----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47976/#review135472 -----------------------------------------------------------
Ship it! Ship It! - Daniel Gergely On máj. 27, 2016, 8:14 du, Oliver Szabo wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47976/ > ----------------------------------------------------------- > > (Updated máj. 27, 2016, 8:14 du) > > > Review request for Ambari, Daniel Gergely, Robert Levas, Robert Nettleton, > and Sebastian Toader. > > > Bugs: AMBARI-16875 > https://issues.apache.org/jira/browse/AMBARI-16875 > > > Repository: ambari > > > Description > ------- > > In some rare cases, member attribute value for a group/user can be > constructed. (not baseDN/uid, sometimes ldap proxies does that) > > Added 2 feature to fix these problems (to manipulate queries that are used > during sync): > > 2.1.) use regexp to get the useful informations from a custom member > attribute value: (for groups/users) > "authentication.ldap.sync.userMemberReplacePattern" > "authentication.ldap.sync.groupMemberReplacePattern" > > e.g.: > member: <SID=..><GUID=...>,cn=mycn,dc=org,dc=apache > > then use > authentication.ldap.sync.userMemberReplacePattern=(?<sid>.*);(?<guid>.*);(?<member>.*) > to get the member group > the result will be cn=mycn,dc=org,dc=apache, which can be used easier in > filters, or like a baseDN. > > 2.) second option the define the queries itself that are used during sync > "authentication.ldap.sync.userMemberFilter" > "authentication.ldap.sync.groupMemberFilter" > > In case you have a specific member information, maybe it wont fit with the > ambari filters, so it might be needed to use a custom filter: > simple example: > authentication.ldap.sync.userMemberFilter=(&(objectclass=posixaccount)(uid={member})) > // here we will replace the member with the member attribute value > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java > 0c2fbba > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java > 17432d0 > > ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java > 9a66456 > > ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java > eef91c1 > > Diff: https://reviews.apache.org/r/47976/diff/ > > > Testing > ------- > > testing is in progress... > > > Thanks, > > Oliver Szabo > >