| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| package org.apache.ranger.ldapconfigcheck; |
| |
| import javax.naming.Context; |
| import javax.naming.NamingException; |
| import javax.naming.ldap.Control; |
| import javax.naming.ldap.InitialLdapContext; |
| import javax.naming.ldap.LdapContext; |
| import javax.naming.ldap.PagedResultsControl; |
| import java.io.File; |
| import java.io.FileNotFoundException; |
| import java.io.IOException; |
| import java.io.PrintStream; |
| import java.util.Properties; |
| |
| import org.apache.commons.lang.NullArgumentException; |
| |
| public class LdapConfigCheckMain { |
| |
| private static final String LOG_FILE = "ldapConfigCheck.log"; |
| private static final String AMBARI_PROPERTIES = "ambari.properties"; |
| private static final String INSTALL_PROPERTIES = "install.properties"; |
| |
| public static void main(String[] args) { |
| |
| CommandLineOptions cli = new CommandLineOptions(args); |
| cli.parse(); |
| String inFileName = cli.getInput(); |
| String outputDir = cli.getOutput(); |
| if (!outputDir.endsWith("/")) { |
| outputDir = outputDir.concat("/"); |
| } |
| |
| LdapConfig config = new LdapConfig(inFileName); |
| if (cli.getLdapUrl() != null && !cli.getLdapUrl().isEmpty()) { |
| config.updateInputPropFile(cli.getLdapUrl(), cli.getBindDn(), cli.getBindPassword(), |
| cli.getUserSearchBase(), cli.getUserSearchFilter(), cli.getAuthUser(), cli.getAuthPass()); |
| } |
| |
| PrintStream logFile = null; |
| PrintStream ambariProps = null; |
| PrintStream installProps = null; |
| LdapContext ldapContext; |
| |
| try { |
| logFile = new PrintStream(new File(outputDir + LOG_FILE)); |
| ambariProps = new PrintStream(new File(outputDir + AMBARI_PROPERTIES)); |
| installProps = new PrintStream(new File(outputDir + INSTALL_PROPERTIES)); |
| |
| UserSync userSyncObj = new UserSync(config, logFile, ambariProps, installProps); |
| |
| String bindDn = config.getLdapBindDn(); |
| |
| Properties env = new Properties(); |
| env.put(Context.INITIAL_CONTEXT_FACTORY, |
| "com.sun.jndi.ldap.LdapCtxFactory"); |
| env.put(Context.PROVIDER_URL, config.getLdapUrl()); |
| env.put(Context.SECURITY_PRINCIPAL, bindDn); |
| env.put(Context.SECURITY_CREDENTIALS, config.getLdapBindPassword()); |
| env.put(Context.SECURITY_AUTHENTICATION, config.getLdapAuthenticationMechanism()); |
| env.put(Context.REFERRAL, "follow"); |
| |
| ldapContext = new InitialLdapContext(env, null); |
| |
| if (config.isPagedResultsEnabled()) { |
| ldapContext.setRequestControls(new Control[]{ |
| new PagedResultsControl(config.getPagedResultsSize(), Control.CRITICAL) }); |
| } |
| |
| String retrieveValues = "all"; |
| |
| if (cli.getDiscoverProperties() != null) { |
| retrieveValues = cli.getDiscoverProperties(); |
| if (cli.getDiscoverProperties().equalsIgnoreCase("users")) { |
| userSyncObj.findUserProperties(ldapContext); |
| } else if (cli.getDiscoverProperties().equalsIgnoreCase("groups")) { |
| userSyncObj.findGroupProperties(ldapContext); |
| } else { |
| findAllUserSyncProperties(ldapContext, userSyncObj); |
| } |
| }else if (cli.getRetrieveValues() != null){ |
| retrieveValues = cli.getRetrieveValues(); |
| |
| } else { |
| cli.help(); |
| } |
| |
| if (cli.isAuthEnabled()) { |
| authenticate(userSyncObj, config, logFile, ambariProps, installProps); |
| } |
| |
| retrieveUsersGroups(ldapContext, userSyncObj, retrieveValues); |
| |
| if (ldapContext != null) { |
| ldapContext.close(); |
| } |
| |
| } catch (FileNotFoundException fe) { |
| System.out.println(fe.getMessage()); |
| } catch (IOException ioe) { |
| logFile.println("ERROR: Failed while setting the paged results controls\n" + ioe); |
| } catch (NamingException ne) { |
| System.out.println("ERROR: Failed to perfom ldap bind. Please verify values for " + |
| "ranger.usersync.ldap.binddn and ranger.usersync.ldap.ldapbindpassword\n" + ne); |
| } catch (Throwable t) { |
| if (logFile != null) { |
| logFile.println("ERROR: Connection failed: " + t.getMessage()); |
| } else { |
| System.out.println("ERROR: Connection failed: " + t.getMessage()); |
| } |
| } finally { |
| if (logFile != null) { |
| logFile.close(); |
| } |
| if (ambariProps != null) { |
| ambariProps.close(); |
| } |
| if (installProps != null) { |
| installProps.close(); |
| } |
| } |
| } |
| |
| private static void findAllUserSyncProperties(LdapContext ldapContext, UserSync userSyncObj) throws Throwable { |
| |
| userSyncObj.findUserProperties(ldapContext); |
| userSyncObj.findGroupProperties(ldapContext); |
| } |
| |
| private static void authenticate(UserSync userSyncObj, LdapConfig config, |
| PrintStream logFile, PrintStream ambariProps, |
| PrintStream installProps) throws Throwable{ |
| AuthenticationCheck auth = new AuthenticationCheck(config.getLdapUrl(), userSyncObj, logFile, ambariProps, installProps); |
| |
| auth.discoverAuthProperties(); |
| |
| String msg; |
| if (config.getAuthUsername() == null || config.getAuthUsername().isEmpty()) { |
| msg = "ranger.admin.auth.sampleuser "; |
| throw new NullArgumentException(msg); |
| } |
| |
| if (config.getAuthPassword() == null || config.getAuthPassword().isEmpty()) { |
| msg = "ranger.admin.auth.samplepassword "; |
| throw new NullArgumentException(msg); |
| } |
| |
| if (auth.isAuthenticated(config.getLdapUrl(), config.getLdapBindDn(), config.getLdapBindPassword(), |
| config.getAuthUsername(), config.getAuthPassword())) { |
| logFile.println("INFO: Authentication verified successfully"); |
| } else { |
| logFile.println("ERROR: Failed to authenticate " + config.getAuthUsername()); |
| } |
| } |
| |
| private static void retrieveUsersGroups(LdapContext ldapContext, UserSync userSyncObj, |
| String retrieve) throws Throwable { |
| String msg; |
| if (retrieve == null || userSyncObj == null || ldapContext == null) { |
| msg = "Input validation failed while retrieving Users or Groups"; |
| throw new NullArgumentException(msg); |
| } |
| |
| if (retrieve.equalsIgnoreCase("users")) { |
| retrieveUsers(ldapContext, userSyncObj); |
| } else if (retrieve.equalsIgnoreCase("groups")){ |
| retrieveGroups(ldapContext, userSyncObj); |
| } else { |
| // retrieve both |
| retrieveUsers(ldapContext, userSyncObj); |
| retrieveGroups(ldapContext, userSyncObj); |
| } |
| } |
| |
| private static void retrieveUsers(LdapContext ldapContext, UserSync userSyncObj) throws Throwable { |
| String msg; |
| if (userSyncObj.getUserNameAttribute() == null || userSyncObj.getUserNameAttribute().isEmpty()) { |
| msg = "ranger.usersync.ldap.user.nameattribute "; |
| throw new NullArgumentException(msg); |
| } |
| if (userSyncObj.getUserObjClassName() == null || userSyncObj.getUserObjClassName().isEmpty()) { |
| msg = "ranger.usersync.ldap.user.objectclass "; |
| throw new NullArgumentException(msg); |
| } |
| if ((userSyncObj.getUserSearchBase() == null || userSyncObj.getUserSearchBase().isEmpty()) && |
| (userSyncObj.getSearchBase() == null || userSyncObj.getSearchBase().isEmpty())) { |
| msg = "ranger.usersync.ldap.user.searchbase and " + |
| "ranger.usersync.ldap.searchBase "; |
| throw new NullArgumentException(msg); |
| } |
| userSyncObj.getAllUsers(ldapContext); |
| } |
| |
| private static void retrieveGroups(LdapContext ldapContext, UserSync userSyncObj) throws Throwable { |
| String msg; |
| if (userSyncObj.getGroupNameAttrName() == null || userSyncObj.getGroupNameAttrName().isEmpty()) { |
| msg = "ranger.usersync.group.nameattribute "; |
| throw new NullArgumentException(msg); |
| } |
| if (userSyncObj.getGroupObjClassName() == null || userSyncObj.getGroupObjClassName().isEmpty()) { |
| msg = "ranger.usersync.group.objectclass "; |
| throw new NullArgumentException(msg); |
| } |
| if (userSyncObj.getGroupMemberName() == null || userSyncObj.getGroupMemberName().isEmpty()) { |
| msg = "ranger.usersync.group.memberattributename "; |
| throw new NullArgumentException(msg); |
| } |
| if ((userSyncObj.getGroupSearchBase() == null || userSyncObj.getGroupSearchBase().isEmpty()) && |
| (userSyncObj.getSearchBase() == null || userSyncObj.getSearchBase().isEmpty())) { |
| msg = "ranger.usersync.group.searchbase and " + |
| "ranger.usersync.ldap.searchBase "; |
| throw new NullArgumentException(msg); |
| } |
| userSyncObj.getAllGroups(ldapContext); |
| } |
| |
| |
| } |
| |