----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/46695/#review130611 -----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java (line 195) <https://reviews.apache.org/r/46695/#comment194429> Why is password assigned to the usernameOrig? - Daniel Gergely On ápr. 26, 2016, 1:55 du, Sebastian Toader wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/46695/ > ----------------------------------------------------------- > > (Updated ápr. 26, 2016, 1:55 du) > > > Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari. > > > Bugs: AMBARI-16119 > https://issues.apache.org/jira/browse/AMBARI-16119 > > > Repository: ambari > > > Description > ------- > > When user authenticates againts AD the user details are pulled (ldap binding) > from AD. In case the user logged in with a login alias (e.g. when a user is > present in multiple subdomains within a forest than the user name appears in > multiple places. In this case the user has to login with a login alias that > contains domain information which uniquelly identifies the user in AD) Ambari > created an override for the user detail behind the scenes in order to replace > the login user name with the ambari user name that maps to it. > > The override is nothing else than copying all fields from origin user details > object but user name. Among the fields being copied over there is user > password which apparently is populated when OpenLDAP is used however in case > of AD its left null. The override user details object Ambari creates always > expects a non-null password thus the creation of it failed when AD was used. > > > The overriding of user details has been modified to pass empty string as > password is the passowrd in the original user details object is null. > > Also some optimisation was added to create the override if the user logged in > with a login alias. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java > 98b97b2 > > Diff: https://reviews.apache.org/r/46695/diff/ > > > Testing > ------- > > Tested manually on both OpenLDAP and AD. > > Unit tests are in progress. > > > Thanks, > > Sebastian Toader > >