Hadoop Common
  1. Hadoop Common
  2. HADOOP-10249

LdapGroupsMapping should trim ldap password read from file

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.4.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      org.apache.hadoop.security.LdapGroupsMapping allows specifying ldap connection password in a file using property key

      hadoop.security.group.mapping.ldap.bind.password.file

      The code in LdapGroupsMapping that reads the content of the password file does not trim the password value. This causes ldap connection failure as the password in the password file ends up having a trailing newline.

      Most of the text editors and echo adds a new line at the end of file.
      So, LdapGroupsMapping should trim the password read from the file.

      1. HADOOP-10249.patch
        0.7 kB
        Dilli Arumugam

        Activity

        Dilli Arumugam created issue -
        Hide
        Dilli Arumugam added a comment -

        The patch(diff) that fixes the problem:

        svn diff
        Index: src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        ===================================================================
        — src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java (revision 1560166)
        +++ src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java (working copy)
        @@ -356,7 +356,7 @@
        c = reader.read();
        }
        reader.close();

        • return password.toString();
          + return password.toString().trim();
          } catch (IOException ioe) { throw new RuntimeException("Could not read password file: " + pwFile, ioe); }
        Show
        Dilli Arumugam added a comment - The patch(diff) that fixes the problem: svn diff Index: src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java =================================================================== — src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java (revision 1560166) +++ src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java (working copy) @@ -356,7 +356,7 @@ c = reader.read(); } reader.close(); return password.toString(); + return password.toString().trim(); } catch (IOException ioe) { throw new RuntimeException("Could not read password file: " + pwFile, ioe); }
        Suresh Srinivas made changes -
        Field Original Value New Value
        Assignee Dilli Arumugam [ darumugam ]
        Hide
        Suresh Srinivas added a comment -

        Dilli Arumugam, please post the above diff as a patch. I am +1 on the change. Once Jenkins +1s the patch, I will commit it.

        Show
        Suresh Srinivas added a comment - Dilli Arumugam , please post the above diff as a patch. I am +1 on the change. Once Jenkins +1s the patch, I will commit it.
        Hide
        Dilli Arumugam added a comment -

        patch to resolve the problem

        Show
        Dilli Arumugam added a comment - patch to resolve the problem
        Dilli Arumugam made changes -
        Attachment HADOOP-10249.patch [ 12624949 ]
        Suresh Srinivas made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12624949/HADOOP-10249.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        -1 tests included. The patch doesn't appear to include any new or modified tests.
        Please justify why no new tests are needed for this patch.
        Also please list what manual steps were performed to verify this patch.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 javadoc. There were no new javadoc warning messages.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3573//testReport/
        Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3573//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12624949/HADOOP-10249.patch against trunk revision . +1 @author . The patch does not contain any @author tags. -1 tests included . The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3573//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3573//console This message is automatically generated.
        Hide
        Suresh Srinivas added a comment -

        Committed the patch to trunk and branch-2. Thank you Dilli Arumugam!

        Show
        Suresh Srinivas added a comment - Committed the patch to trunk and branch-2. Thank you Dilli Arumugam !
        Suresh Srinivas made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Hadoop Flags Reviewed [ 10343 ]
        Fix Version/s 2.4.0 [ 12326144 ]
        Resolution Fixed [ 1 ]
        Hide
        Hudson added a comment -

        SUCCESS: Integrated in Hadoop-trunk-Commit #5167 (See https://builds.apache.org/job/Hadoop-trunk-Commit/5167/)
        HADOOP-10249. LdapGroupsMapping should trim ldap password read from file. Contributed by Dilli Armugam. (suresh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1568164)

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        Show
        Hudson added a comment - SUCCESS: Integrated in Hadoop-trunk-Commit #5167 (See https://builds.apache.org/job/Hadoop-trunk-Commit/5167/ ) HADOOP-10249 . LdapGroupsMapping should trim ldap password read from file. Contributed by Dilli Armugam. (suresh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1568164 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        Hide
        Dilli Arumugam added a comment -

        Thank You Suresh

        Show
        Dilli Arumugam added a comment - Thank You Suresh
        Hide
        Hudson added a comment -

        SUCCESS: Integrated in Hadoop-Yarn-trunk #481 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/481/)
        HADOOP-10249. LdapGroupsMapping should trim ldap password read from file. Contributed by Dilli Armugam. (suresh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1568164)

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        Show
        Hudson added a comment - SUCCESS: Integrated in Hadoop-Yarn-trunk #481 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/481/ ) HADOOP-10249 . LdapGroupsMapping should trim ldap password read from file. Contributed by Dilli Armugam. (suresh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1568164 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        Hide
        Hudson added a comment -

        FAILURE: Integrated in Hadoop-Hdfs-trunk #1673 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1673/)
        HADOOP-10249. LdapGroupsMapping should trim ldap password read from file. Contributed by Dilli Armugam. (suresh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1568164)

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        Show
        Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #1673 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1673/ ) HADOOP-10249 . LdapGroupsMapping should trim ldap password read from file. Contributed by Dilli Armugam. (suresh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1568164 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        Hide
        Hudson added a comment -

        SUCCESS: Integrated in Hadoop-Mapreduce-trunk #1698 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1698/)
        HADOOP-10249. LdapGroupsMapping should trim ldap password read from file. Contributed by Dilli Armugam. (suresh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1568164)

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        Show
        Hudson added a comment - SUCCESS: Integrated in Hadoop-Mapreduce-trunk #1698 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1698/ ) HADOOP-10249 . LdapGroupsMapping should trim ldap password read from file. Contributed by Dilli Armugam. (suresh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1568164 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        Arun C Murthy made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Dilli Arumugam
            Reporter:
            Dilli Arumugam
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development