----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30105/#review68920 -----------------------------------------------------------
Ship it! Ship It! - Robert Nettleton On Jan. 21, 2015, 3:55 a.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/30105/ > ----------------------------------------------------------- > > (Updated Jan. 21, 2015, 3:55 a.m.) > > > Review request for Ambari, John Speidel, Nate Cole, and Robert Nettleton. > > > Bugs: AMBARI-9209 > https://issues.apache.org/jira/browse/AMBARI-9209 > > > Repository: ambari > > > Description > ------- > > Add ability to append a random value to values in LDAP attributes when > generating principals in Active Directory. > > For example the `cn` and `sAMAccountName` attributes must be unique. In some > caes the `cn` is not allowed to have `/` characters and in all cases the > `sAMAccountName` is not allow to have `/` characters. Therefore to generate > values for these attributes, the _instance_ part of the principal needs to be > stripped off and a random string needs to be appended. > > This can be seen where the principal is > `nn/[email protected]`. The `cn` would typically be > `nn/c6501.ambari.apache.org`. Providing for a random string would allow the > `cn` value to be something like `nn-ythnskdtarsjko5fsdfdsb`. Since the > `sAMAccountName` can be at most 20 characters, it would be > `nn-ythnskdtarsjko5fs`. > > Since the generation of the attributes and values is done using a Velocity > template, this random string will need to be generated and stored in the > Velocity engine context before processing the template. > > The solution is to generate and binhex a MD5 hash of the normalized > principal. This can be used as the unique value. The velocity variable this > is set to is `principal_digest`. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java > 20f7e60 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DeconstructedPrincipal.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java > 7a9233b > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 85ae018 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java > 6a89dbb > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/DeconstructedPrincipalTest.java > PRE-CREATION > > Diff: https://reviews.apache.org/r/30105/diff/ > > > Testing > ------- > > Manual Testing > > Updated and new test cases: > > #Jenkins test results > > Running > org.apache.ambari.server.serveraction.kerberos.DeconstructedPrincipalTest > Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.1 sec > > Running > org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandlerTest > Tests run: 10, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 0.742 sec > > Complete ambari-server test results > Tests run: 2575, Failures: 0, Errors: 0, Skipped: 15 > > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 57:50 min > [INFO] Finished at: 2015-01-21T03:29:08+00:00 > [INFO] Final Memory: 44M/468M > [INFO] > ------------------------------------------------------------------------ > > > Thanks, > > Robert Levas > >
