Startsida Utforska Hjälp
Logga in
RONCC
/
Big-Data-HPC-Platform
Bevaka 1
Stjärnmärk 0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Bläddra i källkod

Merge pull request #12421 from RussWhitehead/newAdmin72x

HPCC-19884 Allow for HPCC to use other "adminstrators" group

Reviewed-By: Kevin Wang <kevin.wang@lexisnexis.com>
Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
Richard Chapman 6 år sedan
förälder
d489cd2583 57993f615f
incheckning
9f8a1ad0ff
4 ändrade filer med 31 tillägg och 8 borttagningar
Delad Vy Visa Diff Statistik
  1. 2 1
      esp/scm/ws_access.ecm
  2. 3 0
      esp/services/ws_access/ws_accessService.cpp
  3. 7 0
      initfiles/componentfiles/configxml/ldapserver.xsd
  4. 19 7
      system/security/LdapSecurity/ldapconnection.cpp

+ 2 - 1
esp/scm/ws_access.ecm
Visa fil 

@@ -128,6 +128,7 @@ ESPrequest UserEditRequest
 
 ESPresponse UserEditResponse
 
 {
 
     string username;
 
+    [min_ver("1.13")] bool isLDAPAdmin;
 
     ESParray<ESPstruct GroupInfo, Group> Groups;
 
 };
 
 
@@ -977,7 +978,7 @@ ESPresponse [nil_remove] UserAccountExportResponse
 
     [http_content("application/octet-stream")] binary Result;
 
 };
 
 
-ESPservice [version("1.12"), auth_feature("NONE"), exceptions_inline("./smc_xslt/exceptions.xslt")] ws_access
 
+ESPservice [version("1.13"), auth_feature("NONE"), exceptions_inline("./smc_xslt/exceptions.xslt")] ws_access
 
 {
 
     ESPmethod [client_xslt("/esp/xslt/access_users.xslt")] Users(UserRequest, UserResponse);
 
     ESPmethod [client_xslt("/esp/xslt/access_useredit.xslt")] UserEdit(UserEditRequest, UserEditResponse);

+ 3 - 0
esp/services/ws_access/ws_accessService.cpp
Visa fil 

@@ -583,6 +583,9 @@ bool Cws_accessEx::onUserEdit(IEspContext &context, IEspUserEditRequest &req, IE
 
             throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, MSG_SEC_MANAGER_IS_NULL);
 
         CLdapSecManager* ldapsecmgr = (CLdapSecManager*)secmgr;
 
         resp.setUsername(req.getUsername());
 
+        double version = context.getClientVersion();
 
+        if (version >= 1.13)
 
+            resp.setIsLDAPAdmin(ldapsecmgr->isSuperUser(context.queryUser()));
 
 
         StringArray groupnames;
 
         ldapsecmgr->getGroups(req.getUsername(), groupnames);

+ 7 - 0
initfiles/componentfiles/configxml/ldapserver.xsd
Visa fil 

@@ -146,6 +146,13 @@
 
                     </xs:appinfo>
 
                 </xs:annotation>
 
             </xs:attribute>
 
+            <xs:attribute name="adminGroupName" type="xs:string" use="optional" default="Administrators">
 
+                <xs:annotation>
 
+                    <xs:appinfo>
 
+                        <tooltip>The Active Directory group containing HPCC Administrators</tooltip>
 
+                    </xs:appinfo>
 
+                </xs:annotation>
 
+            </xs:attribute>
 
             <xs:attribute name="ldapPort" type="xs:nonNegativeInteger" use="optional" default="389">
 
                 <xs:annotation>
 
                     <xs:appinfo>

+ 19 - 7
system/security/LdapSecurity/ldapconnection.cpp
Visa fil 

@@ -250,6 +250,7 @@ private:
 
 
     int                  m_ldapport;
 
     int                  m_ldap_secure_port;
 
+    StringBuffer         m_adminGroupName;
 
     StringBuffer         m_protocol;
 
     StringBuffer         m_basedn;
 
     StringBuffer         m_domain;
 
@@ -393,6 +394,12 @@ public:
 
         {
 
             throw MakeStringException(-1, "getServerInfo error - %s", ldap_err2string(rc));
 
         }
 
+
 
+        m_adminGroupName.clear();
 
+        cfg->getProp(".//@adminGroupName", m_adminGroupName);
 
+        if(m_adminGroupName.isEmpty())
 
+            m_adminGroupName.set(m_serverType == ACTIVE_DIRECTORY ? "Administrators" : "Directory Administrators");
 
+
 
         const char* basedn = cfg->queryProp(".//@commonBasedn");
 
         if(basedn == NULL || *basedn == '\0')
 
         {
 
@@ -531,6 +538,11 @@ public:
 
             m_sdfieldname.append("aci");
 
     }
 
 
+    virtual const char * getAdminGroupName()
 
+    {
 
+        return m_adminGroupName.str();
 
+    }
 
+
 
     virtual LdapServerType getServerType()
 
     {
 
         return m_serverType;
 
@@ -4922,16 +4934,16 @@ private:
 
         LdapServerType stype = m_ldapconfig->getServerType();
 
         if(stype == ACTIVE_DIRECTORY)
 
         {
 
-            groupdn.append("cn=Administrators,cn=Builtin,").append(m_ldapconfig->getBasedn());
 
-        }
 
-        else if(stype == IPLANET)
 
-        {
 
-            groupdn.append("cn=Directory Administrators,").append(m_ldapconfig->getBasedn());
 
+            if (0 == stricmp(m_ldapconfig->getAdminGroupName(), "Administrators"))
 
+                groupdn.append("cn=Administrators,cn=Builtin,").append(m_ldapconfig->getBasedn());
 
+            else
 
+                groupdn.appendf("cn=%s,%s", m_ldapconfig->getAdminGroupName(), m_ldapconfig->getGroupBasedn());
 
         }
 
-        else if(stype == OPEN_LDAP)
 
+        else if(stype == IPLANET || stype == OPEN_LDAP)
 
         {
 
-            groupdn.append("cn=Directory Administrators,").append(m_ldapconfig->getBasedn());
 
+            groupdn.appendf("cn=%s,%s", m_ldapconfig->getAdminGroupName(), m_ldapconfig->getBasedn());
 
         }
 
+
 
     }
 
 
     virtual void changeUserMemberOf(const char* action, const char* userdn, const char* groupdn)