-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46695/#review130641
-----------------------------------------------------------


Ship it!




Ship It!

- Sandor Magyari


On April 26, 2016, 4:51 p.m., Sebastian Toader wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46695/
> -----------------------------------------------------------
> 
> (Updated April 26, 2016, 4:51 p.m.)
> 
> 
> Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.
> 
> 
> Bugs: AMBARI-16119
>     https://issues.apache.org/jira/browse/AMBARI-16119
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> When user authenticates againts AD the user details are pulled (ldap binding) 
> from AD. In case the user logged in with a login alias (e.g. when a user is 
> present in multiple subdomains within a forest than the user name appears in 
> multiple places. In this case the user has to login with a login alias that 
> contains domain information which uniquelly identifies the user in AD) Ambari 
> created an override for the user detail behind the scenes in order to replace 
> the login user name with the ambari user name that maps to it.  
> 
> The override is nothing else than copying all fields from origin user details 
> object but user name. Among the fields being copied over there is user 
> password which apparently is populated when OpenLDAP is used however in case 
> of AD its left null. The override user details object Ambari creates always 
> expects a non-null password thus the creation of it failed when AD was used.
> 
> 
> The overriding of user details has been modified to pass empty string as 
> password is the passowrd in the original user details object is null.
> 
> Also some optimisation was added to create the override if the user logged in 
> with a login alias.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java
>  98b97b2 
> 
> Diff: https://reviews.apache.org/r/46695/diff/
> 
> 
> Testing
> -------
> 
> Tested manually on both OpenLDAP and AD.
> 
> Unit test results:
> 
> Results :
> 
> Tests run: 4291, Failures: 0, Errors: 0, Skipped: 32
> 
> ----------------------------------------------------------------------
> Total run:996
> Total errors:0
> Total failures:0
> 
> 
> Thanks,
> 
> Sebastian Toader
> 
>

Reply via email to