dengzhhu653 commented on code in PR #6085:
URL: https://github.com/apache/hive/pull/6085#discussion_r2375346418
##########
service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java:
##########
@@ -540,6 +556,35 @@ public String run() throws HttpAuthenticationException {
}
}
+ private void enforceLdapFilters(String shortName) throws
HttpAuthenticationException {
+ boolean enableGroupCheck = hiveConf.getBoolVar(
+
HiveConf.ConfVars.HIVE_SERVER2_LDAP_ENABLE_GROUP_CHECK_AFTER_KERBEROS);
+ if (!enableGroupCheck) {
+ LOG.debug("No LDAP group check is enabled; skipping.");
+ return;
+ }
+ // Check if this is a proxy user - we don't apply LDAP filters to proxy
users
+ String proxyUser = SessionManager.getProxyUserName();
Review Comment:
Here we are building the connection, I guess the `proxyUser` is always null.
In any case do we see this value as a non-empty string?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
