RANGER-1012: Added code to always prompt for ldap bind password while running the ldap tool instead of storing & reading from file
Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ae4ce8e0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ae4ce8e0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ae4ce8e0 Branch: refs/heads/master Commit: ae4ce8e080941d9ff6de91982d70efa8d6413ee3 Parents: 7ee4aac Author: Sailaja Polavarapu <[email protected]> Authored: Wed Jun 8 16:04:09 2016 -0700 Committer: Velmurugan Periasamy <[email protected]> Committed: Fri Jun 10 11:30:28 2016 -0400 ---------------------------------------------------------------------- .../ldapconfigcheck/conf/input.properties | 1 - .../ldapconfigchecktool/ldapconfigcheck/scripts/run.sh | 10 +++++++++- .../ranger/ldapconfigcheck/CommandLineOptions.java | 13 ++++++++++++- .../org/apache/ranger/ldapconfigcheck/LdapConfig.java | 9 +++++---- .../ranger/ldapconfigcheck/LdapConfigCheckMain.java | 4 ++-- 5 files changed, 28 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae4ce8e0/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties ---------------------------------------------------------------------- diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties b/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties index 38e6f5a..449ee6f 100755 --- a/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties +++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties @@ -16,7 +16,6 @@ # Mandatory ldap configuration properties. ranger.usersync.ldap.url= ranger.usersync.ldap.binddn= -ranger.usersync.ldap.ldapbindpassword= # Mandatory only for openLdap ranger.usersync.ldap.user.searchbase= http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae4ce8e0/ugsync/ldapconfigchecktool/ldapconfigcheck/scripts/run.sh ---------------------------------------------------------------------- diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/scripts/run.sh b/ugsync/ldapconfigchecktool/ldapconfigcheck/scripts/run.sh index e5c313a..f3f7ac5 100755 --- a/ugsync/ldapconfigchecktool/ldapconfigcheck/scripts/run.sh +++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/scripts/run.sh @@ -32,10 +32,11 @@ cdir=`pwd` cp="${cdir}/lib/*:${cdir}/conf" OUTDIR="${cdir}/output/" JAVA_CMD="java -cp ${cdir}/lib/ldapconfigcheck.jar:${cp} org.apache.ranger.ldapconfigcheck.LdapConfigCheckMain" - +INPUTFILE="" while getopts "i:o:d:r:ah" opt; do case $opt in i) INFILE=$OPTARG + INPUTFILE=$OPTARG JAVA_CMD="$JAVA_CMD -i $OPTARG" ;; o) OUTDIR=$OPTARG @@ -61,6 +62,13 @@ JAVA_CMD="$JAVA_CMD -o $OUTDIR" echo "JAVA commnad = $JAVA_CMD" +if [ "${INPUTFILE}" != "" ] +then + prompt="Ldap Bind Password:" + read -p "$prompt" -s password + JAVA_CMD="$JAVA_CMD -p $password" +fi + if [ "${JAVA_HOME}" != "" ] then export JAVA_HOME http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae4ce8e0/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/CommandLineOptions.java ---------------------------------------------------------------------- diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/CommandLineOptions.java b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/CommandLineOptions.java index c71e5cc..340acf0 100644 --- a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/CommandLineOptions.java +++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/CommandLineOptions.java @@ -47,6 +47,7 @@ public class CommandLineOptions { options.addOption("d", "discoverProperties", true, "{all|users|groups}"); options.addOption("r", "retrieve", true, "{all|users|groups}"); options.addOption("a", "noAuthentication", false, "Ignore authentication properties"); + options.addOption("p", true, "Ldap Bind Password"); } public void parse() { @@ -56,7 +57,13 @@ public class CommandLineOptions { if (cmd.hasOption("h")) { } - + + if (cmd.hasOption("p")) { + bindPassword = cmd.getOptionValue("p"); + if (bindPassword.trim().isEmpty()) { + System.out.println("Ldap Bind Password cannot be empty!"); + } + } if (cmd.hasOption("o")) { output = cmd.getOptionValue("o"); @@ -98,6 +105,10 @@ public class CommandLineOptions { System.out.println("Please specify the input properties file name"); help(); } + + if (bindPassword == null || bindPassword.trim().isEmpty()) { + System.out.println("Missing Ldap Bind Password!"); + } } else { // Read the properties from CLI and write to the input properties file. http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae4ce8e0/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java ---------------------------------------------------------------------- diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java index 4f7b004..6cd2f83 100644 --- a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java +++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java @@ -109,12 +109,13 @@ public class LdapConfig { private Properties prop = new Properties(); - public LdapConfig(String configFile) { - init(configFile); + public LdapConfig(String configFile, String bindPasswd) { + init(configFile, bindPasswd); } - private void init(String configFile) { + private void init(String configFile, String bindPasswd) { readConfigFile(configFile); + prop.setProperty(LGSYNC_LDAP_BIND_PASSWORD, bindPasswd); } private void readConfigFile(String fileName) { @@ -419,7 +420,7 @@ public class LdapConfig { prop.setProperty(AUTH_PASSWORD, authPass); config.setProperty(LGSYNC_LDAP_URL, ldapUrl); config.setProperty(LGSYNC_LDAP_BIND_DN, bindDn); - config.setProperty(LGSYNC_LDAP_BIND_PASSWORD, bindPassword); + //config.setProperty(LGSYNC_LDAP_BIND_PASSWORD, bindPassword); config.setProperty(LGSYNC_USER_SEARCH_BASE, userSearchBase); config.setProperty(LGSYNC_USER_SEARCH_FILTER, userSearchFilter); config.setProperty(AUTH_USERNAME, authUser); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae4ce8e0/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfigCheckMain.java ---------------------------------------------------------------------- diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfigCheckMain.java b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfigCheckMain.java index 073df27..fe9326f 100644 --- a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfigCheckMain.java +++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfigCheckMain.java @@ -49,7 +49,7 @@ public class LdapConfigCheckMain { outputDir = outputDir.concat("/"); } - LdapConfig config = new LdapConfig(inFileName); + LdapConfig config = new LdapConfig(inFileName, cli.getBindPassword()); if (cli.getLdapUrl() != null && !cli.getLdapUrl().isEmpty()) { config.updateInputPropFile(cli.getLdapUrl(), cli.getBindDn(), cli.getBindPassword(), cli.getUserSearchBase(), cli.getUserSearchFilter(), cli.getAuthUser(), cli.getAuthPass()); @@ -74,7 +74,7 @@ public class LdapConfigCheckMain { "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, config.getLdapUrl()); env.put(Context.SECURITY_PRINCIPAL, bindDn); - env.put(Context.SECURITY_CREDENTIALS, config.getLdapBindPassword()); + env.put(Context.SECURITY_CREDENTIALS, cli.getBindPassword()); env.put(Context.SECURITY_AUTHENTICATION, config.getLdapAuthenticationMechanism()); env.put(Context.REFERRAL, "follow");
