-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46695/
-----------------------------------------------------------
(Updated April 26, 2016, 4:11 p.m.)
Review request for Ambari, Daniel Gergely, Oliver Szabo, and Sandor Magyari.
Changes
-------
Addressed listed issues.
Bugs: AMBARI-16119
https://issues.apache.org/jira/browse/AMBARI-16119
Repository: ambari
Description
-------
When user authenticates againts AD the user details are pulled (ldap binding)
from AD. In case the user logged in with a login alias (e.g. when a user is
present in multiple subdomains within a forest than the user name appears in
multiple places. In this case the user has to login with a login alias that
contains domain information which uniquelly identifies the user in AD) Ambari
created an override for the user detail behind the scenes in order to replace
the login user name with the ambari user name that maps to it.
The override is nothing else than copying all fields from origin user details
object but user name. Among the fields being copied over there is user password
which apparently is populated when OpenLDAP is used however in case of AD its
left null. The override user details object Ambari creates always expects a
non-null password thus the creation of it failed when AD was used.
The overriding of user details has been modified to pass empty string as
password is the passowrd in the original user details object is null.
Also some optimisation was added to create the override if the user logged in
with a login alias.
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java
98b97b2
Diff: https://reviews.apache.org/r/46695/diff/
Testing
-------
Tested manually on both OpenLDAP and AD.
Unit tests are in progress.
Thanks,
Sebastian Toader
