-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47976/#review135310
-----------------------------------------------------------


Ship it!




Ship It!

- Robert Levas


On May 27, 2016, 4:14 p.m., Oliver Szabo wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47976/
> -----------------------------------------------------------
> 
> (Updated May 27, 2016, 4:14 p.m.)
> 
> 
> Review request for Ambari, Daniel Gergely, Robert Levas, Robert Nettleton, 
> and Sebastian Toader.
> 
> 
> Bugs: AMBARI-16875
>     https://issues.apache.org/jira/browse/AMBARI-16875
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> In some rare cases, member attribute value for a group/user can be 
> constructed. (not baseDN/uid, sometimes ldap proxies does that)
> 
> Added 2 feature to fix these problems (to manipulate queries that are used 
> during sync):
> 
> 2.1.) use regexp to get the useful informations from a custom member 
> attribute value: (for groups/users)
> "authentication.ldap.sync.userMemberReplacePattern"
> "authentication.ldap.sync.groupMemberReplacePattern"
> 
> e.g.:
> member: <SID=..><GUID=...>,cn=mycn,dc=org,dc=apache
> 
> then use 
> authentication.ldap.sync.userMemberReplacePattern=(?<sid>.*);(?<guid>.*);(?<member>.*)
>  to get the member group
> the result will be cn=mycn,dc=org,dc=apache, which can be used easier in 
> filters, or like a baseDN.
> 
> 2.) second option the define the queries itself that are used during sync
> "authentication.ldap.sync.userMemberFilter"
> "authentication.ldap.sync.groupMemberFilter"
> 
> In case you have a specific member information, maybe it wont fit with the 
> ambari filters, so it might be needed to use a custom filter:
> simple example: 
> authentication.ldap.sync.userMemberFilter=(&(objectclass=posixaccount)(uid={member}))
>  // here we will replace the member with the member attribute value
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  0c2fbba 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
>  17432d0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
>  9a66456 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
>  eef91c1 
> 
> Diff: https://reviews.apache.org/r/47976/diff/
> 
> 
> Testing
> -------
> 
> testing is in progress...
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Reply via email to