[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16327330#comment-16327330
]
Hudson commented on AMBARI-22667:
-
SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #8604 (See
[https://builds.apache.org/job/Ambari-trunk-Commit/8604/])
AMBARI-22667: fix commons-io version (6454655+adoroszlai:
[https://gitbox.apache.org/repos/asf?p=ambari.git=commit=7235069133c6fe469e84571579e4b7a7e3a67ac2])
* (edit) ambari-project/pom.xml
* (edit) ambari-server/pom.xml
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap, pull-request-available
> Fix For: 3.0.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16320679#comment-16320679
]
Hudson commented on AMBARI-22667:
-
FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #8586 (See
[https://builds.apache.org/job/Ambari-trunk-Commit/8586/])
AMBARI-22667: Use internal LDAP configuration values rather than (smolnar:
[https://gitbox.apache.org/repos/asf?p=ambari.git=commit=0aaf8c85347869efce154fc6686837027aa92cbc])
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/configuration/ComponentSSLConfiguration.java
* (edit) ambari-server/src/main/windows/ambari-server.ps1
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationTestModuleForLdapDNWithSpace.java
* (add)
ambari-server/src/test/java/org/apache/ambari/server/utils/PasswordUtilsTest.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/orm/GuiceJpaInitializer.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/UsersTest.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticatorTest.java
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfiguration.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapConfigurationProvider.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
* (add)
ambari-server/src/test/java/org/apache/ambari/server/ldap/AmbariLdapConfigurationTest.java
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/security/ldap/LdapPerformanceTest.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
* (add)
ambari-server/src/main/java/org/apache/ambari/server/configuration/LdapUsernameCollisionHandlingBehavior.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/orm/AmbariLocalSessionInterceptor.java
* (add)
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
* (edit) ambari-server/src/main/python/ambari-server.py
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfigurationKeys.java
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/events/AmbariEvent.java
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationTestModule.java
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java
* (edit)
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDuplicateUserTest.java
* (edit) ambari-server/sbin/ambari-server
* (add)
ambari-server/src/main/java/org/apache/ambari/server/events/JpaInitializedEvent.java
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16320348#comment-16320348
]
ASF GitHub Bot commented on AMBARI-22667:
-
smolnar82 commented on a change in pull request #77: [AMBARI-22667] Use
internal LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160695877
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,186 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ /**
+ * Reading the password belong to the given password property
+ *
+ * @param passwordProperty
+ * this is either the Credential Store alias or the password file
name
+ * you want to read the password for/from
+ * @param defaultPassword
+ * the default password this function returns in case the given
+ * passwordProperty is or the password file
cannot
+ * be read for any reason
+ * @return in case passwordProperty belongs to a Credential
Store
+ * alias this function returns the password of the given Credential
+ * Store alias or null (if the given alias is
+ * blank or there is no password found in CS); otherwise
+ * either the password found in the given password file is returned
or
+ * defaultPassword if the given path is
blank
+ * or cannot be read for any reason
+ * @throws RuntimeException
+ * if any error occurred while reading the password file
+ */
+ public String readPassword(String passwordProperty, String defaultPassword) {
+if (StringUtils.isNotBlank(passwordProperty)) {
+ if (CredentialProvider.isAliasString(passwordProperty)) {
+return readPasswordFromStore(passwordProperty);
+ } else {
+return readPasswordFromFile(passwordProperty, defaultPassword);
+ }
+}
+return defaultPassword;
+ }
+
+ /**
+ * Reading password from the given password file
+ *
+ * @param filePath
+ * the path of the file to read the password from
+ * @param defaultPassword
+ * the default password this function returns in case the given
+ * filePath is blank or the password file
+ * cannot be read for any reason
+ * @return the password found in the given password file or
+ * defaultPassword if the given path is
blank
+ * or cannot be read for any reason
+ * @throws RuntimeException
+ * when any error occurred while reading the password file
+ */
+ public String readPasswordFromFile(String filePath, String defaultPassword) {
+if (StringUtils.isBlank(filePath) || !fileExistsAndCanBeRead(filePath)) {
+ LOG.debug("DB password file not specified or does not exist/can not be
read - using default");
+ return defaultPassword;
+}
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16320227#comment-16320227
]
ASF GitHub Bot commented on AMBARI-22667:
-
rlevas commented on a change in pull request #77: [AMBARI-22667] Use internal
LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160675152
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,186 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ /**
+ * Reading the password belong to the given password property
+ *
+ * @param passwordProperty
+ * this is either the Credential Store alias or the password file
name
+ * you want to read the password for/from
+ * @param defaultPassword
+ * the default password this function returns in case the given
+ * passwordProperty is or the password file
cannot
+ * be read for any reason
+ * @return in case passwordProperty belongs to a Credential
Store
+ * alias this function returns the password of the given Credential
+ * Store alias or null (if the given alias is
+ * blank or there is no password found in CS); otherwise
+ * either the password found in the given password file is returned
or
+ * defaultPassword if the given path is
blank
+ * or cannot be read for any reason
+ * @throws RuntimeException
+ * if any error occurred while reading the password file
+ */
+ public String readPassword(String passwordProperty, String defaultPassword) {
+if (StringUtils.isNotBlank(passwordProperty)) {
+ if (CredentialProvider.isAliasString(passwordProperty)) {
+return readPasswordFromStore(passwordProperty);
+ } else {
+return readPasswordFromFile(passwordProperty, defaultPassword);
+ }
+}
+return defaultPassword;
+ }
+
+ /**
+ * Reading password from the given password file
+ *
+ * @param filePath
+ * the path of the file to read the password from
+ * @param defaultPassword
+ * the default password this function returns in case the given
+ * filePath is blank or the password file
+ * cannot be read for any reason
+ * @return the password found in the given password file or
+ * defaultPassword if the given path is
blank
+ * or cannot be read for any reason
+ * @throws RuntimeException
+ * when any error occurred while reading the password file
+ */
+ public String readPasswordFromFile(String filePath, String defaultPassword) {
+if (StringUtils.isBlank(filePath) || !fileExistsAndCanBeRead(filePath)) {
+ LOG.debug("DB password file not specified or does not exist/can not be
read - using default");
+ return defaultPassword;
+}
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319945#comment-16319945
]
ASF GitHub Bot commented on AMBARI-22667:
-
smolnar82 commented on a change in pull request #77: [AMBARI-22667] Use
internal LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160624109
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ public String readPassword(String passwordProperty, String defaultPassword) {
Review comment:
Fixed all missing Javadoc issues
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> **
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319942#comment-16319942
]
ASF GitHub Bot commented on AMBARI-22667:
-
smolnar82 commented on a change in pull request #77: [AMBARI-22667] Use
internal LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160623903
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ public String readPassword(String passwordProperty, String defaultPassword) {
+if (StringUtils.isNotBlank(passwordProperty)) {
+ if (CredentialProvider.isAliasString(passwordProperty)) {
+return readPasswordFromStore(passwordProperty);
+ } else {
+return readPasswordFromFile(passwordProperty, defaultPassword);
+ }
+}
+return defaultPassword;
+ }
+
+ public String readPasswordFromFile(String filePath, String defaultPassword) {
+if (filePath == null || !fileExistsAndCanBeRead(filePath)) {
+ LOG.debug("DB password file not specified or does not exist/can not be
read - using default");
+ return defaultPassword;
+} else {
+ LOG.debug("Reading password from file {}", filePath);
+ String password = null;
+ try {
+password = FileUtils.readFileToString(new File(filePath),
Charset.defaultCharset());
+return StringUtils.chomp(password);
+ } catch (IOException e) {
+throw new RuntimeException("Unable to read password from file [" +
filePath + "]", e);
+ }
+}
+ }
+
+ private boolean fileExistsAndCanBeRead(String filePath) {
+final File passwordFile = new File(filePath);
+return passwordFile.exists() && passwordFile.canRead() &&
passwordFile.isFile();
+ }
+
+ private String readPasswordFromStore(String aliasStr) {
+return readPasswordFromStore(aliasStr,
configuration.getMasterKeyLocation(), configuration.isMasterKeyPersisted(),
configuration.getMasterKeyStoreLocation());
+ }
+
+ public String readPasswordFromStore(String aliasStr, File masterKeyLocation,
boolean isMasterKeyPersisted, File masterKeyStoreLocation) {
+String password = null;
+loadCredentialProvider(masterKeyLocation, isMasterKeyPersisted,
masterKeyStoreLocation);
+if (credentialProvider != null) {
+ char[] result = null;
+ try {
+result = credentialProvider.getPasswordForAlias(aliasStr);
+ } catch (AmbariException e) {
+LOG.error("Error reading from credential store.");
+e.printStackTrace();
Review comment:
Fixed
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319912#comment-16319912
]
ASF GitHub Bot commented on AMBARI-22667:
-
smolnar82 commented on a change in pull request #77: [AMBARI-22667] Use
internal LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160617955
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ public String readPassword(String passwordProperty, String defaultPassword) {
+if (StringUtils.isNotBlank(passwordProperty)) {
+ if (CredentialProvider.isAliasString(passwordProperty)) {
+return readPasswordFromStore(passwordProperty);
+ } else {
+return readPasswordFromFile(passwordProperty, defaultPassword);
+ }
+}
+return defaultPassword;
+ }
+
+ public String readPasswordFromFile(String filePath, String defaultPassword) {
Review comment:
Generally I agree...
However this is out of scope of this task. Let me create a new JIRA to cover
this topic.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> **
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319911#comment-16319911
]
ASF GitHub Bot commented on AMBARI-22667:
-
smolnar82 commented on a change in pull request #77: [AMBARI-22667] Use
internal LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160617955
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ public String readPassword(String passwordProperty, String defaultPassword) {
+if (StringUtils.isNotBlank(passwordProperty)) {
+ if (CredentialProvider.isAliasString(passwordProperty)) {
+return readPasswordFromStore(passwordProperty);
+ } else {
+return readPasswordFromFile(passwordProperty, defaultPassword);
+ }
+}
+return defaultPassword;
+ }
+
+ public String readPasswordFromFile(String filePath, String defaultPassword) {
Review comment:
Generally I agree...
However this is out of scope of this taks. Let me create a new JIRA to cover
this topic.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> **
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319908#comment-16319908
]
ASF GitHub Bot commented on AMBARI-22667:
-
zeroflag commented on a change in pull request #77: [AMBARI-22667] Use internal
LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160617337
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ public String readPassword(String passwordProperty, String defaultPassword) {
+if (StringUtils.isNotBlank(passwordProperty)) {
+ if (CredentialProvider.isAliasString(passwordProperty)) {
+return readPasswordFromStore(passwordProperty);
+ } else {
+return readPasswordFromFile(passwordProperty, defaultPassword);
+ }
+}
+return defaultPassword;
+ }
+
+ public String readPasswordFromFile(String filePath, String defaultPassword) {
Review comment:
I would have put this into something like Password.fromFile(path, default),
because this part doesn't need the Configuration/CredentialStore dependency.
Also please consider returning a Password objects instead of String/char[]
arrays.
Storing password in strings is not perfectly safe because there is no way of
deleting it from the memory after it is not needed on the other hand a char[]
can be nulled out. So a Password class that wraps a char[] array would be
easier to enhance with this ability.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319878#comment-16319878
]
ASF GitHub Bot commented on AMBARI-22667:
-
zeroflag commented on a change in pull request #77: [AMBARI-22667] Use internal
LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160612185
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ public String readPassword(String passwordProperty, String defaultPassword) {
+if (StringUtils.isNotBlank(passwordProperty)) {
+ if (CredentialProvider.isAliasString(passwordProperty)) {
+return readPasswordFromStore(passwordProperty);
+ } else {
+return readPasswordFromFile(passwordProperty, defaultPassword);
+ }
+}
+return defaultPassword;
+ }
+
+ public String readPasswordFromFile(String filePath, String defaultPassword) {
+if (filePath == null || !fileExistsAndCanBeRead(filePath)) {
+ LOG.debug("DB password file not specified or does not exist/can not be
read - using default");
+ return defaultPassword;
+} else {
+ LOG.debug("Reading password from file {}", filePath);
+ String password = null;
+ try {
+password = FileUtils.readFileToString(new File(filePath),
Charset.defaultCharset());
+return StringUtils.chomp(password);
+ } catch (IOException e) {
+throw new RuntimeException("Unable to read password from file [" +
filePath + "]", e);
+ }
+}
+ }
+
+ private boolean fileExistsAndCanBeRead(String filePath) {
+final File passwordFile = new File(filePath);
+return passwordFile.exists() && passwordFile.canRead() &&
passwordFile.isFile();
+ }
+
+ private String readPasswordFromStore(String aliasStr) {
+return readPasswordFromStore(aliasStr,
configuration.getMasterKeyLocation(), configuration.isMasterKeyPersisted(),
configuration.getMasterKeyStoreLocation());
+ }
+
+ public String readPasswordFromStore(String aliasStr, File masterKeyLocation,
boolean isMasterKeyPersisted, File masterKeyStoreLocation) {
+String password = null;
+loadCredentialProvider(masterKeyLocation, isMasterKeyPersisted,
masterKeyStoreLocation);
+if (credentialProvider != null) {
+ char[] result = null;
+ try {
+result = credentialProvider.getPasswordForAlias(aliasStr);
+ } catch (AmbariException e) {
+LOG.error("Error reading from credential store.");
+e.printStackTrace();
Review comment:
Do we need both printStackTrace + logging here?
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319803#comment-16319803
]
ASF GitHub Bot commented on AMBARI-22667:
-
smolnar82 commented on issue #77: [AMBARI-22667] Use internal LDAP
configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#issuecomment-356519239
@vivekratnavel OK; sorry for missing the brackets...I'll include them going
forward
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319608#comment-16319608
]
ASF GitHub Bot commented on AMBARI-22667:
-
vivekratnavel commented on issue #77: [AMBARI-22667] Use internal LDAP
configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#issuecomment-356482934
@smolnar82 Please read the How to Contribute guide -
https://cwiki.apache.org/confluence/display/AMBARI/How+to+Contribute
I have edited the title of this PR for consistency.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319178#comment-16319178
]
ASF GitHub Bot commented on AMBARI-22667:
-
rlevas commented on a change in pull request #77: AMBARI-22667: Use internal
LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160523467
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ public String readPassword(String passwordProperty, String defaultPassword) {
+if (StringUtils.isNotBlank(passwordProperty)) {
+ if (CredentialProvider.isAliasString(passwordProperty)) {
+return readPasswordFromStore(passwordProperty);
+ } else {
+return readPasswordFromFile(passwordProperty, defaultPassword);
+ }
+}
+return defaultPassword;
+ }
+
+ public String readPasswordFromFile(String filePath, String defaultPassword) {
Review comment:
Missing JavaDoc
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> **
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319177#comment-16319177
]
ASF GitHub Bot commented on AMBARI-22667:
-
rlevas commented on a change in pull request #77: AMBARI-22667: Use internal
LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160523384
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ public String readPassword(String passwordProperty, String defaultPassword) {
Review comment:
Missing JavaDoc
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> **
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319176#comment-16319176
]
ASF GitHub Bot commented on AMBARI-22667:
-
rlevas commented on a change in pull request #77: AMBARI-22667: Use internal
LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77#discussion_r160524826
##
File path:
ambari-server/src/main/java/org/apache/ambari/server/utils/PasswordUtils.java
##
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.encryption.CredentialProvider;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.inject.Inject;
+
+/**
+ * Utility class to read passwords from files or the Credential Store
+ */
+public class PasswordUtils {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PasswordUtils.class);
+ private static final Lock LOCK = new ReentrantLock();
+ private static final PasswordUtils INSTANCE = new PasswordUtils();
+
+ /**
+ * The constructor we need for creating a singleton instance
+ */
+ private PasswordUtils() {
+ }
+
+ @Inject
+ private static Configuration configuration;
+
+ private volatile CredentialProvider credentialProvider = null;
+
+ public static PasswordUtils getInstance() {
+return INSTANCE;
+ }
+
+ public String readPassword(String passwordProperty, String defaultPassword) {
+if (StringUtils.isNotBlank(passwordProperty)) {
+ if (CredentialProvider.isAliasString(passwordProperty)) {
+return readPasswordFromStore(passwordProperty);
+ } else {
+return readPasswordFromFile(passwordProperty, defaultPassword);
+ }
+}
+return defaultPassword;
+ }
+
+ public String readPasswordFromFile(String filePath, String defaultPassword) {
+if (filePath == null || !fileExistsAndCanBeRead(filePath)) {
+ LOG.debug("DB password file not specified or does not exist/can not be
read - using default");
+ return defaultPassword;
+} else {
+ LOG.debug("Reading password from file {}", filePath);
+ String password = null;
+ try {
+password = FileUtils.readFileToString(new File(filePath),
Charset.defaultCharset());
+return StringUtils.chomp(password);
+ } catch (IOException e) {
+throw new RuntimeException("Unable to read password from file [" +
filePath + "]", e);
+ }
+}
+ }
+
+ private boolean fileExistsAndCanBeRead(String filePath) {
+final File passwordFile = new File(filePath);
+return passwordFile.exists() && passwordFile.canRead() &&
passwordFile.isFile();
+ }
+
+ private String readPasswordFromStore(String aliasStr) {
+return readPasswordFromStore(aliasStr,
configuration.getMasterKeyLocation(), configuration.isMasterKeyPersisted(),
configuration.getMasterKeyStoreLocation());
+ }
+
+ public String readPasswordFromStore(String aliasStr, File masterKeyLocation,
boolean isMasterKeyPersisted, File masterKeyStoreLocation) {
Review comment:
Missing JavaDoc
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL:
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16319032#comment-16319032
]
ASF GitHub Bot commented on AMBARI-22667:
-
smolnar82 opened a new pull request #77: AMBARI-22667: Use internal LDAP
configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77
@rlevas @zeroflag @echekanskiy
Local build result:
[INFO]
[INFO] BUILD SUCCESS
[INFO]
[INFO] Total time: 33:51 min
[INFO] Finished at: 2018-01-09T16:35:33+01:00
[INFO] Final Memory: 215M/897M
[INFO]
Besides updating the unit tests I also conducted integration tests against a
sample LDAP server (ldap.forumsys.com:389):
- uid=boyle with proper credentials (password=password) was able to use the
API; retrieved HTTP response code of 200
- uid=boyle with wrong credentials (password!=password) was not able to use
the API; retrieved HTTP response code of 403
Continuously checked ambari-server.log to see if LDAP configuration is
loaded/reloaded from the DB.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16301744#comment-16301744
]
Sandor Molnar commented on AMBARI-22667:
[~rlevas]
Regarding obsoletePropertyName: I'm not sure how the migration process works
but should not we be prepared for the following scenario: the user already
configured LDAP in 2.6.X (or even an earlier version). When migrating to 3.0.0
do we read ambari.properties in 2.6.X and we save that configuration in the DB?
If so, how do we know what to set in the new fields if we did not not their
previous name?
If this is not the case - the user will re-configure LDAP in 3.0.0 manually -
then the only thing we gain is documentation (maybe useful for support cases,
but I'm not sure).
Please let me know your thoughts.
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296952#comment-16296952
]
Robert Levas commented on AMBARI-22667:
---
[~smolnar]
{quote}
I'm going to extend
org.apache.ambari.server.ldap.domain.AmbariLdapConfigurationKeys with the
following fields:
defaultValue
obsoletePropertyName (to keep track of the property name we had before in
ambari.proerties)
description
{quote}
This is a great point. Maybe
org.apache.ambari.server.configuration.Configuration.ConfigurationProperty
should be bubbled up and used as values for the LDAP configuration keys. This
would also require the relevant utility methods from
org.apache.ambari.server.configuration.Configuration to be bubbled up to some
Configuration helper-like class. What do you think about that?
My guess is that eventually there will be other property sets moved into the
Ambari DB as well, so this may be a good approach for the long run.
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296945#comment-16296945
]
Robert Levas commented on AMBARI-22667:
---
[~smolnar]...
{quote}
Prior to 3.0.0 we included these properties (all that we are about to remove)
in a MarkDown file (index.md) describing properties (name, default value,
description) for its audience. I believe we should continue this going forward,
right? If so, shall we do this under this task's umbrella or a new JIRA will be
created?
{quote}
That index.md ({{ambari-server/docs/configuration/index.md}}) file contains
documentation for the ambari.properties file. I think it would be confusing to
document the properties there since these new/moved properties are stored in
the Ambari database and need to be set via the Rest API (or Ambari web client).
That said, a new JIRA should be created build similar documentation. Maybe in
a location like {{ambari-server/docs/configuration/ldap-configuration.md}}?
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296592#comment-16296592
]
Sandor Molnar commented on AMBARI-22667:
[~rlevas]
Prior to 3.0.0 we included these properties (all that we are bout to remove) in
a MarkDown file (index.md) describing properties (name, default value,
description) for its audience. I believe we should continue this going forward,
right? If so, shall we do this under this task's umbrella or a new JIRA will be
created?
I'm going to extend
org.apache.ambari.server.ldap.domain.AmbariLdapConfigurationKeys with the
following fields:
* defaultValue
* obsoletePropertyName (to keep track of the property name we had before in
ambari.proerties)
* description
This way we will have the ability to modify the code which generates that .md
file to include LDAP related configuration if we want to do this. Even if we
did not want to do this I believe that these new fields are useful for any
peers.
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> -
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 3.0.0
>Reporter: Sandor Molnar
>Assignee: Sandor Molnar
>Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
