nrg4878 commented on code in PR #4284:
URL: https://github.com/apache/hive/pull/4284#discussion_r1184180338
##########
service/src/java/org/apache/hive/service/auth/ldap/DirSearch.java:
##########
@@ -34,6 +34,16 @@ public interface DirSearch extends Closeable {
*/
String findUserDn(String user) throws NamingException;
+ /**
+ * Finds user's distinguished name.
+ * @param user username
+ * @param userSearchFilter Generic LDAP Search filter for ex:
(&(uid={0})(objectClass=person))
+ * @param baseDn LDAP BaseDN for user searches for ex: dc=apache,dc=org
+ * @return DN for the specific user if exists, null otherwise
+ * @throws NamingException
+ */
+ String findUserDnBySearch(String user, String userSearchFilter, String
baseDn) throws NamingException;
Review Comment:
yeah, this entire code was replicated for supporting ldap auth for HMS. I
think it would make sense to make changes to the HMS provider as well. I wasnt
sure how to test it manually though. Will give it a try otherwise may have to
fork the work for another jira.
It is possible to lump them both into single method. I kept them separate
for a couple reasons. findUserDn() and findUserDnBySearch() use different
criteria/configuration to find the userDN from a given username. This requires
a change to the interface method though, which I wasn't very fond of. This also
kept the methods separate based on the factory that was calling it. Less
intersection with existing code. As this is an alternate configuration for LDAP.
if you feel strongly about merging them, I can give it a shot.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
