AMBARI-12896. Add LDAP / AD bind properties for Ranger (Gautam Borad via alejandro)

ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml

@@ -158,12 +158,43 @@
     <description></description>
   </property>
 
+  <property>
+    <name>ranger.ldap.user.searchfilter</name>
+    <value>(uid={0})</value>
+    <description>Search filter used for Bind Authentication</description>
+  </property>
+
   <property>
     <name>ranger.ldap.group.roleattribute</name>
     <value>cn</value>
     <description></description>
   </property>
 
+  <property>
+    <name>ranger.ldap.base.dn</name>
+    <value>dc=example,dc=com</value>
+    <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+  </property>
+
+  <property>
+    <name>ranger.ldap.bind.dn</name>
+    <value>cn=adadmin,cn=Users,dc=example,dc=com</value>
+    <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description>
+  </property>
+
+  <property>
+    <name>ranger.ldap.bind.password</name>
+    <value></value>
+    <property-type>PASSWORD</property-type>
+    <description>Password for the account that can search for users</description>
+  </property>
+
+  <property>
+    <name>ranger.ldap.referral</name>
+    <value>ignore</value>
+    <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
+  </property>
+
   <property>
     <name>ranger.ldap.ad.domain</name>
     <value>localhost</value>
@@ -176,6 +207,37 @@
     <description></description>
   </property>
 
+  <property>
+    <name>ranger.ldap.ad.base.dn</name>
+    <value>dc=example,dc=com</value>
+    <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+  </property>
+
+  <property>
+    <name>ranger.ldap.ad.bind.dn</name>
+    <value>cn=adadmin,cn=Users,dc=example,dc=com</value>
+    <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description>
+  </property>
+
+  <property>
+    <name>ranger.ldap.ad.bind.password</name>
+    <value></value>
+    <property-type>PASSWORD</property-type>
+    <description>Password for the account that can search for users</description>
+  </property>
+
+  <property>
+    <name>ranger.ldap.ad.user.searchfilter</name>
+    <value>(sAMAccountName={0})</value>
+    <description>Search filter used for Bind Authentication</description>
+  </property>
+
+  <property>
+    <name>ranger.ldap.ad.referral</name>
+    <value>ignore</value>
+    <description>"Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed"</description>
+  </property>
+
   <property>
     <name>ranger.jpa.audit.jdbc.driver</name>
     <value>{{ranger_jdbc_driver}}</value>

ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml

@@ -189,6 +189,12 @@
     <description></description>
   </property>
 
+  <property>
+    <name>ranger.usersync.ldap.referral</name>
+    <value>ignore</value>
+    <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
+  </property>
+
   <property>
     <name>ranger.usersync.ldap.user.groupnameattribute</name>
     <value>memberof, ismemberof</value>

ambari-web/app/data/HDP2.3/site_properties.js

@@ -39,8 +39,18 @@ var excludedConfigs = [
   'xa_ldap_groupSearchBase',
   'xa_ldap_groupSearchFilter',
   'xa_ldap_groupRoleAttribute',
+  'ranger.ldap.base.dn',
+  'ranger.ldap.bind.dn',
+  'ranger.ldap.bind.password',
+  'ranger.ldap.referral',
+  'xa_ldap_userSearchFilter',
   'xa_ldap_ad_domain',
   'xa_ldap_ad_url',
+  'ranger.ldap.ad.base.dn',
+  'ranger.ldap.ad.bind.dn',
+  'ranger.ldap.ad.bind.password',
+  'ranger.ldap.ad.referral',
+  'xa_ldap_ad_userSearchFilter',
   'policymgr_http_enabled',
   'policymgr_external_url',
   'hbase.regionserver.global.memstore.lowerLimit',
@@ -590,11 +600,11 @@ hdp23properties.push({
     "options": [
       {
         displayName: 'LDAP',
-        foreignKeys: ['ranger.ldap.group.roleattribute', 'ranger.ldap.url', 'ranger.ldap.user.dnpattern']
+        foreignKeys: ['ranger.ldap.group.roleattribute', 'ranger.ldap.url', 'ranger.ldap.user.dnpattern','ranger.ldap.base.dn','ranger.ldap.bind.dn','ranger.ldap.bind.password','ranger.ldap.referral','ranger.ldap.user.searchfilter']
       },
       {
         displayName: 'ACTIVE_DIRECTORY',
-        foreignKeys: ['ranger.ldap.ad.domain', 'ranger.ldap.ad.url']
+        foreignKeys: ['ranger.ldap.ad.domain', 'ranger.ldap.ad.url','ranger.ldap.ad.base.dn','ranger.ldap.ad.bind.dn','ranger.ldap.ad.bind.password','ranger.ldap.ad.referral','ranger.ldap.ad.user.searchfilter']
       },
       {
         displayName: 'UNIX',
@@ -693,6 +703,61 @@ hdp23properties.push({
     "filename": "ranger-admin-site.xml",
     "category": "LDAPSettings"
   },
+  {
+    "id": "site property",
+    "name": "ranger.ldap.base.dn",
+    "displayName": "ranger.ldap.base.dn",
+    "isReconfigurable": true,
+    "isOverridable": false,
+    "isVisible": true,
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "LDAPSettings"
+  },
+  {
+    "id": "site property",
+    "name": "ranger.ldap.bind.dn",
+    "displayName": "ranger.ldap.bind.dn",
+    "isReconfigurable": true,
+    "isOverridable": false,
+    "isVisible": true,
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "LDAPSettings"
+  },
+  {
+    "id": "site property",
+    "name": "ranger.ldap.bind.password",
+    "displayName": "ranger.ldap.bind.password",
+    "isReconfigurable": true,
+    "isOverridable": false,
+    "isVisible": true,
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "LDAPSettings"
+  },
+  {
+    "id": "site property",
+    "name": "ranger.ldap.referral",
+    "displayName": "ranger.ldap.referral",
+    "isReconfigurable": true,
+    "isOverridable": false,
+    "isVisible": true,
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "LDAPSettings"
+  },
+  {
+    "id": "site property",
+    "name": "ranger.ldap.user.searchfilter",
+    "displayName": "ranger.ldap.user.searchfilter",
+    "isReconfigurable": true,
+    "isOverridable": false,
+    "isVisible": true,
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "LDAPSettings"
+  },
   {
     "id": "site property",
     "name": "ranger.ldap.ad.domain",
@@ -714,6 +779,60 @@ hdp23properties.push({
     "serviceName": "RANGER",
     "filename": "ranger-admin-site.xml",
     "category": "ADSettings"
+  },{
+    "id": "site property",
+    "name": "ranger.ldap.ad.base.dn",
+    "displayName": "ranger.ldap.ad.base.dn",
+    "isReconfigurable": true,
+    "isOverridable": false,
+    "isVisible": true,
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "ADSettings"
+  },
+  {
+    "id": "site property",
+    "name": "ranger.ldap.ad.bind.dn",
+    "displayName": "ranger.ldap.ad.bind.dn",
+    "isReconfigurable": true,
+    "isOverridable": false,
+    "isVisible": true,
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "ADSettings"
+  },
+  {
+    "id": "site property",
+    "name": "ranger.ldap.ad.bind.password",
+    "displayName": "ranger.ldap.ad.bind.password",
+    "isReconfigurable": true,
+    "isOverridable": false,
+    "isVisible": true,
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "ADSettings"
+  },
+  {
+    "id": "site property",
+    "name": "ranger.ldap.ad.referral",
+    "displayName": "ranger.ldap.ad.referral",
+    "isReconfigurable": true,
+    "isOverridable": false,
+    "isVisible": true,
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "ADSettings"
+  },
+  {
+    "id": "site property",
+    "name": "ranger.ldap.ad.user.searchfilter",
+    "displayName": "ranger.ldap.ad.user.searchfilter",
+    "isReconfigurable": true,
+    "isOverridable": false,
+    "isVisible": true,
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "ADSettings"
   },
   {
     "id": "site property",
@@ -824,6 +943,15 @@ hdp23properties.push({
     "serviceName": "RANGER",
     "filename": "ranger-ugsync-site.xml"
   },
+  {
+    "id": "site property",
+    "name": "ranger.usersync.ldap.referral",
+    "displayName": "ranger.usersync.ldap.referral",
+    "category": "Advanced ranger-ugsync-site",
+    "isRequired": false,
+    "serviceName": "RANGER",
+    "filename": "ranger-ugsync-site.xml"
+  },
   {
     "id": "site property",
     "name": "common.name.for.certificate",