-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56386/
-----------------------------------------------------------
(Updated Feb. 7, 2017, 8:01 p.m.)
Review request for atlas, Shwetha GS and Venkat Ranganathan.
Changes
-------
Adjusted throw and handling of nulls to that fall back to old AD mechanism can
occur. I guess the next question are the throw's used at all if they aren't I
propose to remove them and just log the failure.
Bugs: ATLAS-1508
https://issues.apache.org/jira/browse/ATLAS-1508
Repository: atlas
Description
-------
After upgrading to HDP 2.5.3.x from HDP 2.4.x we noticed kerberos
authentication for the UI no longer works. So we switched to utilize Active
Directory and noticed that with ActiveDirectory it was attempting use UPN which
is risky in a large Active Directory environment instead samAccountName should
be used like in https://issues.apache.org/jira/browse/RANGER-457. I worked on a
previous JIRA with Zeppelin
https://issues.apache.org/jira/browse/ZEPPELIN-1472. So this has been addressed
in Knox, Ranger, and Zeppelin. I propose the attached fix to address this issue
as the Ranger folks addressed this issue. Without this Atlas will not function
in a Large multi-forest Active Directory environment.
Diffs (updated)
-----
webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
3a6a9e1
Diff: https://reviews.apache.org/r/56386/diff/
Testing
-------
Maven build completed without issue and this fix is now running in our
Production and Test environments before this fix Atlas UI was not usable due to
multiple directories
Thanks,
Greg Senia
