Repository: incubator-ranger Updated Branches: refs/heads/master 4e80d187c -> f0067ecde
Ranger-1011: Adding User's Group name attribute to user search attribute list only for User based search and group search is disabled Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f0067ecd Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f0067ecd Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f0067ecd Branch: refs/heads/master Commit: f0067ecde46c6291c5f9161aafae9584038d8a80 Parents: 4e80d18 Author: Sailaja Polavarapu <[email protected]> Authored: Wed Jun 1 15:07:01 2016 -0700 Committer: Velmurugan Periasamy <[email protected]> Committed: Fri Jun 3 17:20:22 2016 -0400 ---------------------------------------------------------------------- .../ldapusersync/process/LdapUserGroupBuilder.java | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f0067ecd/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java index bb9cf88..c3adcd8 100644 --- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java @@ -168,6 +168,7 @@ public class LdapUserGroupBuilder extends AbstractUserGroupSource { groupSearchFirstEnabled = config.isGroupSearchFirstEnabled(); userSearchEnabled = config.isUserSearchEnabled(); + groupSearchEnabled = config.isGroupSearchEnabled(); ldapUrl = config.getLdapUrl(); ldapBindDn = config.getLdapBindDn(); ldapBindPassword = config.getLdapBindPassword(); @@ -194,22 +195,22 @@ public class LdapUserGroupBuilder extends AbstractUserGroupSource { Set<String> userSearchAttributes = new HashSet<String>(); userSearchAttributes.add(userNameAttribute); - - userGroupNameAttributeSet = config.getUserGroupNameAttributeSet(); - for (String useGroupNameAttribute : userGroupNameAttributeSet) { - userSearchAttributes.add(useGroupNameAttribute); + // For Group based search, user's group name attribute should not be added to the user search attributes + if (!groupSearchFirstEnabled && !groupSearchEnabled) { + userGroupNameAttributeSet = config.getUserGroupNameAttributeSet(); + for (String useGroupNameAttribute : userGroupNameAttributeSet) { + userSearchAttributes.add(useGroupNameAttribute); + } } userSearchControls = new SearchControls(); userSearchControls.setSearchScope(userSearchScope); userSearchControls.setReturningAttributes(userSearchAttributes.toArray( new String[userSearchAttributes.size()])); - userGroupNameAttributeSet = config.getUserGroupNameAttributeSet(); pagedResultsEnabled = config.isPagedResultsEnabled(); pagedResultsSize = config.getPagedResultsSize(); - groupSearchEnabled = config.isGroupSearchEnabled(); groupSearchBase = config.getGroupSearchBase().split(";"); groupSearchScope = config.getGroupSearchScope(); groupObjectClass = config.getGroupObjectClass();
