----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47976/ -----------------------------------------------------------
Review request for Ambari, Daniel Gergely, Robert Levas, Robert Nettleton, and Sebastian Toader. Bugs: AMBARI-16875 https://issues.apache.org/jira/browse/AMBARI-16875 Repository: ambari Description ------- In some rare cases, member attribute value for a group/user can be constructed. (not baseDN/uid, sometimes ldap proxies does that) Added 2 feature to fix these problems (to manipulate queries that are used during sync): 2.1.) use regexp to get the useful informations from a custom member attribute value: (for groups/users) "authentication.ldap.sync.userMemberReplacePattern" "authentication.ldap.sync.groupMemberReplacePattern" e.g.: member: <SID=..><GUID=...>,cn=mycn,dc=org,dc=apache then use authentication.ldap.sync.userMemberReplacePattern=(?<sid>.*);(?<guid>.*);(?<member>.*) to get the member group the result will be cn=mycn,dc=org,dc=apache, which can be used easier in filters, or like a baseDN. 2.) second option the define the queries itself that are used during sync "authentication.ldap.sync.userMemberFilter" "authentication.ldap.sync.groupMemberFilter" In case you have a specific member information, maybe it wont fit with the ambari filters, so it might be needed to use a custom filter: simple example: authentication.ldap.sync.userMemberFilter=(&(objectclass=posixaccount)(uid={member})) // here we will replace the member with the member attribute value Diffs ----- ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java 0c2fbba ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java 17432d0 ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java 9a66456 ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java eef91c1 Diff: https://reviews.apache.org/r/47976/diff/ Testing ------- testing is in progress... Thanks, Oliver Szabo