Home Explore Help
Sign In
apache
/
ambari
mirror of https://gitee.com/freeshow_me/ambari
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

[AMBARI-24827] LDAP users fail to authenticate using LDAPS due to 'No subject alternative DNS name' exception

Robert Levas 7 years ago
parent
9183c07ced
commit
2f81272700
2 changed files with 13 additions and 1 deletions
Split View Show Diff Stats
  1. 10 1
      ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
  2. 3 0
      ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java

+ 10 - 1
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
View File 

@@ -52,7 +52,8 @@ import com.google.inject.Inject;
 
  * Provides LDAP user authorization logic for Ambari Server
 
  */
 
 public class AmbariLdapAuthenticationProvider extends AmbariAuthenticationProvider {
 
-  static Logger LOG = LoggerFactory.getLogger(AmbariLdapAuthenticationProvider.class); // exposed and mutable for "test"
 
+  private static final String SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION = "com.sun.jndi.ldap.object.disableEndpointIdentification";
 
+  private static Logger LOG = LoggerFactory.getLogger(AmbariLdapAuthenticationProvider.class);
 
 
   final AmbariLdapConfigurationProvider ldapConfigurationProvider;
 
 
@@ -171,6 +172,14 @@ public class AmbariLdapAuthenticationProvider extends AmbariAuthenticationProvid
 
         springSecurityContextSource.setPassword(ldapServerProperties.get().getManagerPassword());
 
       }
 
 
+      if (ldapServerProperties.get().isUseSsl() && ldapServerProperties.get().isDisableEndpointIdentification()) {
 
+        System.setProperty(SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION, "true");
 
+        LOG.info("Disabled endpoint identification");
 
+      } else {
 
+        System.clearProperty(SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION);
 
+        LOG.info("Removed endpoint identification disabling");
 
+      }
 
+
 
       try {
 
         springSecurityContextSource.afterPropertiesSet();
 
       } catch (Exception e) {

+ 3 - 0
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
View File 

@@ -1756,6 +1756,9 @@ public class UpgradeCatalog270 extends AbstractUpgradeCatalog {
 
     map.put(AmbariServerConfigurationKey.PAGINATION_ENABLED, "authentication.ldap.pagination.enabled");
 
     map.put(AmbariServerConfigurationKey.COLLISION_BEHAVIOR, "ldap.sync.username.collision.behavior");
 
 
+    // Added in the event a previous version of Ambari had AMBARI-24827 back-ported to it
 
+    map.put(AmbariServerConfigurationKey.DISABLE_ENDPOINT_IDENTIFICATION, "ldap.sync.disable.endpoint.identification");
 
+
 
     // SSO-related properties
 
     map.put(AmbariServerConfigurationKey.SSO_PROVIDER_URL, "authentication.jwt.providerUrl");
 
     map.put(AmbariServerConfigurationKey.SSO_PROVIDER_CERTIFICATE, "authentication.jwt.publicKey");