This is an automatically generated e-mail. To reply, visit:

(Updated April 26, 2016, 4:17 p.m.)

Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.


Refining the code.

Bugs: AMBARI-16119

Repository: ambari


When user authenticates againts AD the user details are pulled (ldap binding) 
from AD. In case the user logged in with a login alias (e.g. when a user is 
present in multiple subdomains within a forest than the user name appears in 
multiple places. In this case the user has to login with a login alias that 
contains domain information which uniquelly identifies the user in AD) Ambari 
created an override for the user detail behind the scenes in order to replace 
the login user name with the ambari user name that maps to it.  

The override is nothing else than copying all fields from origin user details 
object but user name. Among the fields being copied over there is user password 
which apparently is populated when OpenLDAP is used however in case of AD its 
left null. The override user details object Ambari creates always expects a 
non-null password thus the creation of it failed when AD was used.

The overriding of user details has been modified to pass empty string as 
password is the passowrd in the original user details object is null.

Also some optimisation was added to create the override if the user logged in 
with a login alias.

Diffs (updated)


Diff: https://reviews.apache.org/r/46695/diff/


Tested manually on both OpenLDAP and AD.

Unit tests are in progress.


Sebastian Toader

Reply via email to