You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kyuubi.apache.org by ch...@apache.org on 2022/09/08 09:05:24 UTC

[incubator-kyuubi] 01/02: Revert "[KYUUBI #3020][FOLLOWUP] Refactor the code style"

This is an automated email from the ASF dual-hosted git repository.

chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-kyuubi.git

commit 6edb72f31fbba8c036eaa49f7a30ba17fdafcec5
Author: Cheng Pan <ch...@apache.org>
AuthorDate: Thu Sep 8 08:33:00 2022 +0000

    Revert "[KYUUBI #3020][FOLLOWUP] Refactor the code style"
    
    This reverts commit 327336f1d6aac67e3cdbc5074be40cbf324e5022.
---
 .../org/apache/kyuubi/config/KyuubiConf.scala      |  2 +-
 .../LdapAuthenticationProviderImpl.scala           | 42 ++++++++++++----------
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 572a5f46c..f1843a102 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -2047,7 +2047,7 @@ object KyuubiConf {
       DeprecatedConfig(
         AUTHENTICATION_LDAP_GUIDKEY.key,
         "1.6.0",
-        s"using ${AUTHENTICATION_LDAP_BINDDN.key} instead"))
+        s"using ${AUTHENTICATION_LDAP_BINDDN} instead"))
     Map(configs.map { cfg => cfg.key -> cfg }: _*)
   }
 
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
index e2932f844..9bd80cdd7 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/authentication/LdapAuthenticationProviderImpl.scala
@@ -60,8 +60,27 @@ class LdapAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticat
 
     val domain = conf.get(AUTHENTICATION_LDAP_DOMAIN)
     val mail = if (!hasDomain(user) && domain.nonEmpty) (user + "@" + domain.get) else user
+    var bindDn = conf.get(AUTHENTICATION_LDAP_BINDDN).getOrElse("")
+    val guidKey = conf.get(AUTHENTICATION_LDAP_GUIDKEY)
 
-    conf.get(AUTHENTICATION_LDAP_BINDDN).map { bindDn =>
+    if ("".equals(bindDn)) {
+      bindDn = conf.get(AUTHENTICATION_LDAP_BASEDN) match {
+        case Some(dn) => guidKey + "=" + mail + "," + dn
+        case _ => mail
+      }
+      env.put(Context.SECURITY_PRINCIPAL, bindDn)
+      env.put(Context.SECURITY_CREDENTIALS, password)
+      try {
+        val ctx = new InitialDirContext(env)
+        ctx.close()
+      } catch {
+        case e: NamingException =>
+          throw new AuthenticationException(
+            s"Error validating LDAP user: $user," +
+              s" bindDn: $bindDn.",
+            e)
+      }
+    } else {
       val baseDn = conf.get(AUTHENTICATION_LDAP_BASEDN).getOrElse("")
       val bindPw = conf.get(AUTHENTICATION_LDAP_PASSWORD).getOrElse("")
       val attrs = conf.get(AUTHENTICATION_LDAP_ATTRIBUTES).toArray
@@ -73,7 +92,8 @@ class LdapAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticat
         val sc = new SearchControls
         sc.setReturningAttributes(attrs)
         sc.setSearchScope(SearchControls.SUBTREE_SCOPE)
-        nameEnuResults = ctx.search(baseDn, s"(mail=$mail)", sc)
+        val searchFilter = String.format("(%s=%s)", "mail", mail)
+        nameEnuResults = ctx.search(baseDn, searchFilter, sc)
       } catch {
         case e: NamingException =>
           throw new AuthenticationException(
@@ -110,24 +130,8 @@ class LdapAuthenticationProviderImpl(conf: KyuubiConf) extends PasswdAuthenticat
           s"LDAP InitialLdapContext search results are empty, Error validating LDAP user: $user," +
             s" bindDn: $bindDn.")
       }
-    }.getOrElse {
-      val guidKey = conf.get(AUTHENTICATION_LDAP_GUIDKEY)
-      val bindDn = conf.get(AUTHENTICATION_LDAP_BASEDN) match {
-        case Some(dn) => guidKey + "=" + mail + "," + dn
-        case _ => mail
-      }
-      env.put(Context.SECURITY_PRINCIPAL, bindDn)
-      env.put(Context.SECURITY_CREDENTIALS, password)
-      try {
-        val ctx = new InitialDirContext(env)
-        ctx.close()
-      } catch {
-        case e: NamingException =>
-          throw new AuthenticationException(
-            s"Error validating LDAP user: $user, bindDn: $bindDn.",
-            e)
-      }
     }
+
   }
 
   private def hasDomain(userName: String): Boolean = ServiceUtils.indexOfDomainMatch(userName) > 0