ZEPPELIN-3664: ActiveDirectoryGroupRealm returns "cn" instead of "userPrincipalName" for note permission auto completion #3098
Conversation
* Return "userPrincipalName" from ActiveDirectoryGroupRealm when searching for users. * Added unit test for search functionality.
|
@FSteinle our team use authorization with parameter BTW, |
|
@mebelousov: Basically this is not related to emails but to the userPrincipalName. The principalSuffix parameter makes sense, but doesn't address this issue. In our case we wanna keep the suffix to be sure it's really unique. Not all users of the organization are in the same AD branch. |
|
\cc @prabhjyotsingh |
| @@ -265,7 +265,7 @@ protected AuthorizationInfo buildAuthorizationInfo(Set<String> roleNames) { | |||
| NamingEnumeration ae = attrs.getAll(); | |||
| while (ae.hasMore()) { | |||
| Attribute attr = (Attribute) ae.next(); | |||
| if (attr.getID().toLowerCase().equals("cn")) { | |||
| if (attr.getID().toLowerCase().equals("userprincipalname")) { | |||
There was a problem hiding this comment.
Should we make this (cn/userprincipalname/or any other parameter) configurable?
There was a problem hiding this comment.
From my point of view "cn" just doesn't work. So I don't see a need having this option.
When adding a new notebook also the upn is set as owner (or also for readers/writers/runners depending on the config). So why should one use the "cn" here when searching?
It also actually is the upn we're searching for in this method ("userPrincipalName=" + containString + "").
But maybe I do not have the full picture...
|
@FSteinle Could you update the PR title ? |
florian-trimble
changed the title
What is this PR for?
Fix for https://issues.apache.org/jira/browse/ZEPPELIN-3664
Return the "userPrincipalName" instead of the "cn" (common name) from ActiveDirectoryGroupRealm when searching users to set note permissions.
What type of PR is it?
[Bug Fix]
Todos
What is the Jira issue?
How should this be tested?
Steps to reproduce
Expected result
Actual result
Screenshots
Questions: