Examples with DirSearch org.apache.hadoop.hive.metastore.ldap.DirSearch used on opensource projects

Example 1 with DirSearch

use of org.apache.hadoop.hive.metastore.ldap.DirSearch in project hive by apache.

the class MetaStoreLdapAuthenticationProviderImpl method authenticate.

@Override
public void authenticate(String user, String password) throws AuthenticationException {
    DirSearch search = null;
    String bindUser = MetastoreConf.getVar(this.conf, MetastoreConf.ConfVars.METASTORE_PLAIN_LDAP_BIND_USER);
    if (StringUtils.isBlank(bindUser)) {
        bindUser = null;
    }
    String bindPassword;
    try {
        bindPassword = MetastoreConf.getPassword(this.conf, MetastoreConf.ConfVars.METASTORE_PLAIN_LDAP_BIND_PASSWORD);
        if (StringUtils.isBlank(bindPassword)) {
            bindPassword = null;
        }
    } catch (IOException e) {
        bindPassword = null;
    }
    boolean usedBind = bindUser != null && bindPassword != null;
    if (!usedBind) {
        // If no bind user or bind password was specified,
        // we assume the user we are authenticating has the ability to search
        // the LDAP tree, so we use it as the "binding" account.
        // This is the way it worked before bind users were allowed in the LDAP authenticator,
        // so we keep existing systems working.
        bindUser = user;
        bindPassword = password;
    }
    try {
        search = createDirSearch(bindUser, bindPassword);
        applyFilter(search, user);
        if (usedBind) {
            // If we used the bind user, then we need to authenticate again,
            // this time using the full user name we got during the bind process.
            createDirSearch(search.findUserDn(user), password);
        }
    } catch (NamingException e) {
        throw new AuthenticationException("Unable to find the user in the LDAP tree. " + e.getMessage());
    } finally {
        ServiceUtils.cleanup(LOG, search);
    }
}