You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by jo...@apache.org on 2023/02/07 19:08:42 UTC
[impala] branch master updated: IMPALA-11897: Fix default LDAP group search filter
This is an automated email from the ASF dual-hosted git repository.
joemcdonnell pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
The following commit(s) were added to refs/heads/master by this push:
new 93a53227e IMPALA-11897: Fix default LDAP group search filter
93a53227e is described below
commit 93a53227e4d1049b2ed2e3a901ffb95373b792e2
Author: Gergely Farkas <gf...@cloudera.com>
AuthorDate: Thu Jan 26 16:53:45 2023 +0100
IMPALA-11897: Fix default LDAP group search filter
When LDAP search bind authentication is enabled
(ldap_search_bind_authentication=true) and no custom user/group
filter is specified (ldap_user_filter and ldap_group_filter
flags are empty), then LDAP auth uses the default filters that
are defined for Active Directory.
This commit fixes the incorrect default group filter and solves
the problem.
Tested manually with a custom build.
Change-Id: I3fb4e9d81b5f39b5887a296579d2a9f5199acb6d
Reviewed-on: http://gerrit.cloudera.org:8080/19442
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
be/src/util/ldap-search-bind.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/be/src/util/ldap-search-bind.cc b/be/src/util/ldap-search-bind.cc
index d3c6d9c1d..e6e74d7a1 100644
--- a/be/src/util/ldap-search-bind.cc
+++ b/be/src/util/ldap-search-bind.cc
@@ -47,7 +47,7 @@ const string GROUP_SEARCH_LOGIN_NAME_PATTERN = "{1}";
const string GROUP_SEARCH_USER_DN_PATTERN = "{0}";
// Default ldap filters
const string DEFAULT_USER_FILTER = "(&(objectClass=user)(sAMAccountName={0}))";
-const string DEFAULT_GROUP_FILTER = "(&(objectClass=group)(member={0})";
+const string DEFAULT_GROUP_FILTER = "(&(objectClass=group)(member={0}))";
Status LdapSearchBind::ValidateFlags() {
RETURN_IF_ERROR(ImpalaLdap::ValidateFlags());