Repository: ambari Updated Branches: refs/heads/branch-2.5 9f5bce56d -> 97fcfb3cb
AMBARI-21259 Need to use provided password when usersync sync source and authentication method are different (mugdha) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/97fcfb3c Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/97fcfb3c Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/97fcfb3c Branch: refs/heads/branch-2.5 Commit: 97fcfb3cbe95a2366526e2ac03e21a0edd4410e2 Parents: 9f5bce5 Author: Mugdha Varadkar <mug...@apache.org> Authored: Thu Jun 15 18:41:24 2017 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Tue Jun 20 10:42:28 2017 +0530 ---------------------------------------------------------------------- .../RANGER/0.4.0/package/scripts/params.py | 4 +++- .../RANGER/0.4.0/package/scripts/setup_ranger_xml.py | 12 ++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/97fcfb3c/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py index 094d239..3789358 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py @@ -445,4 +445,6 @@ https_keystore_password = config['configurations']['ranger-admin-site']['ranger. truststore_password = config['configurations']['ranger-admin-site']['ranger.truststore.password'] # need this to capture cluster name for ranger tagsync -cluster_name = config['clusterName'] \ No newline at end of file +cluster_name = config['clusterName'] +ranger_ldap_bind_auth_password = config['configurations']['ranger-admin-site']['ranger.ldap.bind.password'] +ranger_ad_bind_auth_password = config['configurations']['ranger-admin-site']['ranger.ldap.ad.bind.password'] \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/97fcfb3c/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py index 087e866..2fa7b2f 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py @@ -312,7 +312,11 @@ def do_keystore_setup(upgrade_type=None): ) if params.ranger_auth_method.upper() == "LDAP": - ranger_credential_helper(params.cred_lib_path, params.ranger_ldap_password_alias, params.ranger_usersync_ldap_ldapbindpassword, params.ranger_credential_provider_path) + ranger_ldap_auth_password = params.ranger_usersync_ldap_ldapbindpassword + if params.ranger_ldap_bind_auth_password != "{{ranger_usersync_ldap_ldapbindpassword}}": + ranger_ldap_auth_password = params.ranger_ldap_bind_auth_password + + ranger_credential_helper(params.cred_lib_path, params.ranger_ldap_password_alias, ranger_ldap_auth_password, params.ranger_credential_provider_path) File(params.ranger_credential_provider_path, owner = params.unix_user, @@ -321,7 +325,11 @@ def do_keystore_setup(upgrade_type=None): ) if params.ranger_auth_method.upper() == "ACTIVE_DIRECTORY": - ranger_credential_helper(params.cred_lib_path, params.ranger_ad_password_alias, params.ranger_usersync_ldap_ldapbindpassword, params.ranger_credential_provider_path) + ranger_ad_auth_password = params.ranger_usersync_ldap_ldapbindpassword + if params.ranger_ad_bind_auth_password != "{{ranger_usersync_ldap_ldapbindpassword}}": + ranger_ad_auth_password = params.ranger_ad_bind_auth_password + + ranger_credential_helper(params.cred_lib_path, params.ranger_ad_password_alias, ranger_ad_auth_password, params.ranger_credential_provider_path) File(params.ranger_credential_provider_path, owner = params.unix_user,