subject:"Re\: Review Request 49253\: LDAP sync\: force to use uid and cn in patterns to check a member is a dn or not"

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

2016-06-27 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49253/#review139568
---


Ship it!




Ship It!

- Robert Levas


On June 27, 2016, 9:36 a.m., Oliver Szabo wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49253/
> ---
> 
> (Updated June 27, 2016, 9:36 a.m.)
> 
> 
> Review request for Ambari, Daniel Gergely, Miklos Gergely, Robert Levas, and 
> Sandor Magyari.
> 
> 
> Bugs: AMBARI-17444
> https://issues.apache.org/jira/browse/AMBARI-17444
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> - extend check member value is a dn or not (it is possible that 
> userNameAttribute or groupNameAttribute does not appear in member value)
> - make adminGroupMapping part of the BindAuthenticator more readable (+ make 
> it switchable) and fix if the memberAttribute is not dn
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2eb0734 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
>  c63ea92 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
>  d0cafa8 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
>  53ff16d 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
>  2265eec 
> 
> Diff: https://reviews.apache.org/r/49253/diff/
> 
> 
> Testing
> ---
> 
> All green in apache report
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

2016-06-27 Thread Oliver Szabo


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49253/
---

(Updated June 27, 2016, 1:36 p.m.)


Review request for Ambari, Daniel Gergely, Miklos Gergely, Robert Levas, and 
Sandor Magyari.


Changes
---

- add custom member attribute option during usage of adminGroupMappingRules 
filter


Bugs: AMBARI-17444
https://issues.apache.org/jira/browse/AMBARI-17444


Repository: ambari


Description
---

- extend check member value is a dn or not (it is possible that 
userNameAttribute or groupNameAttribute does not appear in member value)
- make adminGroupMapping part of the BindAuthenticator more readable (+ make it 
switchable) and fix if the memberAttribute is not dn


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2eb0734 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
 c63ea92 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
 d0cafa8 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
 53ff16d 
  
ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
 2265eec 

Diff: https://reviews.apache.org/r/49253/diff/


Testing
---

All green in apache report


Thanks,

Oliver Szabo

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

2016-06-27 Thread Oliver Szabo



> On June 27, 2016, 12:42 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java,
> >  line 109
> > 
> >
> > Why are we checking for a hard-coded value here?  Are we assuming that 
> > no matter what schema is used, the "member" attribute will always mean the 
> > same thing?

you right, as I checked it, also uniqueMember is mostly DN too. so maybe better 
to make this configurable (and i'll keep the actual behavior)...this feature 
does not work anyway :)


- Oliver


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49253/#review139560
---


On June 27, 2016, 11:59 a.m., Oliver Szabo wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49253/
> ---
> 
> (Updated June 27, 2016, 11:59 a.m.)
> 
> 
> Review request for Ambari, Daniel Gergely, Miklos Gergely, Robert Levas, and 
> Sandor Magyari.
> 
> 
> Bugs: AMBARI-17444
> https://issues.apache.org/jira/browse/AMBARI-17444
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> - extend check member value is a dn or not (it is possible that 
> userNameAttribute or groupNameAttribute does not appear in member value)
> - make adminGroupMapping part of the BindAuthenticator more readable (+ make 
> it switchable) and fix if the memberAttribute is not dn
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
>  c63ea92 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
>  53ff16d 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
>  2265eec 
> 
> Diff: https://reviews.apache.org/r/49253/diff/
> 
> 
> Testing
> ---
> 
> All green in apache report
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

2016-06-27 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49253/#review139560
---


Fix it, then Ship it!




Ship It!


ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
 (line 106)


Why are we checking for a hard-coded value here?  Are we assuming that no 
matter what schema is used, the "member" attribute will always mean the same 
thing?


- Robert Levas


On June 27, 2016, 7:59 a.m., Oliver Szabo wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49253/
> ---
> 
> (Updated June 27, 2016, 7:59 a.m.)
> 
> 
> Review request for Ambari, Daniel Gergely, Miklos Gergely, Robert Levas, and 
> Sandor Magyari.
> 
> 
> Bugs: AMBARI-17444
> https://issues.apache.org/jira/browse/AMBARI-17444
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> - extend check member value is a dn or not (it is possible that 
> userNameAttribute or groupNameAttribute does not appear in member value)
> - make adminGroupMapping part of the BindAuthenticator more readable (+ make 
> it switchable) and fix if the memberAttribute is not dn
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
>  c63ea92 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
>  53ff16d 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
>  2265eec 
> 
> Diff: https://reviews.apache.org/r/49253/diff/
> 
> 
> Testing
> ---
> 
> All green in apache report
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

2016-06-27 Thread Sandor Magyari


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49253/#review139557
---


Ship it!




Ship It!

- Sandor Magyari


On June 27, 2016, 11:59 a.m., Oliver Szabo wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49253/
> ---
> 
> (Updated June 27, 2016, 11:59 a.m.)
> 
> 
> Review request for Ambari, Daniel Gergely, Miklos Gergely, Robert Levas, and 
> Sandor Magyari.
> 
> 
> Bugs: AMBARI-17444
> https://issues.apache.org/jira/browse/AMBARI-17444
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> - extend check member value is a dn or not (it is possible that 
> userNameAttribute or groupNameAttribute does not appear in member value)
> - make adminGroupMapping part of the BindAuthenticator more readable (+ make 
> it switchable) and fix if the memberAttribute is not dn
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
>  c63ea92 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
>  53ff16d 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
>  2265eec 
> 
> Diff: https://reviews.apache.org/r/49253/diff/
> 
> 
> Testing
> ---
> 
> All green in apache report
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

2016-06-27 Thread Oliver Szabo


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49253/
---

(Updated June 27, 2016, 11:59 a.m.)


Review request for Ambari, Daniel Gergely, Miklos Gergely, Robert Levas, and 
Sandor Magyari.


Changes
---

- rename query to filter


Bugs: AMBARI-17444
https://issues.apache.org/jira/browse/AMBARI-17444


Repository: ambari


Description
---

- extend check member value is a dn or not (it is possible that 
userNameAttribute or groupNameAttribute does not appear in member value)
- make adminGroupMapping part of the BindAuthenticator more readable (+ make it 
switchable) and fix if the memberAttribute is not dn


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
 c63ea92 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
 53ff16d 
  
ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
 2265eec 

Diff: https://reviews.apache.org/r/49253/diff/


Testing
---

All green in apache report


Thanks,

Oliver Szabo

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

2016-06-27 Thread Oliver Szabo


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49253/
---

(Updated June 27, 2016, 9:47 a.m.)


Review request for Ambari, Daniel Gergely, Miklos Gergely, Robert Levas, and 
Sandor Magyari.


Changes
---

- use stringutils isempty


Bugs: AMBARI-17444
https://issues.apache.org/jira/browse/AMBARI-17444


Repository: ambari


Description
---

- extend check member value is a dn or not (it is possible that 
userNameAttribute or groupNameAttribute does not appear in member value)
- make adminGroupMapping part of the BindAuthenticator more readable (+ make it 
switchable) and fix if the memberAttribute is not dn


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
 c63ea92 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
 53ff16d 
  
ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
 2265eec 

Diff: https://reviews.apache.org/r/49253/diff/


Testing
---

All green in apache report


Thanks,

Oliver Szabo

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

2016-06-27 Thread Daniel Gergely


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49253/#review139544
---


Ship it!





ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
 (line 112)


You can use StringUtils.isEmpty() here.


- Daniel Gergely


On jún. 27, 2016, 9:25 de, Oliver Szabo wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49253/
> ---
> 
> (Updated jún. 27, 2016, 9:25 de)
> 
> 
> Review request for Ambari, Daniel Gergely, Miklos Gergely, Robert Levas, and 
> Sandor Magyari.
> 
> 
> Bugs: AMBARI-17444
> https://issues.apache.org/jira/browse/AMBARI-17444
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> - extend check member value is a dn or not (it is possible that 
> userNameAttribute or groupNameAttribute does not appear in member value)
> - make adminGroupMapping part of the BindAuthenticator more readable (+ make 
> it switchable) and fix if the memberAttribute is not dn
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
>  c63ea92 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
>  53ff16d 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
>  2265eec 
> 
> Diff: https://reviews.apache.org/r/49253/diff/
> 
> 
> Testing
> ---
> 
> All green in apache report
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

Re: Review Request 49253: LDAP sync: force to use uid and cn in patterns to check a member is a dn or not

8 matches

Site Navigation

Mail list logo

Footer information