HADOOP-11686. MiniKDC cannot change ORG_NAME or ORG_DOMAIN. Contributed by Duo Zhang.

hadoop-common-project/hadoop-common/CHANGES.txt

@@ -1067,6 +1067,9 @@ Release 2.7.0 - UNRELEASED
 
     HADOOP-11670. Regression: s3a auth setup broken. (Adam Budde via stevel)
 
+    HADOOP-11686. MiniKDC cannot change ORG_NAME or ORG_DOMAIN.
+    (Duo Zhang via wheat9)
+
 Release 2.6.1 - UNRELEASED
 
   INCOMPATIBLE CHANGES

hadoop-common-project/hadoop-minikdc/src/main/java/org/apache/hadoop/minikdc/MiniKdc.java

@@ -36,6 +36,7 @@ import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
 import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex;
 import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
 import org.apache.directory.server.core.partition.ldif.LdifPartition;
+import org.apache.directory.server.kerberos.KerberosConfig;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
 import org.apache.directory.server.kerberos.shared.keytab.Keytab;
@@ -418,7 +419,15 @@ public class MiniKdc {
       IOUtils.closeQuietly(is1);
     }
 
-    kdc = new KdcServer();
+    KerberosConfig kerberosConfig = new KerberosConfig();
+    kerberosConfig.setMaximumRenewableLifetime(Long.parseLong(conf
+        .getProperty(MAX_RENEWABLE_LIFETIME)));
+    kerberosConfig.setMaximumTicketLifetime(Long.parseLong(conf
+        .getProperty(MAX_TICKET_LIFETIME)));
+    kerberosConfig.setSearchBaseDn(String.format("dc=%s,dc=%s", orgName,
+        orgDomain));
+    kerberosConfig.setPaEncTimestampRequired(false);
+    kdc = new KdcServer(kerberosConfig);
     kdc.setDirectoryService(ds);
 
     // transport
@@ -431,12 +440,6 @@ public class MiniKdc {
       throw new IllegalArgumentException("Invalid transport: " + transport);
     }
     kdc.setServiceName(conf.getProperty(INSTANCE));
-    kdc.getConfig().setMaximumRenewableLifetime(
-            Long.parseLong(conf.getProperty(MAX_RENEWABLE_LIFETIME)));
-    kdc.getConfig().setMaximumTicketLifetime(
-            Long.parseLong(conf.getProperty(MAX_TICKET_LIFETIME)));
-
-    kdc.getConfig().setPaEncTimestampRequired(false);
     kdc.start();
 
     StringBuilder sb = new StringBuilder();

hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestChangeOrgNameAndDomain.java

@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.minikdc;
+
+import java.util.Properties;
+
+public class TestChangeOrgNameAndDomain extends TestMiniKdc {
+
+  @Override
+  public void createMiniKdcConf() {
+    super.createMiniKdcConf();
+    Properties properties = getConf();
+    properties.setProperty(MiniKdc.ORG_NAME, "APACHE");
+    properties.setProperty(MiniKdc.ORG_DOMAIN, "COM");
+  }
+
+}