@Test public void testFindUserDnWhenUserDnNegativeNone() throws NamingException { NamingEnumeration<SearchResult> searchResult = mockEmptyNamingEnumeration(); when(ctx.search(anyString(), anyString(), any(SearchControls.class))).thenReturn(searchResult); search = new LdapSearch(conf, ctx); assertNull(search.findUserDn("CN=User1,DC=foo,DC=bar")); }
@Test public void testClose() throws NamingException { search = new LdapSearch(conf, ctx); search.close(); verify(ctx, atLeastOnce()).close(); }
/** * {@inheritDoc} */ @Override public List<String> executeCustomQuery(String query) throws NamingException { return execute(Collections.singletonList(baseDn), queries.customQuery(query)) .getAllLdapNamesAndAttributes(); }
/** * {@inheritDoc} */ @Override public String findUserDn(String user) throws NamingException { List<String> allLdapNames; if (LdapUtils.isDn(user)) { String userBaseDn = LdapUtils.extractBaseDn(user); String userRdn = LdapUtils.extractFirstRdn(user); allLdapNames = execute(Collections.singletonList(userBaseDn), queries.findUserDnByRdn(userRdn)).getAllLdapNames(); } else { allLdapNames = findDnByPattern(userPatterns, user); if (allLdapNames.isEmpty()) { allLdapNames = execute(userBases, queries.findUserDnByName(user)).getAllLdapNames(); } } if (allLdapNames.size() == 1) { return allLdapNames.get(0); } else { LOG.info("Expected exactly one user result for the user: {}, but got {}. Returning null", user, allLdapNames.size()); LOG.debug("Matched users: {}", allLdapNames); return null; } }
@Test(expected = NamingException.class) public void testFindGroupDNTooManyResults() throws NamingException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN, "CN=%s,OU=org1,DC=foo,DC=bar"); NamingEnumeration<SearchResult> result = LdapTestUtils.mockNamingEnumeration("Result1", "Result2", "Result3"); when(ctx.search(anyString(), anyString(), any(SearchControls.class))).thenReturn(result); search = new LdapSearch(conf, ctx); search.findGroupDn("anyGroup"); }
@Test public void testIsUserMemberOfGroupWhenUserId() throws NamingException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN, "CN=%s,OU=org1,DC=foo,DC=bar"); NamingEnumeration<SearchResult> validResult = LdapTestUtils.mockNamingEnumeration("CN=User1"); NamingEnumeration<SearchResult> emptyResult = LdapTestUtils.mockEmptyNamingEnumeration(); when(ctx.search(anyString(), contains("(uid=usr1)"), any(SearchControls.class))) .thenReturn(validResult); when(ctx.search(anyString(), contains("(uid=usr2)"), any(SearchControls.class))) .thenReturn(emptyResult); search = new LdapSearch(conf, ctx); assertTrue(search.isUserMemberOfGroup("usr1", "grp1")); assertFalse(search.isUserMemberOfGroup("usr2", "grp2")); }
@Test public void testFindGroupsForUser() throws NamingException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN, "CN=%s,OU=org1,DC=foo,DC=bar"); NamingEnumeration<SearchResult> groupsResult = mockNamingEnumeration("CN=Group1,OU=org1,DC=foo,DC=bar"); when(ctx.search(eq("OU=org1,DC=foo,DC=bar"), contains("User1"), any(SearchControls.class))) .thenReturn(groupsResult); search = new LdapSearch(conf, ctx); List<String> expected = Arrays.asList("CN=Group1,OU=org1,DC=foo,DC=bar"); List<String> actual = search.findGroupsForUser("CN=User1,OU=org1,DC=foo,DC=bar"); assertEquals(expected, actual); }
@Test public void testExecuteCustomQuery() throws NamingException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, "dc=example,dc=com"); NamingEnumeration<SearchResult> customQueryResult = mockNamingEnumeration( mockSearchResult( "uid=group1,ou=Groups,dc=example,dc=com", mockAttributes("member", "uid=user1,ou=People,dc=example,dc=com")), mockSearchResult( "uid=group2,ou=Groups,dc=example,dc=com", mockAttributes("member", "uid=user2,ou=People,dc=example,dc=com")) ); when(ctx.search(eq("dc=example,dc=com"), anyString(), any(SearchControls.class))) .thenReturn(customQueryResult); search = new LdapSearch(conf, ctx); List<String> expected = Arrays.asList( "uid=group1,ou=Groups,dc=example,dc=com", "uid=user1,ou=People,dc=example,dc=com", "uid=group2,ou=Groups,dc=example,dc=com", "uid=user2,ou=People,dc=example,dc=com"); List<String> actual = search.executeCustomQuery("(&(objectClass=groupOfNames)(|(cn=group1)(cn=group2)))"); Collections.sort(expected); Collections.sort(actual); assertEquals(expected, actual); }
/** * {@inheritDoc} */ @Override public DirSearch getInstance(HiveConf conf, String principal, String password) throws AuthenticationException { try { DirContext ctx = createDirContext(conf, principal, password); return new LdapSearch(conf, ctx); } catch (NamingException e) { LOG.debug("Could not connect to the LDAP Server:Authentication failed for {}", principal); throw new AuthenticationException("Error validating LDAP user", e); } }
@Test(expected = NamingException.class) public void testFindGroupDNNoResults() throws NamingException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN, "CN=%s,OU=org1,DC=foo,DC=bar"); NamingEnumeration<SearchResult> result = mockEmptyNamingEnumeration(); when(ctx.search(anyString(), anyString(), any(SearchControls.class))).thenReturn(result); search = new LdapSearch(conf, ctx); search.findGroupDn("anyGroup"); }
@Test public void testIsUserMemberOfGroupWhenUserDn() throws NamingException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN, "CN=%s,OU=org1,DC=foo,DC=bar"); NamingEnumeration<SearchResult> validResult = LdapTestUtils.mockNamingEnumeration("CN=User1"); NamingEnumeration<SearchResult> emptyResult = LdapTestUtils.mockEmptyNamingEnumeration(); when(ctx.search(anyString(), contains("(uid=User1)"), any(SearchControls.class))) .thenReturn(validResult); when(ctx.search(anyString(), contains("(uid=User2)"), any(SearchControls.class))) .thenReturn(emptyResult); search = new LdapSearch(conf, ctx); assertTrue(search.isUserMemberOfGroup("CN=User1,OU=org1,DC=foo,DC=bar", "grp1")); assertFalse(search.isUserMemberOfGroup("CN=User2,OU=org1,DC=foo,DC=bar", "grp2")); } }
/** * {@inheritDoc} */ @Override public DirSearch getInstance(HiveConf conf, String principal, String password) throws AuthenticationException { try { DirContext ctx = createDirContext(conf, principal, password); return new LdapSearch(conf, ctx); } catch (NamingException e) { LOG.debug("Could not connect to the LDAP Server:Authentication failed for {}", principal); throw new AuthenticationException("Error validating LDAP user", e); } }
/** * {@inheritDoc} */ @Override public String findUserDn(String user) throws NamingException { List<String> allLdapNames; if (LdapUtils.isDn(user)) { String userBaseDn = LdapUtils.extractBaseDn(user); String userRdn = LdapUtils.extractFirstRdn(user); allLdapNames = execute(Collections.singletonList(userBaseDn), queries.findUserDnByRdn(userRdn)).getAllLdapNames(); } else { allLdapNames = findDnByPattern(userPatterns, user); if (allLdapNames.isEmpty()) { allLdapNames = execute(userBases, queries.findUserDnByName(user)).getAllLdapNames(); } } if (allLdapNames.size() == 1) { return allLdapNames.get(0); } else { LOG.info("Expected exactly one user result for the user: {}, but got {}. Returning null", user, allLdapNames.size()); LOG.debug("Matched users: {}", allLdapNames); return null; } }
@Test public void testFindUserDnWhenUserDnPositive() throws NamingException { NamingEnumeration<SearchResult> searchResult = mockNamingEnumeration("CN=User1,OU=org1,DC=foo,DC=bar"); when(ctx.search(anyString(), anyString(), any(SearchControls.class))) .thenReturn(searchResult) .thenThrow(NamingException.class); search = new LdapSearch(conf, ctx); String expected = "CN=User1,OU=org1,DC=foo,DC=bar"; String actual = search.findUserDn("CN=User1,OU=org1"); assertEquals(expected, actual); }
@Test public void testFindGroupDnPositive() throws NamingException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN, "CN=%s,OU=org1,DC=foo,DC=bar"); String groupDn = "CN=Group1"; NamingEnumeration<SearchResult> result = mockNamingEnumeration(groupDn); when(ctx.search(anyString(), anyString(), any(SearchControls.class))).thenReturn(result); search = new LdapSearch(conf, ctx); String expected = groupDn; String actual = search.findGroupDn("grp1"); assertEquals(expected, actual); }
/** * {@inheritDoc} */ @Override public String findGroupDn(String group) throws NamingException { return execute(groupBases, queries.findGroupDnById(group)).getSingleLdapName(); }
@Test public void testFindUserDnWhenUserPatternFoundByUniqueIdentifierNegativeNone() throws NamingException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN, "CN=%s,OU=org1,DC=foo,DC=bar"); when(ctx.search(anyString(), anyString(), any(SearchControls.class))) .thenReturn(null) .thenReturn(null); search = new LdapSearch(conf, ctx); assertNull(search.findUserDn("User1")); }
@Test public void testFindGroupDNWhenExceptionInSearch() throws NamingException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN, Joiner.on(":").join( "CN=%s,OU=org1,DC=foo,DC=bar", "CN=%s,OU=org2,DC=foo,DC=bar" ) ); NamingEnumeration<SearchResult> result = LdapTestUtils.mockNamingEnumeration("CN=Group1"); when(ctx.search(anyString(), anyString(), any(SearchControls.class))) .thenReturn(result) .thenThrow(NamingException.class); search = new LdapSearch(conf, ctx); String expected = "CN=Group1"; String actual = search.findGroupDn("grp1"); assertEquals(expected, actual); }
private List<String> findDnByPattern(List<String> patterns, String name) throws NamingException { for (String pattern : patterns) { String baseDnFromPattern = LdapUtils.extractBaseDn(pattern); String rdn = LdapUtils.extractFirstRdn(pattern).replaceAll("%s", name); List<String> list = execute(Collections.singletonList(baseDnFromPattern), queries.findDnByPattern(rdn)).getAllLdapNames(); if (!list.isEmpty()) { return list; } } return Collections.emptyList(); }
@Test public void testFindUserDnWhenUserDnNegativeDuplicates() throws NamingException { NamingEnumeration<SearchResult> searchResult = mockNamingEnumeration( "CN=User1,OU=org1,DC=foo,DC=bar", "CN=User1,OU=org2,DC=foo,DC=bar"); when(ctx.search(anyString(), anyString(), any(SearchControls.class))).thenReturn(searchResult); search = new LdapSearch(conf, ctx); assertNull(search.findUserDn("CN=User1,DC=foo,DC=bar")); }