Author: brandonli Date: Wed Jun 11 18:54:09 2014 New Revision: 1601985 URL: http://svn.apache.org/r1601985 Log: HADOOP-10656. The password keystore file is not picked by LDAP group mapping. Contributed by Brandon Li
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1601985&r1=1601984&r2=1601985&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Wed Jun 11 18:54:09 2014 @@ -547,6 +547,9 @@ Release 2.5.0 - UNRELEASED HADOOP-10664. TestNetUtils.testNormalizeHostName fails. (atm) + HADOOP-10656. The password keystore file is not picked by LDAP group mapping + (brandonli) + Release 2.4.1 - UNRELEASED INCOMPATIBLE CHANGES Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java?rev=1601985&r1=1601984&r2=1601985&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java Wed Jun 11 18:54:09 2014 @@ -40,6 +40,7 @@ import org.apache.hadoop.classification. import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.io.IOUtils; /** * An implementation of {@link GroupMappingServiceProvider} which @@ -312,8 +313,8 @@ public class LdapGroupsMapping keystorePass = conf.get(LDAP_KEYSTORE_PASSWORD_KEY, LDAP_KEYSTORE_PASSWORD_DEFAULT); if (keystorePass.isEmpty()) { - keystorePass = extractPassword( - conf.get(LDAP_KEYSTORE_PASSWORD_KEY, LDAP_KEYSTORE_PASSWORD_DEFAULT)); + keystorePass = extractPassword(conf.get(LDAP_KEYSTORE_PASSWORD_FILE_KEY, + LDAP_KEYSTORE_PASSWORD_FILE_DEFAULT)); } bindUser = conf.get(BIND_USER_KEY, BIND_USER_DEFAULT); @@ -346,18 +347,20 @@ public class LdapGroupsMapping return ""; } + Reader reader = null; try { StringBuilder password = new StringBuilder(); - Reader reader = new FileReader(pwFile); + reader = new FileReader(pwFile); int c = reader.read(); while (c > -1) { password.append((char)c); c = reader.read(); } - reader.close(); return password.toString().trim(); } catch (IOException ioe) { throw new RuntimeException("Could not read password file: " + pwFile, ioe); + } finally { + IOUtils.cleanup(LOG, reader); } } }