[45/50] [abbrv] hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/1f8c879d Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/1f8c879d Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/1f8c879d Branch: refs/heads/branch-2-jhung-test Commit: 1f8c879d169cce8855f6865939fb9f14b147c6b4 Parents: 15ce8df Author: Giovanni Matteo Fumarola Authored: Mon Dec 3 12:10:05 2018 -0800 Committer: Jonathan Hung Committed: Fri Dec 14 16:03:56 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/1f8c879d/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int RECONNECT_RETRY_COUNT = 3; - /** * Returns list of groups for a user. * @@ -279,20 +300,31 @@ public class LdapGroupsMapping @Override public synchronized List getGroups(String user) { /* - * Normal garbage collection takes care of
[31/50] [abbrv] hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/46f0f4c1 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/46f0f4c1 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/46f0f4c1 Branch: refs/heads/branch-2-jhung-test Commit: 46f0f4c1d1ad91d02beaa63659345238174266e4 Parents: a121955 Author: Inigo Goiri Authored: Mon Dec 3 13:23:10 2018 -0800 Committer: Jonathan Hung Committed: Fri Dec 14 16:03:56 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/46f0f4c1/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int RECONNECT_RETRY_COUNT = 3; - /** * Returns list of groups for a user. * @@ -279,20 +300,31 @@ public class LdapGroupsMapping @Override public synchronized List getGroups(String user) { /* - * Normal garbage collection takes care of removing
[36/50] [abbrv] hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c9a3aa64 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c9a3aa64 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c9a3aa64 Branch: refs/heads/HDFS-12943 Commit: c9a3aa64dc95b097c51070f71a3b1a2ad126b2b9 Parents: ef3b03b Author: Giovanni Matteo Fumarola Authored: Mon Dec 3 12:10:05 2018 -0800 Committer: Giovanni Matteo Fumarola Committed: Mon Dec 3 12:10:05 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/c9a3aa64/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int RECONNECT_RETRY_COUNT = 3; - /** * Returns list of groups for a user. * @@ -279,20 +300,31 @@ public class LdapGroupsMapping @Override public synchronized List getGroups(String user) { /* - * Normal garbage collection takes care of
[07/50] [abbrv] hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c9a3aa64 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c9a3aa64 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c9a3aa64 Branch: refs/heads/HDDS-4 Commit: c9a3aa64dc95b097c51070f71a3b1a2ad126b2b9 Parents: ef3b03b Author: Giovanni Matteo Fumarola Authored: Mon Dec 3 12:10:05 2018 -0800 Committer: Giovanni Matteo Fumarola Committed: Mon Dec 3 12:10:05 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/c9a3aa64/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int RECONNECT_RETRY_COUNT = 3; - /** * Returns list of groups for a user. * @@ -279,20 +300,31 @@ public class LdapGroupsMapping @Override public synchronized List getGroups(String user) { /* - * Normal garbage collection takes care of
[2/2] hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. (cherry picked from commit 5cef413a8eb8a207f2b94acc868f874b171a12f1) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/61a3bf46 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/61a3bf46 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/61a3bf46 Branch: refs/heads/branch-2.9 Commit: 61a3bf46540a753981e4d8b5dc35ee2a29cce2fc Parents: a68a168 Author: Inigo Goiri Authored: Mon Dec 3 13:23:10 2018 -0800 Committer: Inigo Goiri Committed: Mon Dec 3 13:24:32 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/61a3bf46/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int RECONNECT_RETRY_COUNT = 3; - /** * Returns list of groups for a user. * @@ -279,20 +300,31 @@ public class LdapGroupsMapping @Override public synchronized List getGroups(String user) { /* -
[2/2] hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/5cef413a Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/5cef413a Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/5cef413a Branch: refs/heads/branch-2 Commit: 5cef413a8eb8a207f2b94acc868f874b171a12f1 Parents: a29eb49 Author: Inigo Goiri Authored: Mon Dec 3 13:23:10 2018 -0800 Committer: Inigo Goiri Committed: Mon Dec 3 13:23:10 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/5cef413a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int RECONNECT_RETRY_COUNT = 3; - /** * Returns list of groups for a user. * @@ -279,20 +300,31 @@ public class LdapGroupsMapping @Override public synchronized List getGroups(String user) { /* - * Normal garbage collection takes care of removing Context instances
[5/5] hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/58920ad6 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/58920ad6 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/58920ad6 Branch: refs/heads/branch-2.9 Commit: 58920ad6c82bb6f1cf79462f9137038092af5ee3 Parents: 7ef9556 Author: Giovanni Matteo Fumarola Authored: Mon Dec 3 12:10:05 2018 -0800 Committer: Inigo Goiri Committed: Mon Dec 3 12:46:47 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/58920ad6/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int RECONNECT_RETRY_COUNT = 3; - /** * Returns list of groups for a user. * @@ -279,20 +300,31 @@ public class LdapGroupsMapping @Override public synchronized List getGroups(String user) { /* - * Normal garbage collection takes care of removing
[4/5] hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/b98ffbe3 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/b98ffbe3 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/b98ffbe3 Branch: refs/heads/branch-2 Commit: b98ffbe3f228b706b8e547f82e134233ab691443 Parents: 74e4098 Author: Giovanni Matteo Fumarola Authored: Mon Dec 3 12:10:05 2018 -0800 Committer: Inigo Goiri Committed: Mon Dec 3 12:46:30 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/b98ffbe3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int RECONNECT_RETRY_COUNT = 3; - /** * Returns list of groups for a user. * @@ -279,20 +300,31 @@ public class LdapGroupsMapping @Override public synchronized List getGroups(String user) { /* - * Normal garbage collection takes care of removing
[3/5] hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/25fdf2ba Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/25fdf2ba Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/25fdf2ba Branch: refs/heads/branch-3.0 Commit: 25fdf2ba6ceefef0db57682ba52f169761ca6e61 Parents: 0683468 Author: Giovanni Matteo Fumarola Authored: Mon Dec 3 12:10:05 2018 -0800 Committer: Inigo Goiri Committed: Mon Dec 3 12:45:51 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/25fdf2ba/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int RECONNECT_RETRY_COUNT = 3; - /** * Returns list of groups for a user. * @@ -279,20 +300,31 @@ public class LdapGroupsMapping @Override public synchronized List getGroups(String user) { /* - * Normal garbage collection takes care of removing
[1/5] hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
Repository: hadoop Updated Branches: refs/heads/branch-2 74e40981e -> b98ffbe3f refs/heads/branch-2.9 7ef9556fc -> 58920ad6c refs/heads/branch-3.0 0683468d5 -> 25fdf2ba6 refs/heads/branch-3.1 2cb9479bf -> 023e42fa0 refs/heads/branch-3.2 6b01e4d2a -> 7cfcabc47 HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/7cfcabc4 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/7cfcabc4 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/7cfcabc4 Branch: refs/heads/branch-3.2 Commit: 7cfcabc473f1e72d0337ffbcc4b4c548e6851afc Parents: 6b01e4d Author: Giovanni Matteo Fumarola Authored: Mon Dec 3 12:10:05 2018 -0800 Committer: Inigo Goiri Committed: Mon Dec 3 12:44:19 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/7cfcabc4/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int
hadoop git commit: HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak.
Repository: hadoop Updated Branches: refs/heads/trunk ef3b03b75 -> c9a3aa64d HADOOP-15950. Failover for LdapGroupsMapping. Contributed by Lukas Majercak. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c9a3aa64 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c9a3aa64 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c9a3aa64 Branch: refs/heads/trunk Commit: c9a3aa64dc95b097c51070f71a3b1a2ad126b2b9 Parents: ef3b03b Author: Giovanni Matteo Fumarola Authored: Mon Dec 3 12:10:05 2018 -0800 Committer: Giovanni Matteo Fumarola Committed: Mon Dec 3 12:10:05 2018 -0800 -- .../hadoop/security/LdapGroupsMapping.java | 163 +-- .../src/main/resources/core-default.xml | 28 +++- .../src/site/markdown/GroupsMapping.md | 54 +- .../hadoop/security/TestLdapGroupsMapping.java | 80 - .../security/TestLdapGroupsMappingBase.java | 76 - .../TestLdapGroupsMappingWithFailover.java | 142 .../TestLdapGroupsMappingWithOneQuery.java | 16 +- .../TestLdapGroupsMappingWithPosixGroup.java| 10 +- 8 files changed, 450 insertions(+), 119 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/c9a3aa64/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java index 6beaa9e..83eb5ad 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java @@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import java.util.HashSet; import java.util.Collection; @@ -40,7 +41,10 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.naming.spi.InitialContextFactory; +import com.google.common.collect.Iterators; +import com.sun.jndi.ldap.LdapCtxFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -83,7 +87,7 @@ public class LdapGroupsMapping public static final String LDAP_CONFIG_PREFIX = "hadoop.security.group.mapping.ldap"; /* - * URL of the LDAP server + * URL of the LDAP server(s) */ public static final String LDAP_URL_KEY = LDAP_CONFIG_PREFIX + ".url"; public static final String LDAP_URL_DEFAULT = ""; @@ -232,6 +236,20 @@ public class LdapGroupsMapping LDAP_CONFIG_PREFIX + ".read.timeout.ms"; public static final int READ_TIMEOUT_DEFAULT = 60 * 1000; // 60 seconds + public static final String LDAP_NUM_ATTEMPTS_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts"; + public static final int LDAP_NUM_ATTEMPTS_DEFAULT = 3; + + public static final String LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_KEY = + LDAP_CONFIG_PREFIX + ".num.attempts.before.failover"; + public static final int LDAP_NUM_ATTEMPTS_BEFORE_FAILOVER_DEFAULT = + LDAP_NUM_ATTEMPTS_DEFAULT; + + public static final String LDAP_CTX_FACTORY_CLASS_KEY = + LDAP_CONFIG_PREFIX + ".ctx.factory.class"; + public static final Class + LDAP_CTX_FACTORY_CLASS_DEFAULT = LdapCtxFactory.class; + private static final Logger LOG = LoggerFactory.getLogger(LdapGroupsMapping.class); @@ -242,8 +260,10 @@ public class LdapGroupsMapping private DirContext ctx; private Configuration conf; - - private String ldapUrl; + + private Iterator ldapUrls; + private String currentLdapUrl; + private boolean useSsl; private String keystore; private String keystorePass; @@ -258,14 +278,15 @@ public class LdapGroupsMapping private String memberOfAttr; private String groupMemberAttr; private String groupNameAttr; - private intgroupHierarchyLevels; + private int groupHierarchyLevels; private String posixUidAttr; private String posixGidAttr; private boolean isPosix; private boolean useOneQuery; + private int numAttempts; + private int numAttemptsBeforeFailover; + private Class ldapCxtFactoryClass; - public static final int RECONNECT_RETRY_COUNT = 3; - /** * Returns list of groups for a user. * @@ -279,20 +300,31 @@ public class LdapGroupsMapping @Override public synchronized List