Review Request 30105: Add the ability to append a random value to values in LDAP attributes when generating principals in Active Directory

Tue, 20 Jan 2015 19:56:10 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30105/
-----------------------------------------------------------

Review request for Ambari, John Speidel, Nate Cole, and Robert Nettleton.


Bugs: AMBARI-9209
    https://issues.apache.org/jira/browse/AMBARI-9209


Repository: ambari


Description
-------

Add ability to append a random value to values in LDAP attributes when 
generating principals in Active Directory.

For example the `cn` and `sAMAccountName` attributes must be unique.  In some 
caes the `cn` is not allowed to have `/` characters and in all cases the 
`sAMAccountName` is not allow to have `/` characters. Therefore to generate 
values for these attributes, the _instance_ part of the principal needs to be 
stripped off and a random string needs to be appended. 

This can be seen where the principal is 
`nn/[email protected]`.  The `cn` would typically be 
`nn/c6501.ambari.apache.org`.  Providing for a random string would allow the 
`cn` value to be something like `nn-ythnskdtarsjko5fsdfdsb`. Since the 
`sAMAccountName` can be at most 20 characters, it would be 
`nn-ythnskdtarsjko5fs`.

Since the generation of the attributes and values is done using a Velocity 
template, this random string will need to be generated and stored in the 
Velocity engine context before processing the template.

The solution is to generate and binhex a MD5 hash of the normalized principal.  
This can be used as the unique value.  The velocity variable this is set to is 
`principal_digest`.


Diffs
-----

  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
 20f7e60 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DeconstructedPrincipal.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
 7a9233b 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
 85ae018 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
 6a89dbb 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/DeconstructedPrincipalTest.java
 PRE-CREATION 

Diff: https://reviews.apache.org/r/30105/diff/


Testing
-------

Manual Testing

Updated and new test cases:

#Jenkins test results

Running 
org.apache.ambari.server.serveraction.kerberos.DeconstructedPrincipalTest
Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.1 sec

Running 
org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandlerTest
Tests run: 10, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 0.742 sec

Complete ambari-server test results
Tests run: 2575, Failures: 0, Errors: 0, Skipped: 15

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 57:50 min
[INFO] Finished at: 2015-01-21T03:29:08+00:00
[INFO] Final Memory: 44M/468M
[INFO] ------------------------------------------------------------------------


Thanks,

Robert Levas

Reply via email to