Inicio Explorar Ayuda
Iniciar sesión
apache
/
ambari
espejo de https://gitee.com/freeshow_me/ambari
2
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

AMBARI-18198. Doc updates about ldap sync related properties (oleewere)

oleewere hace 9 años
padre
925448d0cf
commit
1d9aa654d9
Se han modificado 2 ficheros con 18 adiciones y 14 borrados
Dividir vista Mostrar estadísticas de diff
  1. 4 4
      ambari-server/docs/configuration/index.md
  2. 14 10
      ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java

+ 4 - 4
ambari-server/docs/configuration/index.md
Ver fichero 

@@ -85,10 +85,10 @@ The following are the properties which can be used to configure Ambari.
 
 | authentication.ldap.primaryUrl | The LDAP URL used for connecting to an LDAP server when authenticating users. This should include both the host name and port. |`localhost:33389` | 
 | authentication.ldap.referral | Determines whether to follow LDAP referrals to other URLs when the LDAP controller doesn't have the requested object. |`follow` | 
 | authentication.ldap.secondaryUrl | A second LDAP URL to use as a backup when authenticating users. This should include both the host name and port. | | 
-| authentication.ldap.sync.groupMemberFilter | The default filter to use for syncing member from LDAP. | | 
-| authentication.ldap.sync.groupMemberReplacePattern | The default regex pattern to use when replacing the group member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID<br/><br/>The following are examples of valid values:<ul><li>``${member}``</ul> | | 
-| authentication.ldap.sync.userMemberFilter | The default filter to use for syncing users from LDAP. | | 
-| authentication.ldap.sync.userMemberReplacePattern | The default regex pattern to use when replacing the user member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID<br/><br/>The following are examples of valid values:<ul><li>``${member}``</ul> | | 
+| authentication.ldap.sync.groupMemberFilter | Filter to use for syncing group members of a group from LDAP. (by default it is not used)<br/><br/>The following are examples of valid values:<ul><li>`(&(objectclass=posixgroup)(cn={member}))`</ul> | | 
+| authentication.ldap.sync.groupMemberReplacePattern | Regex pattern to use when replacing the group member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID (e.g.: `member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache`)<br/><br/>The following are examples of valid values:<ul><li>`(?<sid>.*);(?<guid>.*);(?<member>.*)`</ul> | | 
+| authentication.ldap.sync.userMemberFilter | Filter to use for syncing user members of a group from LDAP (by default it is not used).<br/><br/>The following are examples of valid values:<ul><li>`(&(objectclass=posixaccount)(uid={member}))`</ul> | | 
+| authentication.ldap.sync.userMemberReplacePattern | Regex pattern to use when replacing the user member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID (e.g.: `member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache`)<br/><br/>The following are examples of valid values:<ul><li>`(?<sid>.*);(?<guid>.*);(?<member>.*)`</ul> | | 
 | authentication.ldap.useSSL | Determines whether to use LDAP over SSL (LDAPS). |`false` | 
 | authentication.ldap.userBase | The filter used when searching for users in LDAP. |`ou=people,dc=ambari,dc=apache,dc=org` | 
 | authentication.ldap.userObjectClass | The class to which user objects in LDAP belong. |`person` |

+ 14 - 10
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
Ver fichero 

@@ -1055,41 +1055,45 @@ public class Configuration {
 
       "authentication.ldap.pagination.enabled", "true");
 
 
   /**
 
-   * The default regex pattern to use when replacing the user member attribute
 
+   * Regex pattern to use when replacing the user member attribute
 
    * ID value with a placeholder. This is used in cases where a UID of an LDAP
 
    * member is not a full CN or unique ID.
 
    */
 
   @Markdown(
 
-      description = "The default regex pattern to use when replacing the user member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID",
 
-      examples = { "`${member}`" })
 
+      description = "Regex pattern to use when replacing the user member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID (e.g.: `member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache`)",
 
+      examples = { "(?<sid>.*);(?<guid>.*);(?<member>.*)" })
 
   public static final ConfigurationProperty<String> LDAP_SYNC_USER_MEMBER_REPLACE_PATTERN = new ConfigurationProperty<>(
 
       "authentication.ldap.sync.userMemberReplacePattern",
 
       LDAP_SYNC_MEMBER_REPLACE_PATTERN_DEFAULT);
 
 
   /**
 
-   * The default regex pattern to use when replacing the group member attribute
 
+   * Regex pattern to use when replacing the group member attribute
 
    * ID value with a placeholder. This is used in cases where a UID of an LDAP
 
    * member is not a full CN or unique ID.
 
    */
 
   @Markdown(
 
-      description = "The default regex pattern to use when replacing the group member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID",
 
-      examples = { "`${member}`" })
 
+      description = "Regex pattern to use when replacing the group member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID (e.g.: `member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache`)",
 
+      examples = { "(?<sid>.*);(?<guid>.*);(?<member>.*)" })
 
   public static final ConfigurationProperty<String> LDAP_SYCN_GROUP_MEMBER_REPLACE_PATTERN = new ConfigurationProperty<>(
 
       "authentication.ldap.sync.groupMemberReplacePattern",
 
       LDAP_SYNC_MEMBER_REPLACE_PATTERN_DEFAULT);
 
 
   /**
 
-   * The default filter to use for syncing users from LDAP.
 
+   * Filter to use for syncing user members of group from LDAP. (by default it is not used)
 
    */
 
-  @Markdown(description = "The default filter to use for syncing users from LDAP.")
 
+  @Markdown(
 
+    description = "Filter to use for syncing user members of a group from LDAP (by default it is not used).",
 
+    examples = {"(&(objectclass=posixaccount)(uid={member}))"})
 
   public static final ConfigurationProperty<String> LDAP_SYNC_USER_MEMBER_FILTER = new ConfigurationProperty<>(
 
       "authentication.ldap.sync.userMemberFilter",
 
       LDAP_SYNC_MEMBER_FILTER_DEFAULT);
 
 
   /**
 
-   * The default filter to use for syncing member from LDAP.
 
+   * Filter to use for syncing group members of a group from LDAP. (by default it is not used)
 
    */
 
-  @Markdown(description = "The default filter to use for syncing member from LDAP.")
 
+  @Markdown(
 
+    description = "Filter to use for syncing group members of a group from LDAP. (by default it is not used)",
 
+    examples = {"(&(objectclass=posixgroup)(cn={member}))"})
 
   public static final ConfigurationProperty<String> LDAP_SYNC_GROUP_MEMBER_FILTER = new ConfigurationProperty<>(
 
       "authentication.ldap.sync.groupMemberFilter",
 
       LDAP_SYNC_MEMBER_FILTER_DEFAULT);