AMBARI-8984. Ambari user+group sync does not work with Active Directory. (Yurii Shylov via mahadev)

ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java

@@ -142,6 +142,8 @@ public class Configuration {
       "authentication.ldap.managerDn";
   public static final String LDAP_MANAGER_PASSWORD_KEY =
       "authentication.ldap.managerPassword";
+  public static final String LDAP_DN_ATTRIBUTE_KEY =
+      "authentication.ldap.dnAttribute";
   public static final String LDAP_USERNAME_ATTRIBUTE_KEY =
       "authentication.ldap.usernameAttribute";
   public static final String LDAP_USER_BASE_KEY =
@@ -295,6 +297,7 @@ public class Configuration {
   private static final String LDAP_PRIMARY_URL_DEFAULT = "localhost:33389";
   private static final String LDAP_BASE_DN_DEFAULT = "dc=ambari,dc=apache,dc=org";
   private static final String LDAP_USERNAME_ATTRIBUTE_DEFAULT = "uid";
+  private static final String LDAP_DN_ATTRIBUTE_DEFAULT = "dn";
   private static final String LDAP_USER_BASE_DEFAULT =
       "ou=people,dc=ambari,dc=apache,dc=org";
   private static final String LDAP_USER_OBJECT_CLASS_DEFAULT = "person";
@@ -910,6 +913,7 @@ public class Configuration {
 
     ldapServerProperties.setUserBase(properties.getProperty(LDAP_USER_BASE_KEY, LDAP_USER_BASE_DEFAULT));
     ldapServerProperties.setUserObjectClass(properties.getProperty(LDAP_USER_OBJECT_CLASS_KEY, LDAP_USER_OBJECT_CLASS_DEFAULT));
+    ldapServerProperties.setDnAttribute(properties.getProperty(LDAP_DN_ATTRIBUTE_KEY, LDAP_DN_ATTRIBUTE_DEFAULT));
 
     ldapServerProperties.setGroupBase(properties.
         getProperty(LDAP_GROUP_BASE_KEY, LDAP_GROUP_BASE_DEFAULT));

ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java

@@ -35,6 +35,7 @@ public class LdapServerProperties {
   private String managerDn;
   private String managerPassword;
   private String baseDN;
+  private String dnAttribute;
 
   //LDAP group properties
   private String groupBase;
@@ -216,6 +217,14 @@ public class LdapServerProperties {
     return userObjectClass;
   }
 
+  public String getDnAttribute() {
+    return dnAttribute;
+  }
+
+  public void setDnAttribute(String dnAttribute) {
+    this.dnAttribute = dnAttribute;
+  }
+
   @Override
   public boolean equals(Object obj) {
     if (this == obj) return true;
@@ -249,6 +258,8 @@ public class LdapServerProperties {
         that.adminGroupMappingRules) : that.adminGroupMappingRules != null) return false;
     if (groupSearchFilter != null ? !groupSearchFilter.equals(
         that.groupSearchFilter) : that.groupSearchFilter != null) return false;
+    if (dnAttribute != null ? !dnAttribute.equals(
+        that.dnAttribute) : that.dnAttribute != null) return false;
 
     return true;
   }
@@ -271,6 +282,7 @@ public class LdapServerProperties {
     result = 31 * result + (groupNamingAttr != null ? groupNamingAttr.hashCode() : 0);
     result = 31 * result + (adminGroupMappingRules != null ? adminGroupMappingRules.hashCode() : 0);
     result = 31 * result + (groupSearchFilter != null ? groupSearchFilter.hashCode() : 0);
+    result = 31 * result + (dnAttribute != null ? dnAttribute.hashCode() : 0);
     return result;
   }
 

ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java

@@ -82,7 +82,6 @@ public class AmbariLdapDataPopulator {
 
   // Constants
   private static final String UID_ATTRIBUTE          = "uid";
-  private static final String DN_ATTRIBUTE           = "dn";
   private static final String OBJECT_CLASS_ATTRIBUTE = "objectClass";
 
   /**
@@ -459,6 +458,7 @@ public class AmbariLdapDataPopulator {
   private Filter getMemberFilter(String memberAttribute) {
 
     String   usernameAttribute = ldapServerProperties.getUsernameAttribute();
+    String   dnAttribute = ldapServerProperties.getDnAttribute();
     OrFilter memberFilter      = null;
 
     String[] filters = memberAttribute.split(",");
@@ -468,7 +468,7 @@ public class AmbariLdapDataPopulator {
 
         String lOperand = operands[0];
 
-        if (lOperand.equals(usernameAttribute) || lOperand.equals(UID_ATTRIBUTE) || lOperand.equals(DN_ATTRIBUTE)) {
+        if (lOperand.equals(usernameAttribute) || lOperand.equals(UID_ATTRIBUTE) || lOperand.equals(dnAttribute)) {
           if (memberFilter == null) {
             memberFilter = new OrFilter();
           }
@@ -477,7 +477,7 @@ public class AmbariLdapDataPopulator {
       }
     }
     return memberFilter == null ?
-        new OrFilter().or(new EqualsFilter(DN_ATTRIBUTE, memberAttribute)).
+        new OrFilter().or(new EqualsFilter(dnAttribute, memberAttribute)).
             or(new EqualsFilter(UID_ATTRIBUTE, memberAttribute)) :
         memberFilter;
   }
@@ -494,29 +494,7 @@ public class AmbariLdapDataPopulator {
     final Set<LdapGroupDto> groups = new HashSet<LdapGroupDto>();
     final LdapTemplate ldapTemplate = loadLdapTemplate();
     String baseDn = ldapServerProperties.getBaseDN();
-    ldapTemplate.search(baseDn, filter.encode(), new ContextMapper() {
-
-      @Override
-      public Object mapFromContext(Object ctx) {
-        final DirContextAdapter adapter = (DirContextAdapter) ctx;
-
-        final LdapGroupDto group = new LdapGroupDto();
-        final String groupNameAttribute = adapter.getStringAttribute(ldapServerProperties.getGroupNamingAttr());
-
-        if (groupNameAttribute != null) {
-          group.setGroupName(groupNameAttribute.toLowerCase());
-
-          final String[] uniqueMembers = adapter.getStringAttributes(ldapServerProperties.getGroupMembershipAttr());
-          if (uniqueMembers != null) {
-            for (String uniqueMember: uniqueMembers) {
-              group.getMemberAttributes().add(uniqueMember.toLowerCase());
-            }
-          }
-          groups.add(group);
-        }
-        return null;
-      }
-    });
+    ldapTemplate.search(baseDn, filter.encode(), new LdapGroupContextMapper(groups, ldapServerProperties));
     return groups;
   }
 
@@ -543,26 +521,7 @@ public class AmbariLdapDataPopulator {
     final Set<LdapUserDto> users = new HashSet<LdapUserDto>();
     final LdapTemplate ldapTemplate = loadLdapTemplate();
     String baseDn = ldapServerProperties.getBaseDN();
-    ldapTemplate.search(baseDn, filter.encode(), new ContextMapper() {
-
-      @Override
-      public Object mapFromContext(Object ctx) {
-        final LdapUserDto user = new LdapUserDto();
-        final DirContextAdapter adapter  = (DirContextAdapter) ctx;
-        final String usernameAttribute = adapter.getStringAttribute(ldapServerProperties.getUsernameAttribute());
-        final String uidAttribute = adapter.getStringAttribute(UID_ATTRIBUTE);
-        if (usernameAttribute != null && uidAttribute != null) {
-          user.setUserName(usernameAttribute.toLowerCase());
-          user.setUid(uidAttribute.toLowerCase());
-          user.setDn(adapter.getNameInNamespace().toLowerCase());
-          users.add(user);
-        } else {
-          LOG.warn("Ignoring LDAP user " + adapter.getNameInNamespace() + " as it doesn't have required" +
-              " attributes uid and " + ldapServerProperties.getUsernameAttribute());
-        }
-        return null;
-      }
-    });
+    ldapTemplate.search(baseDn, filter.encode(), new LdapUserContextMapper(users, ldapServerProperties));
     return users;
   }
 
@@ -644,4 +603,66 @@ public class AmbariLdapDataPopulator {
     }
     return ldapTemplate;
   }
+
+  //
+  // ContextMapper implementations
+  //
+
+  protected static class LdapGroupContextMapper implements ContextMapper {
+
+    private final Set<LdapGroupDto> groups;
+    private final LdapServerProperties ldapServerProperties;
+
+    public LdapGroupContextMapper(Set<LdapGroupDto> groups, LdapServerProperties ldapServerProperties) {
+      this.groups = groups;
+      this.ldapServerProperties = ldapServerProperties;
+    }
+
+    @Override
+    public Object mapFromContext(Object ctx) {
+      final DirContextAdapter adapter = (DirContextAdapter) ctx;
+      final String groupNameAttribute = adapter.getStringAttribute(ldapServerProperties.getGroupNamingAttr());
+      if (groupNameAttribute != null) {
+        final LdapGroupDto group = new LdapGroupDto();
+        group.setGroupName(groupNameAttribute.toLowerCase());
+        final String[] uniqueMembers = adapter.getStringAttributes(ldapServerProperties.getGroupMembershipAttr());
+        if (uniqueMembers != null) {
+          for (String uniqueMember: uniqueMembers) {
+            group.getMemberAttributes().add(uniqueMember.toLowerCase());
+          }
+        }
+        groups.add(group);
+      }
+      return null;
+    }
+  }
+
+  protected static class LdapUserContextMapper implements ContextMapper {
+
+    private final Set<LdapUserDto> users;
+    private final LdapServerProperties ldapServerProperties;
+
+    public LdapUserContextMapper(Set<LdapUserDto> users, LdapServerProperties ldapServerProperties) {
+      this.users = users;
+      this.ldapServerProperties = ldapServerProperties;
+    }
+
+    @Override
+    public Object mapFromContext(Object ctx) {
+      final DirContextAdapter adapter  = (DirContextAdapter) ctx;
+      final String usernameAttribute = adapter.getStringAttribute(ldapServerProperties.getUsernameAttribute());
+      final String uidAttribute = adapter.getStringAttribute(UID_ATTRIBUTE);
+      if (usernameAttribute != null || uidAttribute != null) {
+        final LdapUserDto user = new LdapUserDto();
+        user.setUserName(usernameAttribute != null ? usernameAttribute.toLowerCase() : null);
+        user.setUid(uidAttribute != null ? uidAttribute.toLowerCase() : null);
+        user.setDn(adapter.getNameInNamespace().toLowerCase());
+        users.add(user);
+      } else {
+        LOG.warn("Ignoring LDAP user " + adapter.getNameInNamespace() + " as it doesn't have required" +
+                " attributes uid and " + ldapServerProperties.getUsernameAttribute());
+      }
+      return null;
+    }
+  }
 }

ambari-server/src/main/python/ambari-server.py

@@ -3226,6 +3226,7 @@ def setup_ldap():
                         "authentication.ldap.groupObjectClass",
                         "authentication.ldap.groupNamingAttr",
                         "authentication.ldap.groupMembershipAttr",
+                        "authentication.ldap.dnAttribute",
                         "authentication.ldap.baseDn",
                         "authentication.ldap.bindAnonymously"]
 
@@ -3250,8 +3251,9 @@ def setup_ldap():
   LDAP_GROUP_CLASS_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[5], "posixGroup")
   LDAP_GROUP_ATT_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[6], "cn")
   LDAP_GROUP_MEMBER_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[7], "memberUid")
-  LDAP_BASE_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[8])
-  LDAP_BIND_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[9], "false")
+  LDAP_DN_ATT_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[8], "dn")
+  LDAP_BASE_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[9])
+  LDAP_BIND_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[10], "false")
   LDAP_MGR_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_opt[0])
   SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
   SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
@@ -3259,23 +3261,24 @@ def setup_ldap():
 
   ldap_properties_map_reqd =\
   {
-    ldap_property_list_reqd[0]:(LDAP_PRIMARY_URL_DEFAULT, "Primary URL* {{host:port}} {0}: ".format(get_prompt_default(LDAP_PRIMARY_URL_DEFAULT)), False),\
-    ldap_property_list_reqd[1]:(LDAP_SECONDARY_URL_DEFAULT, "Secondary URL {{host:port}} {0}: ".format(get_prompt_default(LDAP_SECONDARY_URL_DEFAULT)), True),\
-    ldap_property_list_reqd[2]:(LDAP_USE_SSL_DEFAULT, "Use SSL* [true/false] {0}: ".format(get_prompt_default(LDAP_USE_SSL_DEFAULT)), False),\
-    ldap_property_list_reqd[3]:(LDAP_USER_CLASS_DEFAULT, "User object class* {0}: ".format(get_prompt_default(LDAP_USER_CLASS_DEFAULT)), False),\
-    ldap_property_list_reqd[4]:(LDAP_USER_ATT_DEFAULT, "User name attribute* {0}: ".format(get_prompt_default(LDAP_USER_ATT_DEFAULT)), False),\
-    ldap_property_list_reqd[5]:(LDAP_GROUP_CLASS_DEFAULT, "Group object class* {0}: ".format(get_prompt_default(LDAP_GROUP_CLASS_DEFAULT)), False),\
-    ldap_property_list_reqd[6]:(LDAP_GROUP_ATT_DEFAULT, "Group name attribute* {0}: ".format(get_prompt_default(LDAP_GROUP_ATT_DEFAULT)), False),\
-    ldap_property_list_reqd[7]:(LDAP_GROUP_MEMBER_DEFAULT, "Group member attribute* {0}: ".format(get_prompt_default(LDAP_GROUP_MEMBER_DEFAULT)), False),\
-    ldap_property_list_reqd[8]:(LDAP_BASE_DN_DEFAULT, "Base DN* {0}: ".format(get_prompt_default(LDAP_BASE_DN_DEFAULT)), False),\
-    ldap_property_list_reqd[9]:(LDAP_BIND_DEFAULT, "Bind anonymously* [true/false] {0}: ".format(get_prompt_default(LDAP_BIND_DEFAULT)), False),\
+    ldap_property_list_reqd[0]:(LDAP_PRIMARY_URL_DEFAULT, "Primary URL* {{host:port}} {0}: ".format(get_prompt_default(LDAP_PRIMARY_URL_DEFAULT)), False),
+    ldap_property_list_reqd[1]:(LDAP_SECONDARY_URL_DEFAULT, "Secondary URL {{host:port}} {0}: ".format(get_prompt_default(LDAP_SECONDARY_URL_DEFAULT)), True),
+    ldap_property_list_reqd[2]:(LDAP_USE_SSL_DEFAULT, "Use SSL* [true/false] {0}: ".format(get_prompt_default(LDAP_USE_SSL_DEFAULT)), False),
+    ldap_property_list_reqd[3]:(LDAP_USER_CLASS_DEFAULT, "User object class* {0}: ".format(get_prompt_default(LDAP_USER_CLASS_DEFAULT)), False),
+    ldap_property_list_reqd[4]:(LDAP_USER_ATT_DEFAULT, "User name attribute* {0}: ".format(get_prompt_default(LDAP_USER_ATT_DEFAULT)), False),
+    ldap_property_list_reqd[5]:(LDAP_GROUP_CLASS_DEFAULT, "Group object class* {0}: ".format(get_prompt_default(LDAP_GROUP_CLASS_DEFAULT)), False),
+    ldap_property_list_reqd[6]:(LDAP_GROUP_ATT_DEFAULT, "Group name attribute* {0}: ".format(get_prompt_default(LDAP_GROUP_ATT_DEFAULT)), False),
+    ldap_property_list_reqd[7]:(LDAP_GROUP_MEMBER_DEFAULT, "Group member attribute* {0}: ".format(get_prompt_default(LDAP_GROUP_MEMBER_DEFAULT)), False),
+    ldap_property_list_reqd[8]:(LDAP_DN_ATT_DEFAULT, "Distinguished name attribute* {0}: ".format(get_prompt_default(LDAP_DN_ATT_DEFAULT)), False),
+    ldap_property_list_reqd[9]:(LDAP_BASE_DN_DEFAULT, "Base DN* {0}: ".format(get_prompt_default(LDAP_BASE_DN_DEFAULT)), False),
+    ldap_property_list_reqd[10]:(LDAP_BIND_DEFAULT, "Bind anonymously* [true/false] {0}: ".format(get_prompt_default(LDAP_BIND_DEFAULT)), False),
   }
 
   ldap_property_value_map = {}
   for idx, key in enumerate(ldap_property_list_reqd):
     if idx in [0, 1]:
       pattern = REGEX_HOSTNAME_PORT
-    elif idx in [2, 9]:
+    elif idx in [2, 10]:
       pattern = REGEX_TRUE_FALSE
     else:
       pattern = REGEX_ANYTHING

ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java

@@ -45,6 +45,7 @@ import org.easymock.IAnswer;
 import org.junit.Test;
 import org.springframework.ldap.core.AttributesMapper;
 import org.springframework.ldap.core.ContextMapper;
+import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.LdapTemplate;
 
 import static junit.framework.Assert.*;
@@ -1417,6 +1418,7 @@ public class AmbariLdapDataPopulatorTest {
 
     expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).anyTimes();
     expect(ldapServerProperties.getUserObjectClass()).andReturn("objectClass").anyTimes();
+    expect(ldapServerProperties.getDnAttribute()).andReturn("dn").anyTimes();
     expect(ldapServerProperties.getBaseDN()).andReturn("baseDN").anyTimes();
 
     expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(|(dn=foo)(uid=foo)))"), capture(contextMapperCapture))).andReturn(list);
@@ -1434,6 +1436,67 @@ public class AmbariLdapDataPopulatorTest {
     verify(ldapTemplate, ldapServerProperties, users, configuration);
   }
 
+  @Test
+  public void testLdapUserContextMapper_uidIsNull() throws Exception {
+    LdapServerProperties ldapServerProperties = createNiceMock(LdapServerProperties.class);
+    expect(ldapServerProperties.getUsernameAttribute()).andReturn("cn").once();
+    DirContextAdapter adapter = createNiceMock(DirContextAdapter.class);
+    expect(adapter.getStringAttribute("cn")).andReturn("testUser");
+    expect(adapter.getStringAttribute("uid")).andReturn(null);
+    expect(adapter.getNameInNamespace()).andReturn("cn=testUser,ou=Ambari,dc=SME,dc=support,dc=com");
+
+    replay(ldapServerProperties, adapter);
+
+    Set<LdapUserDto> userResultSet = new HashSet<LdapUserDto>();
+    AmbariLdapDataPopulator.LdapUserContextMapper ldapUserContextMapper = new AmbariLdapDataPopulator.LdapUserContextMapper(userResultSet, ldapServerProperties);
+    ldapUserContextMapper.mapFromContext(adapter);
+
+    assertEquals(1, userResultSet.size());
+    LdapUserDto userDto = userResultSet.iterator().next();
+    assertNull(userDto.getUid());
+    assertEquals("testuser", userDto.getUserName());
+    assertEquals("cn=testuser,ou=ambari,dc=sme,dc=support,dc=com", userDto.getDn());
+  }
+
+  @Test
+  public void testLdapUserContextMapper_uidAndUsernameAreNull() throws Exception {
+    LdapServerProperties ldapServerProperties = createNiceMock(LdapServerProperties.class);
+    expect(ldapServerProperties.getUsernameAttribute()).andReturn("cn").once();
+    DirContextAdapter adapter = createNiceMock(DirContextAdapter.class);
+    expect(adapter.getStringAttribute("cn")).andReturn(null);
+    expect(adapter.getStringAttribute("uid")).andReturn(null);
+
+    replay(ldapServerProperties, adapter);
+
+    Set<LdapUserDto> userResultSet = new HashSet<LdapUserDto>();
+    AmbariLdapDataPopulator.LdapUserContextMapper ldapUserContextMapper = new AmbariLdapDataPopulator.LdapUserContextMapper(userResultSet, ldapServerProperties);
+    ldapUserContextMapper.mapFromContext(adapter);
+
+    assertEquals(0, userResultSet.size());
+  }
+
+  @Test
+  public void testLdapUserContextMapper() throws Exception {
+    LdapServerProperties ldapServerProperties = createNiceMock(LdapServerProperties.class);
+    expect(ldapServerProperties.getUsernameAttribute()).andReturn("cn").once();
+    DirContextAdapter adapter = createNiceMock(DirContextAdapter.class);
+    expect(adapter.getStringAttribute("cn")).andReturn("testUser");
+    expect(adapter.getStringAttribute("uid")).andReturn("UID1");
+    expect(adapter.getNameInNamespace()).andReturn("cn=testUser,ou=Ambari,dc=SME,dc=support,dc=com");
+
+    replay(ldapServerProperties, adapter);
+
+    Set<LdapUserDto> userResultSet = new HashSet<LdapUserDto>();
+    AmbariLdapDataPopulator.LdapUserContextMapper ldapUserContextMapper = new AmbariLdapDataPopulator.LdapUserContextMapper(userResultSet, ldapServerProperties);
+    ldapUserContextMapper.mapFromContext(adapter);
+
+    assertEquals(1, userResultSet.size());
+    LdapUserDto userDto = userResultSet.iterator().next();
+    assertEquals("uid1", userDto.getUid());
+    assertEquals("testuser", userDto.getUserName());
+    assertEquals("cn=testuser,ou=ambari,dc=sme,dc=support,dc=com", userDto.getDn());
+  }
+
   private static int userIdCounter = 1;
 
   private User createUser(String name, boolean ldapUser, GroupEntity group) {

ambari-server/src/test/python/TestAmbariServer.py

@@ -4672,7 +4672,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
     }
 
     get_ambari_properties_method.return_value = configs
-    raw_input_mock.side_effect = ['a:3', 'b:b', 'hody', 'b:2', 'false', 'user', 'uid', 'group', 'cn', 'member', 'base', 'true']
+    raw_input_mock.side_effect = ['a:3', 'b:b', 'hody', 'b:2', 'false', 'user', 'uid', 'group', 'cn', 'member', 'dn', 'base', 'true']
     ambari_server.SILENT = False
     get_YN_input_method.return_value = True
 
@@ -4688,6 +4688,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
         "authentication.ldap.groupObjectClass": "group",
         "authentication.ldap.groupNamingAttr": "cn",
         "authentication.ldap.groupMembershipAttr": "member",
+        "authentication.ldap.dnAttribute": "dn",
         "authentication.ldap.baseDn": "base",
         "authentication.ldap.bindAnonymously": "true",
         "client.security": "ldap",
@@ -4702,7 +4703,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
     self.assertTrue(8, raw_input_mock.call_count)
 
     raw_input_mock.reset_mock()
-    raw_input_mock.side_effect = ['a:3', '', 'b:2', 'false', 'user', 'uid', 'group', 'cn', 'member', 'base', 'true']
+    raw_input_mock.side_effect = ['a:3', '', 'b:2', 'false', 'user', 'uid', 'group', 'cn', 'member', 'dn', 'base', 'true']
 
     ambari_server.setup_ldap()
 
@@ -4715,6 +4716,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
         "authentication.ldap.groupObjectClass": "group",
         "authentication.ldap.groupNamingAttr": "cn",
         "authentication.ldap.groupMembershipAttr": "member",
+        "authentication.ldap.dnAttribute": "dn",
         "authentication.ldap.baseDn": "base",
         "authentication.ldap.bindAnonymously": "true",
         "client.security": "ldap",
@@ -4813,6 +4815,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
         "authentication.ldap.groupObjectClass": "test",
         "authentication.ldap.groupMembershipAttr": "test",
         "authentication.ldap.groupNamingAttr": "test",
+        "authentication.ldap.dnAttribute": "test",
         "client.security": "ldap", \
         ambari_server.LDAP_MGR_PASSWORD_PROPERTY: "ldap-password.dat",
         "ambari.ldap.isConfigured": "true"
@@ -4873,6 +4876,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
         "authentication.ldap.useSSL": "true",
         "authentication.ldap.usernameAttribute": "test",
         "authentication.ldap.baseDn": "test",
+        "authentication.ldap.dnAttribute": "test",
         "authentication.ldap.bindAnonymously": "false",
         "authentication.ldap.managerDn": "test",
         "client.security": "ldap",