From c2b28699a0196a91242b9ce230da710e7c744406 Mon Sep 17 00:00:00 2001
From: Chris Conner <cconner@cloudera.com>
Date: Tue, 31 Mar 2015 14:03:17 -0400
Subject: [PATCH] Fixes ldap sync on login and broken ldap sync with AD bind_dn
 and bind_password.

---
 apps/useradmin/src/useradmin/ldap_access.py |  4 ++--
 desktop/conf.dist/hue.ini                   | 16 +++++++++++++---
 desktop/conf/pseudo-distributed.ini.tmpl    | 16 +++++++++++++---
 desktop/core/src/desktop/conf.py            | 14 ++++++++++++++
 4 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/apps/useradmin/src/useradmin/ldap_access.py b/apps/useradmin/src/useradmin/ldap_access.py
index 6279fe0..1b78d45 100644
--- a/apps/useradmin/src/useradmin/ldap_access.py
+++ b/apps/useradmin/src/useradmin/ldap_access.py
@@ -35,7 +35,7 @@ CACHED_LDAP_CONN = None
 
 
 def get_connection_from_server(server=None):
-  ldap_config = desktop.conf.LDAP.LDAP_SERVERS.get()[server] if server else desktop.conf.LDAP
+  ldap_config = desktop.conf.LDAP.LDAP_SERVERS.get()[server] if server and desktop.conf.LDAP.LDAP_SERVERS.get() else desktop.conf.LDAP
   return get_connection(ldap_config)
 
 def get_connection(ldap_config):
@@ -45,7 +45,7 @@ def get_connection(ldap_config):
 
   ldap_url = ldap_config.LDAP_URL.get()
   username = ldap_config.BIND_DN.get()
-  password = desktop.conf.get_ldap_bind_password(ldap_config)
+  password = ldap_config.BIND_PASSWORD.get()
   ldap_cert = ldap_config.LDAP_CERT.get()
   search_bind_authentication = ldap_config.SEARCH_BIND_AUTHENTICATION.get()
 
diff --git a/desktop/conf.dist/hue.ini b/desktop/conf.dist/hue.ini
index 606158b..d73299c 100644
--- a/desktop/conf.dist/hue.ini
+++ b/desktop/conf.dist/hue.ini
@@ -212,9 +212,6 @@
     # Defaults to HTTP_REMOTE_USER
     ## remote_user_header=HTTP_REMOTE_USER
 
-    # Synchronize a users groups when they login
-    ## sync_groups_on_login=false
-
     # Ignore the case of usernames when searching for existing users.
     # Only supported in remoteUserDjangoBackend.
     ## ignore_username_case=true
@@ -268,6 +265,9 @@
     # For use when using LdapBackend for Hue authentication
     ## create_users_on_login = true
 
+    # Synchronize a users groups when they login
+    ## sync_groups_on_login=false
+
     # Ignore the case of usernames when searching for existing users in Hue.
     ## ignore_username_case=false
 
@@ -355,6 +355,16 @@
         # Whether or not to follow referrals
         ## follow_referrals=false
 
+        # Enable python-ldap debugging.
+        ## debug=false
+
+        # Sets the debug level within the underlying LDAP C lib.
+        ## debug_level=255
+
+        # Possible values for trace_level are 0 for no logging, 1 for only logging the method calls with arguments,
+        # 2 for logging the method calls with arguments and the complete results and 9 for also logging the traceback of method calls.
+        ## trace_level=0
+
         ## [[[[[users]]]]]
 
           # Base filter for searching for users
diff --git a/desktop/conf/pseudo-distributed.ini.tmpl b/desktop/conf/pseudo-distributed.ini.tmpl
index c8a37c3..24ff874 100644
--- a/desktop/conf/pseudo-distributed.ini.tmpl
+++ b/desktop/conf/pseudo-distributed.ini.tmpl
@@ -219,9 +219,6 @@
     # Defaults to HTTP_REMOTE_USER
     ## remote_user_header=HTTP_REMOTE_USER
 
-    # Synchronize a users groups when they login
-    ## sync_groups_on_login=false
-
     # Ignore the case of usernames when searching for existing users.
     # Only supported in remoteUserDjangoBackend.
     ## ignore_username_case=true
@@ -275,6 +272,9 @@
     # For use when using LdapBackend for Hue authentication
     ## create_users_on_login = true
 
+    # Synchronize a users groups when they login
+    ## sync_groups_on_login=false
+
     # Ignore the case of usernames when searching for existing users in Hue.
     ## ignore_username_case=false
 
@@ -362,6 +362,16 @@
         # Whether or not to follow referrals
         ## follow_referrals=false
 
+        # Enable python-ldap debugging.
+        ## debug=false
+
+        # Sets the debug level within the underlying LDAP C lib.
+        ## debug_level=255
+
+        # Possible values for trace_level are 0 for no logging, 1 for only logging the method calls with arguments,
+        # 2 for logging the method calls with arguments and the complete results and 9 for also logging the traceback of method calls.
+        ## trace_level=0
+
         ## [[[[[users]]]]]
 
           # Base filter for searching for users
diff --git a/desktop/core/src/desktop/conf.py b/desktop/core/src/desktop/conf.py
index 4214d9e..a6040c4 100644
--- a/desktop/core/src/desktop/conf.py
+++ b/desktop/core/src/desktop/conf.py
@@ -610,6 +610,20 @@ LDAP = ConfigSection(
                                     type=coerce_bool,
                                     default=False),
 
+          DEBUG = Config("debug",
+            type=coerce_bool,
+            default=False,
+            help=_("Set to a value to enable python-ldap debugging.")),
+          DEBUG_LEVEL = Config("debug_level",
+            default=255,
+            type=int,
+            help=_("Sets the debug level within the underlying LDAP C lib.")),
+          TRACE_LEVEL = Config("trace_level",
+            default=0,
+            type=int,
+            help=_("Possible values for trace_level are 0 for no logging, 1 for only logging the method calls with arguments,"
+                   "2 for logging the method calls with arguments and the complete results and 9 for also logging the traceback of method calls.")),
+
           USERS = ConfigSection(
             key="users",
             help=_("Configuration for LDAP user schema and search."),
-- 
1.9.5 (Apple Git-50.3)