[HUE-6233] Implement ldaptest Hue LDAP test management command.

Review Request #10256 — Created April 22, 2017 and submitted

enricoberti, jennykim, johan, krish, ranade, romain, subrata, weixia
commit 6b0f1a2ad1f98ce413f245b40c5a7589391a6421
Author: Prakash Ranade <ranade@cloudera.com>
Date:   Tue Apr 18 19:36:02 2017 -0700

    [HUE-6233] Implement ldaptest Hue LDAP test management command.
    When Hue is integrated with LDAP, users can use their existing credentials
    to authenticate and inherit their existing groups transparently in Hue.
    Currently Hue has more that 20 different LDAP configuration variables.
    Often times it creates difficulty for Hue LDAP integration. We have
    many field requests for adding a tool in CM to validate Hue's
    Ldap configuration.
    Hue django management command "ldaptest" uses "hue.ini". This command is
    available through CM UI.
    Tested on:
    - Tested on CDEP cluster.
    Test Cases:
    - Generate hints when
      - ldap_url is not defined
      - bind_user is not defined
      - bind_password is not defined
      - error in setting ldap connection
      - test_ldap_user is not defined
      - test_ldap_group is not defined
      - when search_bind_authentication is false
        - check nt_domain and ldap_username_pattern
      - when search_bind_authentication is true
        - check user_filter, user_name_attr attribute
    - Added unit test:
      - hue test specific desktop.ldaptestcmd_tests:CmdTests.checkcmd
      - hue test specific desktop.ldaptestcmd_tests:CmdTests.runcommand
      - hue test specific desktop.ldaptestcmd_tests:CmdTests.handlenoargs

:100644 100644 f69d613... 290e026... M	apps/useradmin/src/useradmin/ldap_access.py
:100644 100644 0792f1a... fa31d88... M	desktop/core/src/desktop/conf.py
:000000 100644 0000000... f8e0711... A	desktop/core/src/desktop/ldaptestcmd_tests.py
:000000 100644 0000000... e6a4158... A	desktop/core/src/desktop/management/commands/ldaptest.py

Testing Video here : https://cloudera.box.com/s/jcnr91pp4s6ugvgyf0t7q1ajzm0ftaj8

Verified logging into Hue page http://ranade-ldaptest-512-1.vpc.cloudera.com:8889 and imported 500 users/group from LDAP and made sure "ldap_access.py" code changes compatible.

  • 0
  • 0
  • 8
  • 2
  • 10
Description From Last Updated
  1. Really nice!

    Firt pass on seing if we could avoid the duplications

    1. fixed duplication as intended.

  2. Internationalized the strings?

  3. Looks like a big duplicattion of ldap_access?

  4. desktop/core/src/desktop/management/commands/ldaptest.py (Diff revision 1)

    Looks like a big duplicattion of ldap_access? It will bite back if we don't refactor to use the same code

    (here and below)

  5. Great to include past CDH issues, but let's only use upstream JIRAs reference in the code

  6. desktop/core/src/desktop/management/commands/ldaptest.py (Diff revision 1)

    How come we can't get this from the ldap_search code already?

    1. no python ldap library is not providing ldapsearch equivalent command output. We have to generate it.

  7. nit:

    if not user.get('username')

  1. Nice!

    Last main step: could we have a test of the command? (we need to be sure that we don't brake the command later)

    e.g. preset some properties and call it?

    How to import a command:

    1. added test command

  2. Hardcoded command won't get stale?

    1. Open Source Linux might introduce new command attributes but it is very rare they will break backward compatibility.

  3. Recommendation: test further by providing test ldap group in CM, e.g.


  4. Recommendation: test further by providing test ldap user in CM, e.g.


Review request changed

Status: Closed (submitted)