This is an automated email from the ASF dual-hosted git repository.
prabhjyotsingh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new e70d8f7 [ZEPPELIN-3875] Groups are not derived when using
ActiveDirectory (#3233)
e70d8f7 is described below
commit e70d8f70d6b75411e9e1f371921bec4a59bd8685
Author: zlosim <vince.mic...@gmail.com>
AuthorDate: Tue Jan 8 13:53:19 2019 +0100
[ZEPPELIN-3875] Groups are not derived when using ActiveDirectory (#3233)
* changed userPrincipalName to sAMAccountName when deriving groups user
belongs to
* - fixed AD user search in note permissions
- added AD user search attribute as parameter with sAMAaccountName as
default
---
.../zeppelin/realm/ActiveDirectoryGroupRealm.java | 23 +++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git
a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
index 41d9f5d..c31acc8 100644
---
a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
+++
b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
@@ -66,8 +66,20 @@ public class ActiveDirectoryGroupRealm extends
AbstractLdapRealm {
private static final String ROLE_NAMES_DELIMETER = ",";
final String keystorePass = "activeDirectoryRealm.systemPassword";
+
+ private String userSearchAttributeName = "sAMAccountName";
+
private String hadoopSecurityCredentialPath;
+ public String getUserSearchAttributeName() {
+ return userSearchAttributeName;
+ }
+
+ public void setUserSearchAttributeName(String userSearchAttributeName) {
+ this.userSearchAttributeName = userSearchAttributeName;
+ }
+
+
public void setHadoopSecurityCredentialPath(String
hadoopSecurityCredentialPath) {
this.hadoopSecurityCredentialPath = hadoopSecurityCredentialPath;
}
@@ -247,7 +259,8 @@ public class ActiveDirectoryGroupRealm extends
AbstractLdapRealm {
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchCtls.setCountLimit(numUsersToFetch);
- String searchFilter = "(&(objectClass=*)(userPrincipalName=*" +
containString + "*))";
+ String searchFilter = String.format("(&(objectClass=*)(%s=*%s*))",
this.getUserSearchAttributeName(), containString);
+
Object[] searchArguments = new Object[]{containString};
NamingEnumeration answer = ldapContext.search(searchBase, searchFilter,
searchArguments,
@@ -265,7 +278,7 @@ public class ActiveDirectoryGroupRealm extends
AbstractLdapRealm {
NamingEnumeration ae = attrs.getAll();
while (ae.hasMore()) {
Attribute attr = (Attribute) ae.next();
- if (attr.getID().toLowerCase().equals("cn")) {
+ if
(attr.getID().toLowerCase().equals(this.getUserSearchAttributeName().toLowerCase()))
{
userNameList.addAll(LdapUtils.getAllAttributeValues(attr));
}
}
@@ -291,11 +304,11 @@ public class ActiveDirectoryGroupRealm extends
AbstractLdapRealm {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String userPrincipalName = username;
- if (this.principalSuffix != null && userPrincipalName.indexOf('@') < 0) {
- userPrincipalName += principalSuffix;
+ if (this.principalSuffix != null && userPrincipalName.indexOf('@') > 1) {
+ userPrincipalName = userPrincipalName.split("@")[0];
}
- String searchFilter = "(&(objectClass=*)(userPrincipalName=" +
userPrincipalName + "))";
+ String searchFilter = String.format("(&(objectClass=*)(%s=%s))",
this.getUserSearchAttributeName(), userPrincipalName);
Object[] searchArguments = new Object[]{userPrincipalName};
NamingEnumeration answer = ldapContext.search(searchBase, searchFilter,
searchArguments,
