> On Jan. 21, 2015, 10:20 a.m., John Speidel wrote: > > Looks good. One minor comment is that you state that the values MUST be > > unique and a using a hashing function to generate the unique value. No > > hashing function will produce unique values, there will always be multiple > > inputs which result in the same output. Truncating the value will further > > degrade uniqueness of the hash. That being said, for the small number of > > inputs it would be very unlikely to have a collision. I only mention this > > because the requirement states that the values must be unique.
I agree with this statment and tend to shy away from using hashes as unique values, but in this case the namespace is rather small since the values only need to be unique across a single cluster. But the benefit to this method this that the hash can be recreated in the event we need to use it for lookups. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30105/#review68921 ----------------------------------------------------------- On Jan. 20, 2015, 10:55 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/30105/ > ----------------------------------------------------------- > > (Updated Jan. 20, 2015, 10:55 p.m.) > > > Review request for Ambari, John Speidel, Nate Cole, and Robert Nettleton. > > > Bugs: AMBARI-9209 > https://issues.apache.org/jira/browse/AMBARI-9209 > > > Repository: ambari > > > Description > ------- > > Add ability to append a random value to values in LDAP attributes when > generating principals in Active Directory. > > For example the `cn` and `sAMAccountName` attributes must be unique. In some > caes the `cn` is not allowed to have `/` characters and in all cases the > `sAMAccountName` is not allow to have `/` characters. Therefore to generate > values for these attributes, the _instance_ part of the principal needs to be > stripped off and a random string needs to be appended. > > This can be seen where the principal is > `nn/[email protected]`. The `cn` would typically be > `nn/c6501.ambari.apache.org`. Providing for a random string would allow the > `cn` value to be something like `nn-ythnskdtarsjko5fsdfdsb`. Since the > `sAMAccountName` can be at most 20 characters, it would be > `nn-ythnskdtarsjko5fs`. > > Since the generation of the attributes and values is done using a Velocity > template, this random string will need to be generated and stored in the > Velocity engine context before processing the template. > > The solution is to generate and binhex a MD5 hash of the normalized > principal. This can be used as the unique value. The velocity variable this > is set to is `principal_digest`. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java > 20f7e60 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DeconstructedPrincipal.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java > 7a9233b > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 85ae018 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java > 6a89dbb > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/DeconstructedPrincipalTest.java > PRE-CREATION > > Diff: https://reviews.apache.org/r/30105/diff/ > > > Testing > ------- > > Manual Testing > > Updated and new test cases: > > #Jenkins test results > > Running > org.apache.ambari.server.serveraction.kerberos.DeconstructedPrincipalTest > Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.1 sec > > Running > org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandlerTest > Tests run: 10, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 0.742 sec > > Complete ambari-server test results > Tests run: 2575, Failures: 0, Errors: 0, Skipped: 15 > > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 57:50 min > [INFO] Finished at: 2015-01-21T03:29:08+00:00 > [INFO] Final Memory: 44M/468M > [INFO] > ------------------------------------------------------------------------ > > > Thanks, > > Robert Levas > >
