@Test(expected = IllegalStateException.class) public void testIsUserMemberOfGroupWhenMisconfigured() { QueryFactory misconfiguredQueryFactory = new QueryFactory(new HiveConf()); misconfiguredQueryFactory.isUserMemberOfGroup("user", "cn=MyGroup"); }
private List<String> findDnByPattern(List<String> patterns, String name) throws NamingException { for (String pattern : patterns) { String baseDnFromPattern = LdapUtils.extractBaseDn(pattern); String rdn = LdapUtils.extractFirstRdn(pattern).replaceAll("%s", name); List<String> list = execute(Collections.singletonList(baseDnFromPattern), queries.findDnByPattern(rdn)).getAllLdapNames(); if (!list.isEmpty()) { return list; } } return Collections.emptyList(); }
/** * {@inheritDoc} */ @Override public String findGroupDn(String group) throws NamingException { return execute(groupBases, queries.findGroupDnById(group)).getSingleLdapName(); }
/** * {@inheritDoc} */ @Override public String findUserDn(String user) throws NamingException { List<String> allLdapNames; if (LdapUtils.isDn(user)) { String userBaseDn = LdapUtils.extractBaseDn(user); String userRdn = LdapUtils.extractFirstRdn(user); allLdapNames = execute(Collections.singletonList(userBaseDn), queries.findUserDnByRdn(userRdn)).getAllLdapNames(); } else { allLdapNames = findDnByPattern(userPatterns, user); if (allLdapNames.isEmpty()) { allLdapNames = execute(userBases, queries.findUserDnByName(user)).getAllLdapNames(); } } if (allLdapNames.size() == 1) { return allLdapNames.get(0); } else { LOG.info("Expected exactly one user result for the user: {}, but got {}. Returning null", user, allLdapNames.size()); LOG.debug("Matched users: {}", allLdapNames); return null; } }
/** * {@inheritDoc} */ @Override public List<String> findGroupsForUser(String userDn) throws NamingException { String userName = LdapUtils.extractUserName(userDn); return execute(groupBases, queries.findGroupsForUser(userName, userDn)).getAllLdapNames(); }
/** * Construct an instance of {@code LdapSearch}. * @param conf Hive configuration * @param ctx Directory service that will be used for the queries. * @throws NamingException */ public LdapSearch(HiveConf conf, DirContext ctx) throws NamingException { baseDn = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN); userPatterns = LdapUtils.parseDnPatterns(conf, HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN); groupBases = LdapUtils.patternsToBaseDns(LdapUtils.parseDnPatterns(conf, HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN)); userBases = LdapUtils.patternsToBaseDns(userPatterns); this.ctx = ctx; queries = new QueryFactory(conf); }
/** * {@inheritDoc} */ @Override public boolean isUserMemberOfGroup(String user, String groupDn) throws NamingException { String userId = LdapUtils.extractUserName(user); return execute(userBases, queries.isUserMemberOfGroup(userId, groupDn)).hasSingleResult(); }
@Test public void testFindUserDnByRdn() { Query q = queries.findUserDnByRdn("cn=User1"); String expected = "(&(|(objectClass=person)(objectClass=user)(objectClass=inetOrgPerson))(cn=User1))"; String actual = q.getFilter(); assertEquals(expected, actual); }
@Test public void testFindUserDnByName() { Query q = queries.findUserDnByName("unique_user_id"); String expected = "(&(|(objectClass=person)(objectClass=user)(objectClass=inetOrgPerson))(|(uid=unique_user_id)(sAMAccountName=unique_user_id)))"; String actual = q.getFilter(); assertEquals(expected, actual); }
/** * {@inheritDoc} */ @Override public List<String> executeCustomQuery(String query) throws NamingException { return execute(Collections.singletonList(baseDn), queries.customQuery(query)) .getAllLdapNamesAndAttributes(); }
/** * {@inheritDoc} */ @Override public String findUserDn(String user) throws NamingException { List<String> allLdapNames; if (LdapUtils.isDn(user)) { String userBaseDn = LdapUtils.extractBaseDn(user); String userRdn = LdapUtils.extractFirstRdn(user); allLdapNames = execute(Collections.singletonList(userBaseDn), queries.findUserDnByRdn(userRdn)).getAllLdapNames(); } else { allLdapNames = findDnByPattern(userPatterns, user); if (allLdapNames.isEmpty()) { allLdapNames = execute(userBases, queries.findUserDnByName(user)).getAllLdapNames(); } } if (allLdapNames.size() == 1) { return allLdapNames.get(0); } else { LOG.info("Expected exactly one user result for the user: {}, but got {}. Returning null", user, allLdapNames.size()); LOG.debug("Matched users: {}", allLdapNames); return null; } }
@Test public void testFindGroupsForUser() { Query q = queries.findGroupsForUser("user_name", "user_Dn"); String expected = "(&(objectClass=superGroups)(|(member=user_Dn)(member=user_name)))"; String actual = q.getFilter(); assertEquals(expected, actual); }
@Before public void setup() { conf = new HiveConf(); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GUIDKEY, "guid"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPCLASS_KEY, "superGroups"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPMEMBERSHIP_KEY, "member"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY, "partOf"); queries = new QueryFactory(conf); }
@Test public void testIsUserMemberOfGroup() { Query q = queries.isUserMemberOfGroup("unique_user", "cn=MyGroup,ou=Groups,dc=mycompany,dc=com"); String expected = "(&(|(objectClass=person)(objectClass=user)(objectClass=inetOrgPerson))" + "(partOf=cn=MyGroup,ou=Groups,dc=mycompany,dc=com)(guid=unique_user))"; String actual = q.getFilter(); assertEquals(expected, actual); }
/** * {@inheritDoc} */ @Override public List<String> executeCustomQuery(String query) throws NamingException { return execute(Collections.singletonList(baseDn), queries.customQuery(query)) .getAllLdapNamesAndAttributes(); }
@Test public void testFindGroupDnById() { Query q = queries.findGroupDnById("unique_group_id"); String expected = "(&(objectClass=superGroups)(guid=unique_group_id))"; String actual = q.getFilter(); assertEquals(expected, actual); }
/** * {@inheritDoc} */ @Override public List<String> findGroupsForUser(String userDn) throws NamingException { String userName = LdapUtils.extractUserName(userDn); return execute(groupBases, queries.findGroupsForUser(userName, userDn)).getAllLdapNames(); }
@Test public void testFindDnByPattern() { Query q = queries.findDnByPattern("cn=User1"); String expected = "(cn=User1)"; String actual = q.getFilter(); assertEquals(expected, actual); }
/** * Construct an instance of {@code LdapSearch}. * @param conf Hive configuration * @param ctx Directory service that will be used for the queries. * @throws NamingException */ public LdapSearch(HiveConf conf, DirContext ctx) throws NamingException { baseDn = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN); userPatterns = LdapUtils.parseDnPatterns(conf, HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN); groupBases = LdapUtils.patternsToBaseDns(LdapUtils.parseDnPatterns(conf, HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN)); userBases = LdapUtils.patternsToBaseDns(userPatterns); this.ctx = ctx; queries = new QueryFactory(conf); }
/** * {@inheritDoc} */ @Override public boolean isUserMemberOfGroup(String user, String groupDn) throws NamingException { String userId = LdapUtils.extractUserName(user); return execute(userBases, queries.isUserMemberOfGroup(userId, groupDn)).hasSingleResult(); }