Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-16875

LDAP sync cannot handle if the member attribute value is not DN or id

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.4.0
    • Fix Version/s: 2.4.0
    • Component/s: ambari-server
    • Labels:
      None

      Description

      in case of member attribute value looks like this:
      "<SID=...>;<GUID=...>;cn=myCn,dc=apache,dc=org", then sync stop working.

      adding 2 new properties (to find the dn or the id of the member):
      "authentication.ldap.sync.userMemberReplacePattern"
      "authentication.ldap.sync.groupMemberReplacePattern"
      These values are empty by default.

      Example usage:
      If we got this as ldapsearch response for group member
      "member="<SID=...>;<GUID=...>;cn=myCn,dc=apache,dc=org",
      We need to define a regex which contains member group to specify the location of the DN or id e.g.(?<member>.*)
      authentication.ldap.sync.userMemberReplacePattern=(?<sid>.*);(?<guid>.*);(?<member>.*)

      Then the result will be: "cn=myCn,dc=apache,dc=org"

      also added 2 another new properties for alternative solution:
      "authentication.ldap.sync.userMemberFilter"
      "authentication.ldap.sync.groupMemberFilter"
      These values are also empty by default.

      Example usage:
      memberUid=mymemberId
      then you can specify the filter for user sync:
      "authentication.ldap.sync.userMemberFilter=(&(objectclass=posixaccount)(uid={member}))"

      That filter will be used (with the baseDN) for gather user with the memberUid:
      (&(objectclass=posixaccount)(uid=mymemberid))

        Attachments

        1. AMBARI-16875.patch
          18 kB
          Oliver Szabo

          Activity

            People

            • Assignee:
              oleewere Oliver Szabo
              Reporter:
              oleewere Oliver Szabo
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: