-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support multiple LDAP user bind patterns #5874
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just skimmed.
String groupSearch = replaceUser(groupAuthorizationSearchPattern.get(), user); | ||
if (!isGroupMember(searchBase, groupSearch, userDistinguishedName, credential.getPassword())) { | ||
String message = format("User [%s] not a member of an authorized group", user); | ||
log.debug(message); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no point in logging when you throw
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, but all of the code in this class logs and throws, so I copied the style of the existing code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The authentication code is kind of an exception, since the access denied causes an auth failure without any stack trace or logging. We might want to move the logging to the authentication system itself, but that's a separate project from this refactoring.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Talked to @electrum, we're going to leave this as is for now
...ssword-authenticators/src/main/java/io/prestosql/plugin/password/ldap/LdapAuthenticator.java
Show resolved
Hide resolved
...ssword-authenticators/src/main/java/io/prestosql/plugin/password/ldap/LdapAuthenticator.java
Show resolved
Hide resolved
...thenticators/src/main/java/io/prestosql/plugin/password/ldap/JdkLdapAuthenticatorClient.java
Outdated
Show resolved
Hide resolved
...rd-authenticators/src/test/java/io/prestosql/plugin/password/ldap/TestLdapAuthenticator.java
Show resolved
Hide resolved
@kokosing I added another commit with some abstractions to simplify this code, but I didn't change the logging as that is what the existing code did. |
No description provided.