[
https://issues.apache.org/jira/browse/HADOOP-18388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17585076#comment-17585076
]
Ayush Saxena commented on HADOOP-18388:
---------------------------------------
Thanx [~lmccay] , I have extended a test and changed the code a bit post
confirming with [~lbiro] regarding our internal use case. We haven't tested it
on our cluster, It is still in progress. Will update the thread once we are
done with the testing.
We originally had 2 cases for filterExpression, one was Posix second a regular
lookup. I have introduced a third category which is kind of CUSTOM.
> Allow dynamic groupSearchFilter in LdapGroupsMapping
> ----------------------------------------------------
>
> Key: HADOOP-18388
> URL: https://issues.apache.org/jira/browse/HADOOP-18388
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Ayush Saxena
> Assignee: Ayush Saxena
> Priority: Major
> Labels: pull-request-available
> Attachments: dynamic-filter-idea.patch
>
>
> As of now the lookupGroup() method doesn't allow to have placeholders in
> groupSearchFilter, so that can not be dynamically adjusted.
> If we have placeholders for groupSearchFilter like:
> (&(|(XYZ=\{0})(ABC=\{1}))(objectClass=posixGroup))
> This fails here:
>
> {code:java}
> groupResults =
> c.search(groupbaseDN,
> "(&" + groupSearchFilter + "(" + groupMemberAttr + "={0}))",
> new Object[]{userDn},
> SEARCH_CONTROLS); {code}
> With
>
>
> {noformat}
> javax.naming.directory.InvalidSearchFilterException: number exceeds argument
> list: 1; remaining name {noformat}
>
> >>Dropped off or changed the details above which I thought won't be safe to
> >>disclose.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
