Inicio Explorar Axuda
Iniciar sesión
apache
/
ambari
réplica de https://gitee.com/freeshow_me/ambari
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

[AMBARI-24827] LDAP users fail to authenticate using LDAPS due to 'No subject alternative DNS name' exception

Robert Levas %!s(int64=7) %!d(string=hai) anos
pai
9183c07ced
achega
2f81272700
Modificáronse 2 ficheiros con 13 adicións e 1 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 10 1
      ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
  2. 3 0
      ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java

+ 10 - 1
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
Ver ficheiro 

@@ -52,7 +52,8 @@ import com.google.inject.Inject;
 
  * Provides LDAP user authorization logic for Ambari Server
 
  */
 
 public class AmbariLdapAuthenticationProvider extends AmbariAuthenticationProvider {
 
-  static Logger LOG = LoggerFactory.getLogger(AmbariLdapAuthenticationProvider.class); // exposed and mutable for "test"
 
+  private static final String SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION = "com.sun.jndi.ldap.object.disableEndpointIdentification";
 
+  private static Logger LOG = LoggerFactory.getLogger(AmbariLdapAuthenticationProvider.class);
 
 
   final AmbariLdapConfigurationProvider ldapConfigurationProvider;
 
 
@@ -171,6 +172,14 @@ public class AmbariLdapAuthenticationProvider extends AmbariAuthenticationProvid
 
         springSecurityContextSource.setPassword(ldapServerProperties.get().getManagerPassword());
 
       }
 
 
+      if (ldapServerProperties.get().isUseSsl() && ldapServerProperties.get().isDisableEndpointIdentification()) {
 
+        System.setProperty(SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION, "true");
 
+        LOG.info("Disabled endpoint identification");
 
+      } else {
 
+        System.clearProperty(SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION);
 
+        LOG.info("Removed endpoint identification disabling");
 
+      }
 
+
 
       try {
 
         springSecurityContextSource.afterPropertiesSet();
 
       } catch (Exception e) {

+ 3 - 0
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
Ver ficheiro 

@@ -1756,6 +1756,9 @@ public class UpgradeCatalog270 extends AbstractUpgradeCatalog {
 
     map.put(AmbariServerConfigurationKey.PAGINATION_ENABLED, "authentication.ldap.pagination.enabled");
 
     map.put(AmbariServerConfigurationKey.COLLISION_BEHAVIOR, "ldap.sync.username.collision.behavior");
 
 
+    // Added in the event a previous version of Ambari had AMBARI-24827 back-ported to it
 
+    map.put(AmbariServerConfigurationKey.DISABLE_ENDPOINT_IDENTIFICATION, "ldap.sync.disable.endpoint.identification");
 
+
 
     // SSO-related properties
 
     map.put(AmbariServerConfigurationKey.SSO_PROVIDER_URL, "authentication.jwt.providerUrl");
 
     map.put(AmbariServerConfigurationKey.SSO_PROVIDER_CERTIFICATE, "authentication.jwt.publicKey");