knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dillido...@apache.org
Subject [3/3] git commit: KNOX-374: KnoxLdapRealm does not default values correctly for userSearchBase and groupSearchBase
Date Thu, 15 May 2014 02:21:34 GMT
KNOX-374: KnoxLdapRealm does not default values correctly for userSearchBase and groupSearchBase


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/0d82b572
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/0d82b572
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/0d82b572

Branch: refs/heads/master
Commit: 0d82b57270dc5d46af5314d738361ff84ac9609d
Parents: 4db63da
Author: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Authored: Wed May 14 18:04:57 2014 -0700
Committer: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Committed: Wed May 14 18:04:57 2014 -0700

----------------------------------------------------------------------
 .../hadoop/gateway/shirorealm/KnoxLdapRealm.java    | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/0d82b572/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
index d918cc6..7d8c028 100644
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
@@ -191,13 +191,10 @@ public class KnoxLdapRealm extends JndiLdapRealm {
         final Set<String> roleNames = new HashSet();
         final Set<String> groupNames = new HashSet();
        
-        String base =  (groupSearchBase != null && !groupSearchBase.isEmpty()) ?

-            groupSearchBase : searchBase;
-
         // ldapsearch -h localhost -p 33389 -D uid=guest,ou=people,dc=hadoop,dc=apache,dc=org
-w  guest-password 
         //       -b dc=hadoop,dc=apache,dc=org -s sub '(objectclass=*)'
         final NamingEnumeration<SearchResult> searchResultEnum = ldapCtx.search(
-            base, 
+            getGroupSearchBase(), 
             "objectClass=" + groupObjectClass, 
             SUBTREE_SCOPE);
         
@@ -293,7 +290,8 @@ public class KnoxLdapRealm extends JndiLdapRealm {
     }
 
     public String getUserSearchBase() {
-        return userSearchBase;
+      return  (userSearchBase != null && !userSearchBase.isEmpty()) ? 
+          userSearchBase : searchBase;
     }
 
     public void setUserSearchBase(String userSearchBase) {
@@ -301,7 +299,8 @@ public class KnoxLdapRealm extends JndiLdapRealm {
     }
 
     public String getGroupSearchBase() {
-        return groupSearchBase;
+      return (groupSearchBase != null && !groupSearchBase.isEmpty()) ? 
+          groupSearchBase : searchBase;
     }
 
     public void setGroupSearchBase(String groupSearchBase) {
@@ -477,9 +476,6 @@ public class KnoxLdapRealm extends JndiLdapRealm {
         return super.getUserDn(principal);
       }
 
-      String base = (userSearchBase != null && !userSearchBase.isEmpty()) ? 
-          userSearchBase : searchBase;
-
       // search for userDn and return
       String userDn = null;
       LdapContext systemLdapCtx = null;
@@ -488,7 +484,7 @@ public class KnoxLdapRealm extends JndiLdapRealm {
           String searchFilter = String.format("(&(objectclass=%1$s)(%2$s=%3$s))", 
               userObjectClass, userSearchAttributeName, principal);
           final NamingEnumeration<SearchResult> searchResultEnum = systemLdapCtx.search(
-              base, 
+              getUserSearchBase(), 
               searchFilter,
               SUBTREE_SCOPE);
           if (searchResultEnum.hasMore()) { // searchResults contains all the groups in search
scope


Mime
View raw message