----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/35073/#review86908 -----------------------------------------------------------
Ship it! This looks good, but for some reason the number of `/` characters seems to be excessive. We should check to make sure this is correct. However it could be that the pattern is compressed due to unneeded data: `RULE:[1:$1@$0](.*@%s)s/@.*/(empty string replacment)/(no regex flags, usually g might go here)/L` Is 'L' a regex flag in this case or a special flag for the Hadoop auth-to-local rules processor? If testing was a success, than I guess the current format is correct. ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java <https://reviews.apache.org/r/35073/#comment139068> This seems redundant. Could the flag be pulled out into a variable and appened as either and empty string or '//L' depending on the value of caseInsensitiveUser? Or maybe simply add the opation to the end if needed? ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java <https://reviews.apache.org/r/35073/#comment139067> This could be problematic in the event `kerberos-env/case_insensitive_username_rules` is not set (or `null`). Maybe use something like ``` boolean caseInsensitiveUser = "true".equalsIgnoreCase(existingConfigurations.get("kerberos-env").get("case_insensitive_username_rules")) ``` - Robert Levas On June 5, 2015, 9:51 a.m., Emil Anca wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/35073/ > ----------------------------------------------------------- > > (Updated June 5, 2015, 9:51 a.m.) > > > Review request for Ambari, Robert Levas and Vitalyi Brodetskyi. > > > Bugs: AMBARI-11687 > https://issues.apache.org/jira/browse/AMBARI-11687 > > > Repository: ambari > > > Description > ------- > > Force principals names to resolve to lowercase local usernames in > auth-to-local rules. This will help when the KDC is an MIT KDC or an Active > Directory and user accounts have uppercase letters that need to be converted > to lowercase letters. For example: {{USER1234@REALM}} should resolve to > {{user1234}}. > > *Solution* > # Provide a kerberos-env configuration to optionally create case-insensitive > rules > # If creating case-insensitive rules, _generic_ auth-to-local rules should > contain the {{L}} option, as in: > > ~~~ > RULE:[1:$1@$0](.*@REALM)s/@.*///L > ~~~ > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java > 89d0b55 > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > 76054b7 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 6d720a0 > > ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java > d1a2bd1 > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > 5744b53 > ambari-web/app/data/HDP2/site_properties.js d6ab273 > > Diff: https://reviews.apache.org/r/35073/diff/ > > > Testing > ------- > > * mvn clean test -pl AuthToLocalBuilderTest > * Kerbernized/dekerbenized prop with / without prop > * Added service on kerberized cluster > > > Thanks, > > Emil Anca > >
