----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/46695/ -----------------------------------------------------------
(Updated April 26, 2016, 4:11 p.m.) Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari. Changes ------- Addressed listed issues. Bugs: AMBARI-16119 https://issues.apache.org/jira/browse/AMBARI-16119 Repository: ambari Description ------- When user authenticates againts AD the user details are pulled (ldap binding) from AD. In case the user logged in with a login alias (e.g. when a user is present in multiple subdomains within a forest than the user name appears in multiple places. In this case the user has to login with a login alias that contains domain information which uniquelly identifies the user in AD) Ambari created an override for the user detail behind the scenes in order to replace the login user name with the ambari user name that maps to it. The override is nothing else than copying all fields from origin user details object but user name. Among the fields being copied over there is user password which apparently is populated when OpenLDAP is used however in case of AD its left null. The override user details object Ambari creates always expects a non-null password thus the creation of it failed when AD was used. The overriding of user details has been modified to pass empty string as password is the passowrd in the original user details object is null. Also some optimisation was added to create the override if the user logged in with a login alias. Diffs (updated) ----- ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java 98b97b2 Diff: https://reviews.apache.org/r/46695/diff/ Testing ------- Tested manually on both OpenLDAP and AD. Unit tests are in progress. Thanks, Sebastian Toader