org.apache.ambari.server.serveraction.kerberos

Class ADKerberosOperationHandler

java.lang.Object

org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler

org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandler

public class ADKerberosOperationHandler
extends KerberosOperationHandler

Implementation of KerberosOperationHandler to created principal in Active Directory

Field Summary

Fields inherited from class org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler

KERBEROS_ENV_AD_CREATE_ATTRIBUTES_TEMPLATE, KERBEROS_ENV_ADMIN_SERVER_HOST, KERBEROS_ENV_ENCRYPTION_TYPES, KERBEROS_ENV_EXECUTABLE_SEARCH_PATHS, KERBEROS_ENV_KADMIN_PRINCIPAL_NAME, KERBEROS_ENV_KDC_CREATE_ATTRIBUTES, KERBEROS_ENV_KDC_HOSTS, KERBEROS_ENV_LDAP_URL, KERBEROS_ENV_PRINCIPAL_CONTAINER_DN, KERBEROS_ENV_USER_PRINCIPAL_GROUP

Constructor Summary

Constructors

Constructor and Description
ADKerberosOperationHandler()

Method Summary

Modifier and Type	Method and Description
void	close() Closes and cleans up any resources used by this KerberosOperationHandler It is expected that this KerberosOperationHandler will not be used after this call.
protected LdapContext	createInitialLdapContext(Properties properties, Control[] controls) Helper method to create the LDAP context needed to interact with the Active Directory.
protected LdapContext	createLdapContext() Helper method to create the LDAP context needed to interact with the Active Directory.
Integer	createPrincipal(String principal, String password, boolean service) Creates a new principal in a previously configured KDC The implementation is specific to a particular type of KDC.
protected SearchControls	createSearchControls() Helper method to create the SearchControls instance
void	open(PrincipalKeyCredential administratorCredential, String realm, Map<String,String> kerberosConfiguration) Prepares and creates resources to be used by this KerberosOperationHandler It is expected that this KerberosOperationHandler will not be used before this call.
boolean	principalExists(String principal, boolean service) Test to see if the specified principal exists in a previously configured KDC The implementation is specific to a particular type of KDC.
protected Map<String,Object>	processCreateTemplate(Map<String,Object> context) Processes a Velocity template to generate a map of attributes and values to use to create Active Directory accounts.
boolean	removePrincipal(String principal, boolean service) Removes an existing principal in a previously configured KDC The implementation is specific to a particular type of KDC.
Integer	setPrincipalPassword(String principal, String password, boolean service) Updates the password for an existing principal in a previously configured KDC The implementation is specific to a particular type of KDC.
boolean	testAdministratorCredentials() Tests to ensure the connection information and credentials allow for administrative connectivity to the KDC

Methods inherited from class org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler

createDeconstructPrincipal, createKeytab, createKeytabFile, createKeytabFile, createKeytabFile, createKeytabFile, escapeCharacters, executeCommand, executeCommand, executeCommand, getAdministratorCredential, getDefaultRealm, getExecutable, getExecutableSearchPaths, getKeyEncryptionTypes, isOpen, mergeKeytabs, readKeytabFile, setAdministratorCredential, setDefaultRealm, setExecutableSearchPaths, setExecutableSearchPaths, setKeyEncryptionTypes, setOpen, translateEncryptionType, translateEncryptionTypes

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ADKerberosOperationHandler

public ADKerberosOperationHandler()

Method Detail

open

public void open(PrincipalKeyCredential administratorCredential,
                 String realm,
                 Map<String,String> kerberosConfiguration)
          throws KerberosOperationException

Prepares and creates resources to be used by this KerberosOperationHandler

It is expected that this KerberosOperationHandler will not be used before this call.

It is expected that the kerberosConfiguration Map has the following properties:

• ldap_url - ldapUrl of ldap back end where principals would be created
• container_dn - DN of the container in ldap back end where principals would be created

Overrides:

open in class KerberosOperationHandler

Parameters:

administratorCredential - a PrincipalKeyCredential containing the administrative credential for the relevant KDC

realm - a String declaring the default Kerberos realm (or domain)

kerberosConfiguration - a Map of key/value pairs containing data from the kerberos-env configuration set

Throws:

KerberosKDCConnectionException - if a connection to the KDC cannot be made

KerberosAdminAuthenticationException - if the administrator credentials fail to authenticate

KerberosRealmException - if the realm does not map to a KDC

KerberosOperationException - if an unexpected error occurred

close

public void close()
           throws KerberosOperationException

Closes and cleans up any resources used by this KerberosOperationHandler

It is expected that this KerberosOperationHandler will not be used after this call.

Overrides:

close in class KerberosOperationHandler

Throws:

KerberosOperationException

principalExists

public boolean principalExists(String principal,
                               boolean service)
                        throws KerberosOperationException

Test to see if the specified principal exists in a previously configured KDC

The implementation is specific to a particular type of KDC.

Specified by:

principalExists in class KerberosOperationHandler

Parameters:

principal - a String containing the principal to test

service - a boolean value indicating whether the principal is for a service or not

Returns:

true if the principal exists; false otherwise

Throws:

KerberosOperationException

createPrincipal

public Integer createPrincipal(String principal,
                               String password,
                               boolean service)
                        throws KerberosOperationException

Creates a new principal in a previously configured KDC

The implementation is specific to a particular type of KDC.

Specified by:

createPrincipal in class KerberosOperationHandler

Parameters:

principal - a String containing the principal to add

password - a String containing the password to use when creating the principal

service - a boolean value indicating whether the principal is to be created as a service principal or not

Returns:

an Integer declaring the generated key number

Throws:

KerberosPrincipalAlreadyExistsException - if the principal already exists

KerberosOperationException

setPrincipalPassword

public Integer setPrincipalPassword(String principal,
                                    String password,
                                    boolean service)
                             throws KerberosOperationException

Updates the password for an existing principal in a previously configured KDC

The implementation is specific to a particular type of KDC.

Specified by:

setPrincipalPassword in class KerberosOperationHandler

Parameters:

principal - a String containing the principal to update

password - a String containing the password to set

service - a boolean value indicating whether the principal is for a service or not

Returns:

an Integer declaring the new key number

Throws:

KerberosPrincipalDoesNotExistException - if the principal does not exist

KerberosOperationException

removePrincipal

public boolean removePrincipal(String principal,
                               boolean service)
                        throws KerberosOperationException

Removes an existing principal in a previously configured KDC

The implementation is specific to a particular type of KDC.

Specified by:

removePrincipal in class KerberosOperationHandler

Parameters:

principal - a String containing the principal to remove

service - a boolean value indicating whether the principal is for a service or not

Returns:

true if the principal was successfully removed; otherwise false

Throws:

KerberosOperationException

testAdministratorCredentials

public boolean testAdministratorCredentials()
                                     throws KerberosOperationException

Description copied from class: KerberosOperationHandler

Tests to ensure the connection information and credentials allow for administrative connectivity to the KDC

Overrides:

testAdministratorCredentials in class KerberosOperationHandler

Returns:

true of successful; otherwise false

Throws:

KerberosOperationException - if a failure occurs while testing the administrator credentials

createLdapContext

protected LdapContext createLdapContext()
                                 throws KerberosOperationException

Helper method to create the LDAP context needed to interact with the Active Directory.

Returns:

the relevant LdapContext

Throws:

KerberosKDCConnectionException - if a connection to the KDC cannot be made

KerberosAdminAuthenticationException - if the administrator credentials fail to authenticate

KerberosRealmException - if the realm does not map to a KDC

KerberosOperationException - if an unexpected error occurred

createInitialLdapContext

protected LdapContext createInitialLdapContext(Properties properties,
                                               Control[] controls)
                                        throws NamingException

Helper method to create the LDAP context needed to interact with the Active Directory.

This is mainly used to help with building mocks for test cases.

Parameters:

properties - environment used to create the initial DirContext. Null indicates an empty environment.

controls - connection request controls for the initial context. If null, no connection request controls are used.

Returns:

the relevant LdapContext

Throws:

NamingException - if a naming exception is encountered

createSearchControls

protected SearchControls createSearchControls()

Helper method to create the SearchControls instance

Returns:

the relevant SearchControls

processCreateTemplate

protected Map<String,Object> processCreateTemplate(Map<String,Object> context)
                                            throws KerberosOperationException

Processes a Velocity template to generate a map of attributes and values to use to create Active Directory accounts.

If a template was not set, a default template will be used.

Parameters:

context - a map of properties to pass to the Velocity engine

Returns:

a Map of attribute names and values to use for creating an Active Directory account

Throws:

KerberosOperationException - if an error occurs processing the template.