This is an automated email from the ASF dual-hosted git repository.
ngangam pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new 4170e566143 Improve LDAP auth to support include generic user filters
(Naveen Gan… (#3555)
4170e566143 is described below
commit 4170e566143e6daa291654e97116199aa738377c
Author: Naveen Gangam <[email protected]>
AuthorDate: Mon Oct 3 10:29:34 2022 -0400
Improve LDAP auth to support include generic user filters (Naveen Gan…
(#3555)
* HIVE-26502: Improve LDAP auth to support include generic user filters
(Naveen Gangam)
* HIVE-26502: Adding check to ensure query has wildcard
---
.../service/auth/ldap/CustomQueryFilterFactory.java | 17 ++++++++++++++++-
.../service/auth/TestLdapAtnProviderWithMiniDS.java | 16 +++++++++++-----
2 files changed, 27 insertions(+), 6 deletions(-)
diff --git
a/service/src/java/org/apache/hive/service/auth/ldap/CustomQueryFilterFactory.java
b/service/src/java/org/apache/hive/service/auth/ldap/CustomQueryFilterFactory.java
index 30ce1a6b6f3..126369b037f 100644
---
a/service/src/java/org/apache/hive/service/auth/ldap/CustomQueryFilterFactory.java
+++
b/service/src/java/org/apache/hive/service/auth/ldap/CustomQueryFilterFactory.java
@@ -59,7 +59,7 @@ public class CustomQueryFilterFactory implements
FilterFactory {
}
@Override
- public void apply(DirSearch client, String user) throws
AuthenticationException {
+ public void apply(DirSearch client, final String user) throws
AuthenticationException {
List<String> resultList;
try {
resultList = client.executeCustomQuery(query);
@@ -75,6 +75,21 @@ public class CustomQueryFilterFactory implements
FilterFactory {
return;
}
}
+
+ // try a generic user search
+ if (query.contains("%s")) {
+ String userSearchQuery = query.replace("%s", user);
+ LOG.info("Trying with generic user search in ldap:" +
userSearchQuery);
+ try {
+ resultList = client.executeCustomQuery(userSearchQuery);
+ } catch (NamingException e) {
+ throw new AuthenticationException("LDAP Authentication failed for
user", e);
+ }
+ if (resultList != null && resultList.size() == 1) {
+ LOG.info("Authentication succeeded based on result from custom
user search query");
+ return;
+ }
+ }
}
LOG.info("Authentication failed based on result set from custom LDAP
query");
throw new AuthenticationException("Authentication failed: LDAP query "
diff --git
a/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java
b/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java
index d6d67a54cd8..edf39128728 100644
---
a/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java
+++
b/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java
@@ -45,8 +45,8 @@ import static org.junit.Assert.assertTrue;
*/
@RunWith(FrameworkRunner.class)
@CreateLdapServer(transports = {
- @CreateTransport(protocol = "LDAP"),
- @CreateTransport(protocol = "LDAPS")
+ @CreateTransport(protocol = "LDAP", port = 10389 ),
+ @CreateTransport(protocol = "LDAPS", port = 10636 )
})
@CreateDS(partitions = {
@@ -455,15 +455,21 @@ public class TestLdapAtnProviderWithMiniDS extends
AbstractLdapTestUnit {
testCase.assertAuthenticatePasses(USER1.credentialsWithDn());
testCase.assertAuthenticatePasses(USER4.credentialsWithId());
testCase.assertAuthenticatePasses(USER4.credentialsWithDn());
+
+ testCase = defaultBuilder()
+ .baseDN("ou=People,dc=example,dc=com")
+ .customQuery("(&(objectClass=person)(uid=%s))")
+ .build();
+
+ testCase.assertAuthenticatePasses(USER1.credentialsWithId());
+ testCase.assertAuthenticatePasses(USER2.credentialsWithId());
}
@Test
public void testCustomQueryNegative() {
testCase = defaultBuilder()
.baseDN("ou=People,dc=example,dc=com")
- .customQuery(
- String.format("(&(objectClass=person)(uid=%s))",
- USER1.getId()))
+ .customQuery("(&(objectClass=person)(cn=%s))")
.build();
testCase.assertAuthenticateFails(USER2.credentialsWithDn());
