prabhjyotsingh closed pull request #3233: [ZEPPELIN-3875] Groups are not
derived when using ActiveDirectory
URL: https://github.com/apache/zeppelin/pull/3233
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
index 41d9f5de41..c31acc837e 100644
---
a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
+++
b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
@@ -66,8 +66,20 @@
private static final String ROLE_NAMES_DELIMETER = ",";
final String keystorePass = "activeDirectoryRealm.systemPassword";
+
+ private String userSearchAttributeName = "sAMAccountName";
+
private String hadoopSecurityCredentialPath;
+ public String getUserSearchAttributeName() {
+ return userSearchAttributeName;
+ }
+
+ public void setUserSearchAttributeName(String userSearchAttributeName) {
+ this.userSearchAttributeName = userSearchAttributeName;
+ }
+
+
public void setHadoopSecurityCredentialPath(String
hadoopSecurityCredentialPath) {
this.hadoopSecurityCredentialPath = hadoopSecurityCredentialPath;
}
@@ -247,7 +259,8 @@ protected AuthorizationInfo
buildAuthorizationInfo(Set<String> roleNames) {
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchCtls.setCountLimit(numUsersToFetch);
- String searchFilter = "(&(objectClass=*)(userPrincipalName=*" +
containString + "*))";
+ String searchFilter = String.format("(&(objectClass=*)(%s=*%s*))",
this.getUserSearchAttributeName(), containString);
+
Object[] searchArguments = new Object[]{containString};
NamingEnumeration answer = ldapContext.search(searchBase, searchFilter,
searchArguments,
@@ -265,7 +278,7 @@ protected AuthorizationInfo
buildAuthorizationInfo(Set<String> roleNames) {
NamingEnumeration ae = attrs.getAll();
while (ae.hasMore()) {
Attribute attr = (Attribute) ae.next();
- if (attr.getID().toLowerCase().equals("cn")) {
+ if
(attr.getID().toLowerCase().equals(this.getUserSearchAttributeName().toLowerCase()))
{
userNameList.addAll(LdapUtils.getAllAttributeValues(attr));
}
}
@@ -291,11 +304,11 @@ protected AuthorizationInfo
buildAuthorizationInfo(Set<String> roleNames) {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String userPrincipalName = username;
- if (this.principalSuffix != null && userPrincipalName.indexOf('@') < 0) {
- userPrincipalName += principalSuffix;
+ if (this.principalSuffix != null && userPrincipalName.indexOf('@') > 1) {
+ userPrincipalName = userPrincipalName.split("@")[0];
}
- String searchFilter = "(&(objectClass=*)(userPrincipalName=" +
userPrincipalName + "))";
+ String searchFilter = String.format("(&(objectClass=*)(%s=%s))",
this.getUserSearchAttributeName(), userPrincipalName);
Object[] searchArguments = new Object[]{userPrincipalName};
NamingEnumeration answer = ldapContext.search(searchBase, searchFilter,
searchArguments,
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
