AMBARI-12627 Ambari 2.0 -> 2.1 LDAP: error code 12 (dsen)

ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java

@@ -161,6 +161,7 @@ public class Configuration {
   public static final String LDAP_ADMIN_GROUP_MAPPING_RULES_KEY = "authorization.ldap.adminGroupMappingRules";
   public static final String LDAP_GROUP_SEARCH_FILTER_KEY = "authorization.ldap.groupSearchFilter";
   public static final String LDAP_REFERRAL_KEY = "authentication.ldap.referral";
+  public static final String LDAP_PAGINATION_ENABLED_KEY = "authentication.ldap.pagination.enabled";
   public static final String SERVER_EC_CACHE_SIZE = "server.ecCacheSize";
   public static final String SERVER_STALE_CONFIG_CACHE_ENABLED_KEY = "server.cache.isStale.enabled";
   public static final String SERVER_PERSISTENCE_TYPE_KEY = "server.persistence.type";
@@ -336,6 +337,7 @@ public class Configuration {
   private static final int CLIENT_API_PORT_DEFAULT = 8080;
   private static final int CLIENT_API_SSL_PORT_DEFAULT = 8443;
   private static final String LDAP_BIND_ANONYMOUSLY_DEFAULT = "true";
+  private static final String LDAP_PAGINATION_ENABLED_DEFAULT = "true";
 
   /**
    * Indicator for sys prepped host
@@ -1151,9 +1153,12 @@ public class Configuration {
     ldapServerProperties.setUsernameAttribute(properties.
         getProperty(LDAP_USERNAME_ATTRIBUTE_KEY, LDAP_USERNAME_ATTRIBUTE_DEFAULT));
 
-    ldapServerProperties.setUserBase(properties.getProperty(LDAP_USER_BASE_KEY, LDAP_USER_BASE_DEFAULT));
-    ldapServerProperties.setUserObjectClass(properties.getProperty(LDAP_USER_OBJECT_CLASS_KEY, LDAP_USER_OBJECT_CLASS_DEFAULT));
-    ldapServerProperties.setDnAttribute(properties.getProperty(LDAP_DN_ATTRIBUTE_KEY, LDAP_DN_ATTRIBUTE_DEFAULT));
+    ldapServerProperties.setUserBase(properties.getProperty(
+      LDAP_USER_BASE_KEY, LDAP_USER_BASE_DEFAULT));
+    ldapServerProperties.setUserObjectClass(properties.getProperty(
+      LDAP_USER_OBJECT_CLASS_KEY, LDAP_USER_OBJECT_CLASS_DEFAULT));
+    ldapServerProperties.setDnAttribute(properties.getProperty(
+      LDAP_DN_ATTRIBUTE_KEY, LDAP_DN_ATTRIBUTE_DEFAULT));
 
     ldapServerProperties.setGroupBase(properties.
         getProperty(LDAP_GROUP_BASE_KEY, LDAP_GROUP_BASE_DEFAULT));
@@ -1167,7 +1172,10 @@ public class Configuration {
         LDAP_ADMIN_GROUP_MAPPING_RULES_KEY, LDAP_ADMIN_GROUP_MAPPING_RULES_DEFAULT));
     ldapServerProperties.setGroupSearchFilter(properties.getProperty(
         LDAP_GROUP_SEARCH_FILTER_KEY, LDAP_GROUP_SEARCH_FILTER_DEFAULT));
-    ldapServerProperties.setReferralMethod(properties.getProperty(LDAP_REFERRAL_KEY, LDAP_REFERRAL_DEFAULT));
+    ldapServerProperties.setReferralMethod(properties.getProperty(
+      LDAP_REFERRAL_KEY, LDAP_REFERRAL_DEFAULT));
+    ldapServerProperties.setPaginationEnabled("true".equalsIgnoreCase(
+      properties.getProperty(LDAP_PAGINATION_ENABLED_KEY, LDAP_PAGINATION_ENABLED_DEFAULT)));
 
     if (properties.containsKey(LDAP_GROUP_BASE_KEY) ||
         properties.containsKey(LDAP_GROUP_OBJECT_CLASS_KEY) ||

ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java

@@ -37,6 +37,7 @@ import org.apache.ambari.server.security.ldap.LdapBatchDto;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.naming.OperationNotSupportedException;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
@@ -425,6 +426,10 @@ public class LdapSyncEventResourceProvider extends AbstractControllerResourcePro
       } catch (Exception e) {
         event.setStatus(LdapSyncEventEntity.Status.ERROR);
         String msg = "Caught exception running LDAP sync. ";
+        if (e.getCause() instanceof OperationNotSupportedException) {
+          msg += "LDAP server may not support search results pagination. " +
+            "Try to turn the pagination off.";
+        }
         event.setStatusDetail(msg + e.getMessage());
         LOG.error(msg, e);
       } finally {

ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java

@@ -55,6 +55,9 @@ public class LdapServerProperties {
   private String groupSearchFilter;
   private static final String userSearchFilter = "({attribute}={0})";
 
+  //LDAP pagination properties
+  private boolean paginationEnabled = true;
+
   public List<String> getLdapUrls() {
     String protocol = useSsl ? "ldaps://" : "ldap://";
 
@@ -234,6 +237,14 @@ public class LdapServerProperties {
     return referralMethod;
   }
 
+  public boolean isPaginationEnabled() {
+    return paginationEnabled;
+  }
+
+  public void setPaginationEnabled(boolean paginationEnabled) {
+    this.paginationEnabled = paginationEnabled;
+  }
+
   @Override
   public boolean equals(Object obj) {
     if (this == obj) return true;
@@ -271,6 +282,10 @@ public class LdapServerProperties {
         that.dnAttribute) : that.dnAttribute != null) return false;
     if (referralMethod != null ? !referralMethod.equals(that.referralMethod) : that.referralMethod != null) return false;
 
+    if (groupMappingEnabled != that.isGroupMappingEnabled()) return false;
+
+    if (paginationEnabled != that.isPaginationEnabled()) return false;
+
     return true;
   }
 

ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java

@@ -42,6 +42,7 @@ import org.springframework.ldap.control.PagedResultsDirContextProcessor;
 import org.springframework.ldap.core.AttributesMapper;
 import org.springframework.ldap.core.ContextMapper;
 import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextProcessor;
 import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.ldap.core.support.LdapContextSource;
 import org.springframework.ldap.filter.AndFilter;
@@ -543,14 +544,18 @@ public class AmbariLdapDataPopulator {
     searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
     LdapUserContextMapper ldapUserContextMapper = new LdapUserContextMapper(ldapServerProperties);
     String encodedFilter = filter.encode();
-    
+
     do {
-      for (Object dto : ldapTemplate.search(baseDn, encodedFilter, searchControls, ldapUserContextMapper, processor)) {
+      List dtos = configuration.getLdapServerProperties().isPaginationEnabled() ?
+        ldapTemplate.search(baseDn, encodedFilter, searchControls, ldapUserContextMapper, processor) :
+        ldapTemplate.search(baseDn, encodedFilter, searchControls, ldapUserContextMapper);
+      for (Object dto : dtos) {
         if (dto != null) {
           users.add((LdapUserDto)dto);
         }
       }
-    } while (processor.getCookie().getCookie() != null);
+    } while (configuration.getLdapServerProperties().isPaginationEnabled()
+      && processor.getCookie().getCookie() != null);
     return users;
   }
 

ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java

@@ -42,7 +42,6 @@ import org.apache.ambari.server.security.authorization.Users;
 import org.easymock.Capture;
 import org.easymock.EasyMock;
 import org.easymock.IAnswer;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.springframework.ldap.control.PagedResultsCookie;
 import org.springframework.ldap.control.PagedResultsDirContextProcessor;
@@ -1493,6 +1492,7 @@ public class AmbariLdapDataPopulatorTest {
     list.add(dto);
 
     expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).anyTimes();
+    expect(ldapServerProperties.isPaginationEnabled()).andReturn(true).anyTimes();
     expect(ldapServerProperties.getUserObjectClass()).andReturn("objectClass").anyTimes();
     expect(ldapServerProperties.getDnAttribute()).andReturn("dn").anyTimes();
     expect(ldapServerProperties.getBaseDN()).andReturn("baseDN").anyTimes();
@@ -1513,6 +1513,42 @@ public class AmbariLdapDataPopulatorTest {
     verify(ldapTemplate, ldapServerProperties, users, configuration, processor, cookie);
   }
 
+  @Test
+  public void testGetLdapUserByMemberAttrNoPagination() throws Exception {
+
+    Configuration configuration = createNiceMock(Configuration.class);
+    Users users = createNiceMock(Users.class);
+    LdapTemplate ldapTemplate = createNiceMock(LdapTemplate.class);
+    LdapServerProperties ldapServerProperties = createNiceMock(LdapServerProperties.class);
+    Capture<ContextMapper> contextMapperCapture = new Capture<ContextMapper>();
+    Capture<SearchControls> searchControlsCapture = new Capture<SearchControls>();
+    PagedResultsDirContextProcessor processor = createNiceMock(PagedResultsDirContextProcessor.class);
+    PagedResultsCookie cookie = createNiceMock(PagedResultsCookie.class);
+    LdapUserDto dto = new LdapUserDto();
+
+    List<LdapUserDto> list = new LinkedList<LdapUserDto>();
+    list.add(dto);
+
+    expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).anyTimes();
+    expect(ldapServerProperties.isPaginationEnabled()).andReturn(false).anyTimes();
+    expect(ldapServerProperties.getUserObjectClass()).andReturn("objectClass").anyTimes();
+    expect(ldapServerProperties.getDnAttribute()).andReturn("dn").anyTimes();
+    expect(ldapServerProperties.getBaseDN()).andReturn("baseDN").anyTimes();
+
+    expect(ldapTemplate.search(eq("baseDN"), eq("(&(objectClass=objectClass)(|(dn=foo)(uid=foo)))"), anyObject(SearchControls.class), capture(contextMapperCapture))).andReturn(list);
+
+    replay(ldapTemplate, ldapServerProperties, users, configuration, processor, cookie);
+
+    AmbariLdapDataPopulatorTestInstance populator = new AmbariLdapDataPopulatorTestInstance(configuration, users);
+
+    populator.setLdapTemplate(ldapTemplate);
+    populator.setProcessor(processor);
+
+    assertEquals(dto, populator.getLdapUserByMemberAttr("foo"));
+
+    verify(ldapTemplate, ldapServerProperties, users, configuration, processor, cookie);
+  }
+
   @Test
   public void testLdapUserContextMapper_uidIsNull() throws Exception {
     LdapServerProperties ldapServerProperties = createNiceMock(LdapServerProperties.class);