Repository: hive Updated Branches: refs/heads/master 7c164acc3 -> a989f6976
HIVE-12007 : Hive LDAP Authenticator should allow just Domain without baseDN (for AD) (Naveen Gangam via Szehon) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/a989f697 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/a989f697 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/a989f697 Branch: refs/heads/master Commit: a989f697605276bf3f47419c0237391cda3b9e3c Parents: 7c164ac Author: Szehon Ho <[email protected]> Authored: Mon Oct 5 10:11:47 2015 -0700 Committer: Szehon Ho <[email protected]> Committed: Mon Oct 5 10:12:18 2015 -0700 ---------------------------------------------------------------------- .../auth/LdapAuthenticationProviderImpl.java | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/a989f697/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java ---------------------------------------------------------------------- diff --git a/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java b/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java index b2c4daf..f2a4a5b 100644 --- a/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java +++ b/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java @@ -77,7 +77,7 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi LOG.warn("Unexpected format for groupDNPattern..ignoring " + groupTokens[i]); } } - } else { + } else if (baseDN != null) { groupBases.add("CN=%s," + baseDN); } @@ -101,7 +101,7 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi LOG.warn("Unexpected format for userDNPattern..ignoring " + userTokens[i]); } } - } else { + } else if (baseDN != null) { userBases.add("CN=%s," + baseDN); } @@ -151,22 +151,22 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi // Create initial context ctx = new InitialDirContext(env); - if (isDN(user)) { + if (isDN(user) || hasDomain(user)) { userName = extractName(user); } else { userName = user; } - if (userFilter == null && groupFilter == null && customQuery == null) { + if (userFilter == null && groupFilter == null && customQuery == null && userBases.size() > 0) { if (isDN(user)) { - userDN = findUserDNByDN(ctx, user); + userDN = findUserDNByDN(ctx, userName); } else { if (userDN == null) { - userDN = findUserDNByPattern(ctx, user); + userDN = findUserDNByPattern(ctx, userName); } if (userDN == null) { - userDN = findUserDNByName(ctx, baseDN, user); + userDN = findUserDNByName(ctx, baseDN, userName); } } @@ -564,6 +564,11 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi } public static String extractName(String dn) { + int domainIdx = ServiceUtils.indexOfDomainMatch(dn); + if (domainIdx > 0) { + return dn.substring(0, domainIdx); + } + if (dn.indexOf("=") > -1) { return dn.substring(dn.indexOf("=") + 1, dn.indexOf(",")); }
