[HUE-978] [core] LDAP group syncing find_user by distinguished name - Cloudera Open Source

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.1.0
Fix Version/s: 2.2.0
Component/s: core.users
Labels:
- ldap
- useradmin
Environment:

Ubuntu 12.04 LTS \n \l
Hadoop 2.0.0-cdh4.1.2
OpenLDAP

Target Version:

2.2.0
Release Note:
Users are now found by fully qualified distinguished names when syncing LDAP groups.

Description

Currently, when find_user is called with find_by_dn=True, the LDAP search that is formed uses the full distinguished name as part of the user_name_filter, effectively searching the whole subtree starting at base_dn for a fully qualified DN.

The attached patch modifies the search behavior, so that instead of searching the subtree for a filter, the directly addressable DN is used to return the result.

This solves the problem of LDAP group syncing when the user records do not have a 'distinguishedName' attribute. There's no need to search on attributes when you already have a fully qualified DN.

See this discussion:
https://groups.google.com/a/cloudera.org/forum/?fromgroups=#!topic/hue-user/2AoWM5ZVTBg

And also this (misplaced) pull request:
https://github.com/cloudera/hue/pull/18

Thanks!

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

hue.useradmin.find_user_by_dn.patch
3 kB
19/Dec/12 8:46 PM

Activity

People

Assignee:

Abraham Elmahrek

Reporter:

Andrew Otto

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

19/Dec/12 8:46 PM

Updated:

20/Feb/20 3:35 PM

Resolved:

05/Jan/13 12:52 AM