Support multiple LDAP user bind patterns #5874

dain · 2020-11-09T07:06:14Z

No description provided.

kokosing

Just skimmed.

kokosing · 2020-11-09T09:20:45Z

...ssword-authenticators/src/main/java/io/prestosql/plugin/password/ldap/LdapAuthenticator.java

+                String groupSearch = replaceUser(groupAuthorizationSearchPattern.get(), user);
+                if (!isGroupMember(searchBase, groupSearch, userDistinguishedName, credential.getPassword())) {
+                    String message = format("User [%s] not a member of an authorized group", user);
+                    log.debug(message);


There is no point in logging when you throw

I agree, but all of the code in this class logs and throws, so I copied the style of the existing code.

The authentication code is kind of an exception, since the access denied causes an auth failure without any stack trace or logging. We might want to move the logging to the authentication system itself, but that's a separate project from this refactoring.

Talked to @electrum, we're going to leave this as is for now

...ssword-authenticators/src/main/java/io/prestosql/plugin/password/ldap/LdapAuthenticator.java

...thenticators/src/main/java/io/prestosql/plugin/password/ldap/JdkLdapAuthenticatorClient.java

...rd-authenticators/src/test/java/io/prestosql/plugin/password/ldap/TestLdapAuthenticator.java

dain · 2020-11-18T23:49:54Z

@kokosing I added another commit with some abstractions to simplify this code, but I didn't change the logging as that is what the existing code did.

...ssword-authenticators/src/main/java/io/prestosql/plugin/password/ldap/LdapAuthenticator.java

...-authenticators/src/main/java/io/prestosql/plugin/password/ldap/LdapAuthenticatorClient.java

...ssword-authenticators/src/main/java/io/prestosql/plugin/password/ldap/LdapAuthenticator.java

dain requested review from electrum and kokosing November 9, 2020 07:06

cla-bot bot added the cla-signed label Nov 9, 2020

dain force-pushed the multiple-ldap branch from b245eb9 to 84b2285 Compare November 13, 2020 02:24

kokosing reviewed Nov 17, 2020

View reviewed changes

dain force-pushed the multiple-ldap branch from 84b2285 to 18d5838 Compare November 18, 2020 23:49

electrum approved these changes Nov 21, 2020

View reviewed changes

dain added 5 commits November 21, 2020 13:17

Restructure LdapAuthenticator code

d80be31

Add LdapAuthenticatorClient abstraction

b207cc4

Add unit test for LdapAuthenticator

bcfdb24

Support multiple LDAP user bind patterns

12df470

Add abstractions to simplify JdkLdapAuthenticatorClient

519e0e1

dain force-pushed the multiple-ldap branch from 18d5838 to 519e0e1 Compare November 21, 2020 22:51

dain merged commit 05409df into trinodb:master Nov 22, 2020

dain deleted the multiple-ldap branch November 22, 2020 01:08

dain mentioned this pull request Nov 22, 2020

Release notes for 347 #5912

Closed

10 tasks

martint added this to the 347 milestone Nov 23, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support multiple LDAP user bind patterns #5874

Support multiple LDAP user bind patterns #5874

dain commented Nov 9, 2020

kokosing left a comment

kokosing Nov 9, 2020

dain Nov 17, 2020

electrum Nov 19, 2020

dain Nov 21, 2020

dain commented Nov 18, 2020

Support multiple LDAP user bind patterns #5874

Support multiple LDAP user bind patterns #5874

Conversation

dain commented Nov 9, 2020

kokosing left a comment

Choose a reason for hiding this comment

kokosing Nov 9, 2020

Choose a reason for hiding this comment

dain Nov 17, 2020

Choose a reason for hiding this comment

electrum Nov 19, 2020

Choose a reason for hiding this comment

dain Nov 21, 2020

Choose a reason for hiding this comment

dain commented Nov 18, 2020