Example 1 with DirSearch
use of org.apache.hive.service.auth.ldap.DirSearch in project hive by apache.
the class LdapAuthenticationProviderImpl method Authenticate.
@Override
public void Authenticate(String user, String password) throws AuthenticationException {
DirSearch search = null;
String bindUser = this.conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_USER);
String bindPassword = null;
try {
char[] rawPassword = this.conf.getPassword(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_PASSWORD.toString());
if (rawPassword != null) {
bindPassword = new String(rawPassword);
}
} catch (IOException e) {
bindPassword = null;
}
boolean usedBind = bindUser != null && bindPassword != null;
if (!usedBind) {
// If no bind user or bind password was specified,
// we assume the user we are authenticating has the ability to search
// the LDAP tree, so we use it as the "binding" account.
// This is the way it worked before bind users were allowed in the LDAP authenticator,
// so we keep existing systems working.
bindUser = user;
bindPassword = password;
}
try {
search = createDirSearch(bindUser, bindPassword);
applyFilter(search, user);
if (usedBind) {
// If we used the bind user, then we need to authenticate again,
// this time using the full user name we got during the bind process.
createDirSearch(search.findUserDn(user), password);
}
} catch (NamingException e) {
throw new AuthenticationException("Unable to find the user in the LDAP tree. " + e.getMessage());
} finally {
ServiceUtils.cleanup(LOG, search);
}
}
Also used :
AuthenticationException(javax.security.sasl.AuthenticationException)
NamingException(javax.naming.NamingException)
DirSearch(org.apache.hive.service.auth.ldap.DirSearch)
IOException(java.io.IOException)
Aggregations
IOException (java.io.IOException)1
NamingException (javax.naming.NamingException)1
AuthenticationException (javax.security.sasl.AuthenticationException)1
DirSearch (org.apache.hive.service.auth.ldap.DirSearch)1
