You are viewing a plain text version of this content. The canonical link for it is here.

Posted to gitbox@hive.apache.org by "nrg4878 (via GitHub)" <gi...@apache.org> on 2023/05/03 19:41:42 UTC

[GitHub] [hive] nrg4878 commented on a diff in pull request #4284: HIVE-27311: Support generic search bind filter auth with LDAP (Naveen…

nrg4878 commented on code in PR #4284:
URL: https://github.com/apache/hive/pull/4284#discussion_r1184180338


##########
service/src/java/org/apache/hive/service/auth/ldap/DirSearch.java:
##########
@@ -34,6 +34,16 @@ public interface DirSearch extends Closeable {
    */
   String findUserDn(String user) throws NamingException;
 
+  /**
+   * Finds user's distinguished name.
+   * @param user username
+   * @param userSearchFilter Generic LDAP Search filter for ex: (&(uid={0})(objectClass=person))
+   * @param baseDn LDAP BaseDN for user searches for ex: dc=apache,dc=org
+   * @return DN for the specific user if exists, null otherwise
+   * @throws NamingException
+   */
+  String findUserDnBySearch(String user, String userSearchFilter, String baseDn) throws NamingException;

Review Comment:
   yeah, this entire code was replicated for supporting ldap auth for HMS. I think it would make sense to make changes to the HMS provider as well. I wasnt sure how to test it manually though. Will give it a try otherwise may have to fork the work for another jira.
   
   It is possible to lump them both into single method. I kept them separate for a couple reasons. findUserDn() and findUserDnBySearch() use different criteria/configuration to find the userDN from a given username.  This requires a change to the interface method though, which I wasn't very fond of. This also kept the methods separate based on the factory that was calling it. Less intersection with existing code. As this is an alternate configuration for LDAP.
   if you feel strongly about merging them, I can give it a shot.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org