> On March 7, 2016, 5:30 p.m., Jonathan Hurley wrote: > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java, > > lines 272-273 > > <https://reviews.apache.org/r/44459/diff/1/?file=1283188#file1283188line272> > > > > Where do these values get used/exposed? Generating them is fine, but is > > there another Jira tracking how they are consumed?
These values are optionally used in the Velocity script that is used to crate a JSON document containing the value for attributes used to create accounts in an Active Directory. The feature has existed since Ambari 2.0. The Velocity script is set in `kerberos-env/ad_create_attributes_template`. The default value of this property does not use any of the digest values; however the option is there for use as a unique-ifier. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44459/#review122394 ----------------------------------------------------------- On March 8, 2016, 9:52 a.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44459/ > ----------------------------------------------------------- > > (Updated March 8, 2016, 9:52 a.m.) > > > Review request for Ambari, Jonathan Hurley, Oliver Szabo, Robert Nettleton, > and Sandor Magyari. > > > Bugs: AMBARI-15316 > https://issues.apache.org/jira/browse/AMBARI-15316 > > > Repository: ambari > > > Description > ------- > > When generating accounts in an Active Directory, it may be useful to add a > unique value to CN's. In the past generating this value was done by taking > the SHA1 hash of the relevant normalized principal name. For example > {{[email protected]}} yields > {{d9b48cb1c075d3da9fab4855a4031266bab8fb6a}}. > > Because using SHA1 at all may not be desirable, Ambari should provide options > to use the following digest algorithms in the Active Directory account > creation attribute template ({{kerberos-env/ad_create_attributes_template}}: > > Attribute Variables |Example > ---------------------|------------------------------------------ > $principal_digest |SHA1 hash of the $normalized_principal > $principal_digest_256|SHA256 hash of the $normalized_principal > $principal_digest_512|SHA512 hash of the $normalized_principal > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java > a1e1544 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java > 0622807 > > Diff: https://reviews.apache.org/r/44459/diff/ > > > Testing > ------- > > # Local test results: > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 1:07:01.482s > [INFO] Finished at: Mon Mar 07 12:47:02 EST 2016 > [INFO] Final Memory: 58M/799M > [INFO] > ------------------------------------------------------------------------ > > # Jenkins test results: > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 01:31 h > [INFO] Finished at: 2016-03-08T00:56:43+00:00 > [INFO] Final Memory: 140M/492M > [INFO] > ------------------------------------------------------------------------ > > > Thanks, > > Robert Levas > >
