You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by sz...@apache.org on 2015/10/05 19:12:40 UTC
hive git commit: HIVE-12007 : Hive LDAP Authenticator should allow
just Domain without baseDN (for AD) (Naveen Gangam via Szehon)
Repository: hive
Updated Branches:
refs/heads/master 7c164acc3 -> a989f6976
HIVE-12007 : Hive LDAP Authenticator should allow just Domain without baseDN (for AD) (Naveen Gangam via Szehon)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/a989f697
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/a989f697
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/a989f697
Branch: refs/heads/master
Commit: a989f697605276bf3f47419c0237391cda3b9e3c
Parents: 7c164ac
Author: Szehon Ho <sz...@cloudera.com>
Authored: Mon Oct 5 10:11:47 2015 -0700
Committer: Szehon Ho <sz...@cloudera.com>
Committed: Mon Oct 5 10:12:18 2015 -0700
----------------------------------------------------------------------
.../auth/LdapAuthenticationProviderImpl.java | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/a989f697/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java b/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
index b2c4daf..f2a4a5b 100644
--- a/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
+++ b/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
@@ -77,7 +77,7 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi
LOG.warn("Unexpected format for groupDNPattern..ignoring " + groupTokens[i]);
}
}
- } else {
+ } else if (baseDN != null) {
groupBases.add("CN=%s," + baseDN);
}
@@ -101,7 +101,7 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi
LOG.warn("Unexpected format for userDNPattern..ignoring " + userTokens[i]);
}
}
- } else {
+ } else if (baseDN != null) {
userBases.add("CN=%s," + baseDN);
}
@@ -151,22 +151,22 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi
// Create initial context
ctx = new InitialDirContext(env);
- if (isDN(user)) {
+ if (isDN(user) || hasDomain(user)) {
userName = extractName(user);
} else {
userName = user;
}
- if (userFilter == null && groupFilter == null && customQuery == null) {
+ if (userFilter == null && groupFilter == null && customQuery == null && userBases.size() > 0) {
if (isDN(user)) {
- userDN = findUserDNByDN(ctx, user);
+ userDN = findUserDNByDN(ctx, userName);
} else {
if (userDN == null) {
- userDN = findUserDNByPattern(ctx, user);
+ userDN = findUserDNByPattern(ctx, userName);
}
if (userDN == null) {
- userDN = findUserDNByName(ctx, baseDN, user);
+ userDN = findUserDNByName(ctx, baseDN, userName);
}
}
@@ -564,6 +564,11 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi
}
public static String extractName(String dn) {
+ int domainIdx = ServiceUtils.indexOfDomainMatch(dn);
+ if (domainIdx > 0) {
+ return dn.substring(0, domainIdx);
+ }
+
if (dn.indexOf("=") > -1) {
return dn.substring(dn.indexOf("=") + 1, dn.indexOf(","));
}