource { } NamingEnumeration<?> userEnum = groupMemberAttr.getAll(); while (userEnum.hasMore()) { - String userFullName = (String) userEnum.next(); - if (userFullName == null || userFullName.trim().isEmpty()) { + String originalUserFullName = (String) userEnum.next(); + if (originalUserFullName == null || originalUserFullName.trim().isEmpty()) { continue; } - userFullName = userFullName.toLowerCase(); + String userFullName = originalUserFullName.toLowerCase(); userCount++; - /* If user search is enabled, then the username is updated later - * based on the user search config (in getUsers() method) else - * use user's short name as the username and use that in the map. - */ - if (userSearchEnabled) { - if (!userGroupMap.containsKey(userFullName)) { - userInfo = new UserInfo(userFullName, userFullName); - userGroupMap.put(userFullName, userInfo); - } else { - userInfo = userGroupMap.get(userFullName); - } - LOG.info("Adding " + gName + " to user " + userInfo.getUserFullName()); - userInfo.addGroup(gName); - usersList.add(userFullName); + if (!userGroupMap.containsKey(userFullName)) { + userInfo = new UserInfo(userFullName, originalUserFullName); // Preserving the original full name for later + userGroupMap.put(userFullName, userInfo); } else { - String userShortName = getShortUserName(userFullName); - if (!userGroupMap.containsKey(userShortName)) { - userInfo = new UserInfo(userShortName, userFullName); - userGroupMap.put(userShortName, userInfo); - } else { - userInfo = userGroupMap.get(userShortName); - } - LOG.debug("Adding " + gName + " to user " + userInfo.getUserName()); - userInfo.addGroup(gName); + userInfo = userGroupMap.get(userFullName); } + LOG.info("Adding " + gName + " to user " + userInfo.getUserFullName()); + userInfo.addGroup(gName); } LOG.info("No. of members in the group " + gName + " = " + userCount); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/48ab21bd/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java index 2297b65..f54b24a 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java @@ -929,4 +929,19 @@ public class UserGroupSyncConfig { public void setUserSearchEnabled(boolean userSearchEnabled) { prop.setProperty(LGSYNC_USER_SEARCH_ENABLED, String.valueOf(userSearchEnabled)); } + + /* Used only for unit testing */ + public void setUserGroupMemberAttributeName(String groupMemberAttrName) { + prop.setProperty(LGSYNC_GROUP_MEMBER_ATTRIBUTE_NAME, groupMemberAttrName); + } + + /* Used only for unit testing */ + public void setUserObjectClass(String userObjectClass) { + prop.setProperty(LGSYNC_USER_OBJECT_CLASS, userObjectClass); + } + + /* Used only for unit testing */ + public void setGroupObjectClass(String groupObjectClass) { + prop.setProperty(LGSYNC_GROUP_OBJECT_CLASS, groupObjectClass); + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/48ab21bd/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java ---------------------------------------------------------------------- diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java index df8adf3..b285e78 100644 --- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java +++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java @@ -45,356 +45,452 @@ import org.apache.ranger.usergroupsync.PolicyMgrUserGroupBuilderTest; @CreateDS(name = "classDS", partitions = { - @CreatePartition( - name = "AD", - suffix = "DC=ranger,DC=qe,DC=hortonworks,DC=com", - contextEntry = @ContextEntry( - entryLdif = - "dn: DC=ranger,DC=qe,DC=hortonworks,DC=com\n" + - "objectClass: domain\n" + - "objectClass: top\n" + - "dc: example\n\n" - ), - indexes = - { - @CreateIndex(attribute = "objectClass"), - @CreateIndex(attribute = "dc"), - @CreateIndex(attribute = "ou") - } - ) + @CreatePartition( + name = "AD", + suffix = "DC=ranger,DC=qe,DC=hortonworks,DC=com", + contextEntry = @ContextEntry( + entryLdif = + "dn: DC=ranger,DC=qe,DC=hortonworks,DC=com\n" + + "objectClass: domain\n" + + "objectClass: top\n" + + "dc: example\n\n" + ), + indexes = + { + @CreateIndex(attribute = "objectClass"), + @CreateIndex(attribute = "dc"), + @CreateIndex(attribute = "ou") + } + ) } -) + ) @CreateLdapConnectionPool( - maxActive = 1, - maxWait = 5000 ) + maxActive = 1, + maxWait = 5000 ) @ApplyLdifFiles( { "ADSchema.ldif" - } - ) +} + ) public class LdapUserGroupTest extends AbstractLdapTestUnit{ private UserGroupSyncConfig config; - private LdapUserGroupBuilder ldapBuilder; - + private LdapUserGroupBuilder ldapBuilder; + @Before public void setup() throws Exception { LdapServer ldapServer = new LdapServer(); - ldapServer.setSaslHost("127.0.0.1"); - ldapServer.setSearchBaseDn("DC=ranger,DC=qe,DC=hortonworks,DC=com"); - String ldapPort = System.getProperty("ldap.port"); - Assert.assertNotNull("Property 'ldap.port' null", ldapPort); - ldapServer.setTransports(new TcpTransport("127.0.0.1", Integer.parseInt(ldapPort))); - ldapServer.setDirectoryService(getService()); - ldapServer.setMaxSizeLimit( LdapServer.NO_SIZE_LIMIT ); - setLdapServer(ldapServer); - getService().startup(); - getLdapServer().start(); + ldapServer.setSaslHost("127.0.0.1"); + ldapServer.setSearchBaseDn("DC=ranger,DC=qe,DC=hortonworks,DC=com"); + String ldapPort = System.getProperty("ldap.port"); + Assert.assertNotNull("Property 'ldap.port' null", ldapPort); + ldapServer.setTransports(new TcpTransport("127.0.0.1", Integer.parseInt(ldapPort))); + ldapServer.setDirectoryService(getService()); + ldapServer.setMaxSizeLimit( LdapServer.NO_SIZE_LIMIT ); + setLdapServer(ldapServer); + getService().startup(); + getLdapServer().start(); config = UserGroupSyncConfig.getInstance(); ldapBuilder = new LdapUserGroupBuilder(); } - + @Test - public void testUpdateSinkTotalUsers() throws Throwable { + public void testUpdateSinkTotalUsers() throws Throwable { config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setUserSearchFilter(""); config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchEnabled(false); - config.setPagedResultsEnabled(true); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(false); + config.setPagedResultsEnabled(true); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); sink.init(); ldapBuilder.updateSink(sink); assertEquals(109, sink.getTotalUsers()); - } - + } + @Test - public void testUpdateSinkWithoutPagedResults() throws Throwable { + public void testUpdateSinkWithoutPagedResults() throws Throwable { config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); config.setUserSearchFilter(""); config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchEnabled(false); - config.setPagedResultsEnabled(false); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(false); + config.setPagedResultsEnabled(false); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); sink.init(); ldapBuilder.updateSink(sink); assertEquals(109, sink.getTotalUsers()); - } - + } + + @Test + public void testUpdateSinkUserFilter() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + //config.setUserSearchFilter("(|(memberof=cn=usersGroup9,ou=Group,dc=openstacklocal)(memberof=cn=usersGroup4,ou=Group,dc=openstacklocal))"); + config.setUserSearchFilter("(|(memberof=CN=Group10,OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com)(memberof=CN=Group11,OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com))"); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(false); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(12, sink.getTotalUsers()); + } + + @Test + public void testUpdateSinkTotalGroups() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter(""); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter(""); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(true); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(10, sink.getTotalGroups()); + } + + @Test + public void testUpdateSinkGroupFilter() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter(""); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=Group19"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(true); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(1, sink.getTotalGroups()); + } + + @Test + public void testUpdateSinkGroupSearchDisable() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter(""); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=Group19"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(false); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(11, sink.getTotalGroups()); + } + + @Test + public void testUpdateSinkMultipleOUs() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(true); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(111, sink.getTotalUsers()); + assertEquals(1, sink.getTotalGroups()); + } + + @Test + public void testUpdateSinkMultipleOUsNoGroupSearch() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(false); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(111, sink.getTotalUsers()); + assertEquals(12, sink.getTotalGroups()); + } + + @Test + public void testMultipleOUGroupsNoGroupSearch() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(false); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(111, sink.getTotalUsers()); + assertEquals(12, sink.getTotalGroups()); + } + + @Test + public void testMultipleOUGroupsWithGroupSearch() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(true); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(111, sink.getTotalUsers()); + assertEquals(11, sink.getTotalGroups()); + } + @Test - public void testUpdateSinkUserFilter() throws Throwable { - config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - //config.setUserSearchFilter("(|(memberof=cn=usersGroup9,ou=Group,dc=openstacklocal)(memberof=cn=usersGroup4,ou=Group,dc=openstacklocal))"); - config.setUserSearchFilter("(|(memberof=CN=Group10,OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com)(memberof=CN=Group11,OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com))"); - config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchEnabled(false); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(12, sink.getTotalUsers()); - } + public void testUpdateSinkMultipleOUGroups() throws Throwable { + config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(true); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(111, sink.getTotalUsers()); + assertEquals(2, sink.getTotalGroups()); + } - @Test - public void testUpdateSinkTotalGroups() throws Throwable { - config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setUserSearchFilter(""); - config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter(""); - config.setGroupSearchEnabled(true); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(10, sink.getTotalGroups()); - } + @Test + public void testGroupBasedAllUsers() throws Throwable { + config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchFirstEnabled(true); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(2, sink.getTotalUsers()); + assertEquals(2, sink.getTotalGroups()); + } - @Test - public void testUpdateSinkGroupFilter() throws Throwable { - config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setUserSearchFilter(""); - config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=Group19"); - config.setGroupSearchEnabled(true); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(1, sink.getTotalGroups()); - } + @Test + public void testGroupBasedWithUserFilter() throws Throwable { + config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); + config.setUserSearchFilter("cn=User*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchFirstEnabled(true); + config.setUserSearchEnabled(true); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(1, sink.getTotalUsers()); + assertEquals(2, sink.getTotalGroups()); + } - @Test - public void testUpdateSinkGroupSearchDisable() throws Throwable { - config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setUserSearchFilter(""); - config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=Group19"); - config.setGroupSearchEnabled(false); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(11, sink.getTotalGroups()); - } - - @Test - public void testUpdateSinkMultipleOUs() throws Throwable { - config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setUserSearchFilter("cn=*"); - config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=*Group10"); - config.setGroupSearchEnabled(true); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(111, sink.getTotalUsers()); - assertEquals(1, sink.getTotalGroups()); - } - - @Test - public void testUpdateSinkMultipleOUsNoGroupSearch() throws Throwable { - config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setUserSearchFilter("cn=*"); - config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=*Group10"); - config.setGroupSearchEnabled(false); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(111, sink.getTotalUsers()); - assertEquals(12, sink.getTotalGroups()); - } - - @Test - public void testMultipleOUGroupsNoGroupSearch() throws Throwable { - config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setUserSearchFilter("cn=*"); - config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=*Group10"); - config.setGroupSearchEnabled(false); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(111, sink.getTotalUsers()); - assertEquals(12, sink.getTotalGroups()); - } - - @Test - public void testMultipleOUGroupsWithGroupSearch() throws Throwable { - config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setUserSearchFilter("cn=*"); - config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=*"); - config.setGroupSearchEnabled(true); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(111, sink.getTotalUsers()); - assertEquals(11, sink.getTotalGroups()); - } - - @Test - public void testUpdateSinkMultipleOUGroups() throws Throwable { - config.setUserSearchBase("cn=users,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;ou=BusinessUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setUserSearchFilter("cn=*"); - config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=*Group10"); - config.setGroupSearchEnabled(true); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(111, sink.getTotalUsers()); - assertEquals(2, sink.getTotalGroups()); - } - - @Test - public void testGroupBasedAllUsers() throws Throwable { - config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); - config.setUserSearchFilter("cn=*"); - config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=*Group10"); - config.setGroupSearchFirstEnabled(true); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(2, sink.getTotalUsers()); - assertEquals(2, sink.getTotalGroups()); - } - - @Test - public void testGroupBasedWithUserFilter() throws Throwable { - config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); - config.setUserSearchFilter("cn=User*"); - config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=*Group10"); - config.setGroupSearchFirstEnabled(true); - config.setUserSearchEnabled(true); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(1, sink.getTotalUsers()); - assertEquals(2, sink.getTotalGroups()); - } - - @Test - public void testGroupBasedWithNoUsers() throws Throwable { - config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); - config.setUserSearchFilter("cn=*"); - config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=Group2*"); - config.setGroupSearchFirstEnabled(true); - config.setUserSearchEnabled(true); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(0, sink.getTotalUsers()); - assertEquals(2, sink.getTotalGroups()); - } - - @Test - public void testGroupBasedWithAllUsersAndGroups() throws Throwable { + @Test + public void testGroupBasedWithNoUsers() throws Throwable { config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); - config.setUserSearchFilter("cn=*"); - config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=*"); - config.setGroupSearchFirstEnabled(true); - config.setUserSearchEnabled(true); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(100, sink.getTotalUsers()); - assertEquals(13, sink.getTotalGroups()); - } - - @Test - public void testGroupBasedWithSingleOU() throws Throwable { + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=Group2*"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchFirstEnabled(true); + config.setUserSearchEnabled(true); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(0, sink.getTotalUsers()); + assertEquals(2, sink.getTotalGroups()); + } + + @Test + public void testGroupBasedWithAllUsersAndGroups() throws Throwable { config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); - config.setUserSearchFilter("cn=*"); - config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=*"); - config.setGroupSearchFirstEnabled(true); - config.setUserSearchEnabled(true); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(99, sink.getTotalUsers()); - assertEquals(12, sink.getTotalGroups()); - } - - @Test - public void testUpdateSinkWithEmptyUserSearchBase() throws Throwable { + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchFirstEnabled(true); + config.setUserSearchEnabled(true); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(100, sink.getTotalUsers()); + assertEquals(13, sink.getTotalGroups()); + } + + @Test + public void testGroupBasedWithSingleOU() throws Throwable { + config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchFirstEnabled(true); + config.setUserSearchEnabled(true); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(99, sink.getTotalUsers()); + assertEquals(12, sink.getTotalGroups()); + } + + @Test + public void testUpdateSinkWithEmptyUserSearchBase() throws Throwable { config.setUserSearchBase(""); config.setUserSearchFilter(""); config.setGroupSearchBase("OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchEnabled(false); - config.setPagedResultsEnabled(true); - config.setGroupSearchFirstEnabled(false); - ldapBuilder.init(); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchEnabled(false); + config.setPagedResultsEnabled(true); + config.setGroupSearchFirstEnabled(false); + ldapBuilder.init(); PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); sink.init(); ldapBuilder.updateSink(sink); assertEquals(111, sink.getTotalUsers()); - } - - @Test - public void testGBWithUserSearchDisabled() throws Throwable { - config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); - config.setUserSearchFilter("cn=User*"); - config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=*Group10"); - config.setGroupSearchFirstEnabled(true); - config.setUserSearchEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(2, sink.getTotalUsers()); - assertEquals(2, sink.getTotalGroups()); - } - - @Test - public void testGBWithNoUsersAndUserSearchDisabled() throws Throwable { - config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); - config.setUserSearchFilter("cn=*"); - config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); - config.setGroupSearchFilter("cn=Group2*"); - config.setGroupSearchFirstEnabled(true); - config.setUserSearchEnabled(false); - ldapBuilder.init(); - PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); - sink.init(); - ldapBuilder.updateSink(sink); - assertEquals(0, sink.getTotalUsers()); - assertEquals(2, sink.getTotalGroups()); - } - - @After - public void shutdown() throws Exception { - if (getService().isStarted()) { - getService().shutdown(); - } - if (getLdapServer().isStarted()) { - getLdapServer().stop(); - } - } + } + + @Test + public void testGBWithUserSearchDisabled() throws Throwable { + config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); + config.setUserSearchFilter("cn=User*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*Group10"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchFirstEnabled(true); + config.setUserSearchEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(2, sink.getTotalUsers()); + assertEquals(2, sink.getTotalGroups()); + } + + @Test + public void testGBWithNoUsersAndUserSearchDisabled() throws Throwable { + config.setUserSearchBase("DC=ranger,DC=qe,DC=hortonworks,DC=com;"); + config.setUserSearchFilter("cn=*"); + config.setGroupSearchBase("OU=HdpGroups,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com;OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=Group2*"); + config.setUserGroupMemberAttributeName("member"); + config.setUserObjectClass("organizationalPerson"); + config.setGroupObjectClass("groupOfNames"); + config.setGroupSearchFirstEnabled(true); + config.setUserSearchEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(0, sink.getTotalUsers()); + assertEquals(2, sink.getTotalGroups()); + } + + @Test + public void testUpdateSinkShortUserName() throws Throwable { + config.setUserSearchBase("ou=people,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("uid=*"); + config.setUserObjectClass("posixAccount"); + config.setGroupSearchBase("OU=pGroups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*"); + config.setGroupSearchEnabled(true); + config.setGroupSearchFirstEnabled(false); + config.setUserGroupMemberAttributeName("memberuid"); + config.setGroupObjectClass("posixGroup"); + config.setUserSearchEnabled(false); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(1, sink.getTotalUsers()); + assertEquals(3, sink.getTotalGroups()); + } + + @Test + public void testShortUserNameWithGroupBased() throws Throwable { + config.setUserSearchBase("ou=people,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setUserSearchFilter("uid=*"); + config.setUserObjectClass("posixAccount"); + config.setGroupSearchBase("OU=pGroups,DC=ranger,DC=qe,DC=hortonworks,DC=com"); + config.setGroupSearchFilter("cn=*"); + config.setGroupSearchEnabled(true); + config.setGroupSearchFirstEnabled(true); + config.setUserGroupMemberAttributeName("memberuid"); + config.setGroupObjectClass("posixGroup"); + config.setUserSearchEnabled(true); + ldapBuilder.init(); + PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest(); + sink.init(); + ldapBuilder.updateSink(sink); + assertEquals(1, sink.getTotalUsers()); + assertEquals(3, sink.getTotalGroups()); + } + + @After + public void shutdown() throws Exception { + if (getService().isStarted()) { + getService().shutdown(); + } + if (getLdapServer().isStarted()) { + getLdapServer().stop(); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/48ab21bd/ugsync/src/test/resources/ADSchema.ldif ---------------------------------------------------------------------- diff --git a/ugsync/src/test/resources/ADSchema.ldif b/ugsync/src/test/resources/ADSchema.ldif index 59402f1..db62387 100644 --- a/ugsync/src/test/resources/ADSchema.ldif +++ b/ugsync/src/test/resources/ADSchema.ldif @@ -69,6 +69,39 @@ m-equality: caseIgnoreMatch m-syntax: 1.3.6.1.4.1.1466.115.121.1.15 m-singleValue: TRUE +dn: m-oid=1.6.840.113556.1.4.221, ou=attributetypes, cn=microsoft, ou=schema +changetype: add +objectclass: metaAttributeType +objectclass: metaTop +objectclass: top +m-oid: 1.6.840.113556.1.4.221 +m-name: memberuid +m-equality: caseIgnoreMatch +m-syntax: 1.3.6.1.4.1.1466.115.121.1.15 +m-singleValue: FALSE + +dn: m-oid=1.7.840.113556.1.4.221, ou=attributetypes, cn=microsoft, ou=schema +changetype: add +objectclass: metaAttributeType +objectclass: metaTop +objectclass: top +m-oid: 1.7.840.113556.1.4.221 +m-name: gidNumber +m-equality: caseIgnoreMatch +m-syntax: 1.3.6.1.4.1.1466.115.121.1.15 +m-singleValue: FALSE + +dn: m-oid=1.8.840.113556.1.4.221, ou=attributetypes, cn=microsoft, ou=schema +changetype: add +objectclass: metaAttributeType +objectclass: metaTop +objectclass: top +m-oid: 1.8.840.113556.1.4.221 +m-name: uidNumber +m-equality: caseIgnoreMatch +m-syntax: 1.3.6.1.4.1.1466.115.121.1.15 +m-singleValue: FALSE + dn: ou=objectclasses, cn=microsoft, ou=schema changetype: add objectclass: organizationalUnit @@ -86,6 +119,37 @@ m-supObjectClass: top m-typeObjectClass: AUXILIARY m-must: sAMAccountName +dn: m-oid=1.3.6.1.1.1.2.2,ou=objectClasses,cn=microsoft,ou=schema +changetype: add +m-must: cn +m-must: gidNumber +m-oid: 1.3.6.1.1.1.2.2 +m-supobjectclass: top +objectclass: metaObjectClass +objectclass: metaTop +objectclass: top +m-name: posixGroup +m-typeobjectclass: STRUCTURAL +m-may: userPassword +m-may: memberUid +m-may: description + +dn: m-oid=1.3.6.1.1.1.2.0,ou=objectClasses,cn=microsoft,ou=schema +changetype: add +m-must: cn +m-must: uid +m-may: uidNumber +m-must: gidNumber +m-oid: 1.3.6.1.1.1.2.0 +m-supobjectclass: top +objectclass: metaObjectClass +objectclass: metaTop +objectclass: top +m-name: posixAccount +m-typeobjectclass: AUXILIARY +m-may: userPassword +m-may: description + dn: CN=Users,DC=ranger,DC=qe,DC=hortonworks,DC=com changetype: add objectClass: extensibleObject @@ -97,6 +161,14 @@ distinguishedName: CN=Users,DC=ranger,DC=qe,DC=hortonworks,DC=com sn: Users sAMAccountName: Users +dn: OU=people,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: organizationalUnit +ou: people +distinguishedName: OU=people,DC=ranger,DC=qe,DC=hortonworks,DC=com + dn: OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com changetype: add objectClass: extensibleObject @@ -129,6 +201,13 @@ objectClass: organizationalUnit ou: Groups distinguishedName: OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com +dn: OU=pGroups,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: organizationalUnit +ou: pGroups +distinguishedName: OU=pGroups,DC=ranger,DC=qe,DC=hortonworks,DC=com dn: CN=HdpUser1,OU=HadoopUsers,DC=ranger,DC=qe,DC=hortonworks,DC=com changetype: add @@ -2497,4 +2576,49 @@ member: distinguishedName: CN=Group21,OU=Groups,DC=ranger,DC=qe,DC=hortonworks,DC=com sAMAccountName: Group21 sn: Group21 -#groupType: -2147483644 \ No newline at end of file +#groupType: -2147483644 + +dn: uid=pUser1000,ou=People,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: top +objectClass: organizationalUnit +objectClass: posixAccount +#objectClass: shadowAccount +ou: People +uid: pUser1000 +cn: pUser1000 +uidNumber: 1000 +gidNumber: 2000 + +dn: CN=pGroup2000,OU=pGroups,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: posixGroup +cn: pGroup2000 +memberuid: pUser1000 +distinguishedName: CN=pGroup2000,OU=pGroups,DC=ranger,DC=qe,DC=hortonworks,DC=com +gidNumber: 2000 +sn: pGroup2000 + +dn: CN=pGroup2001,OU=pGroups,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: posixGroup +cn: pGroup2001 +memberuid: pUser1000 +distinguishedName: CN=pGroup2001,OU=pGroups,DC=ranger,DC=qe,DC=hortonworks,DC=com +gidNumber: 2001 +sn: pGroup2001 + +dn: CN=pGroup2002,OU=pGroups,DC=ranger,DC=qe,DC=hortonworks,DC=com +changetype: add +objectClass: extensibleObject +objectClass: top +objectClass: posixGroup +cn: pGroup2002 +memberuid: pUser1000 +distinguishedName: CN=pGroup2002,OU=pGroups,DC=ranger,DC=qe,DC=hortonworks,DC=com +gidNumber: 2002 +sn: pGroup2002 \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/48ab21bd/ugsync/src/test/resources/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ugsync/src/test/resources/ranger-ugsync-site.xml b/ugsync/src/test/resources/ranger-ugsync-site.xml index 1bd07d1..d7a6e68 100644 --- a/ugsync/src/test/resources/ranger-ugsync-site.xml +++ b/ugsync/src/test/resources/ranger-ugsync-site.xml @@ -34,7 +34,7 @@ <property> <name>ranger.usersync.group.objectclass</name> - <value>groupOfNames</value> + <value>top</value> </property> <property>
