[Impala-ASF-CR] IMPALA-10161: User LDAP Search bind support

Csaba Ringhofer (Code Review) Wed, 18 Nov 2020 00:32:37 -0800

Csaba Ringhofer has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/16717 )


Change subject: IMPALA-10161: User LDAP Search bind support
......................................................................


Patch Set 3:

(4 comments)

http://gerrit.cloudera.org:8080/#/c/16717/2/be/src/util/ldap-util.cc
File be/src/util/ldap-util.cc:

http://gerrit.cloudera.org:8080/#/c/16717/2/be/src/util/ldap-util.cc@318
PS2, Line 318: result
> Done
You still don't call  ldap_msgfree(result); on all paths - it has to be done 
even if rc != LDAP_SUCCESS or if nrOfEntries != 1


http://gerrit.cloudera.org:8080/#/c/16717/2/be/src/util/ldap-util.cc@339
PS2, Line 339:
> This should be legal, it is mentioned in the ldap_unbind_ext_s doc:
oops, somehow I didn't see that you ldap_unbind_ext it in the previous line. No 
to 'ld's are necessary.


http://gerrit.cloudera.org:8080/#/c/16717/3/be/src/util/ldap-util.cc
File be/src/util/ldap-util.cc:

http://gerrit.cloudera.org:8080/#/c/16717/3/be/src/util/ldap-util.cc@323
PS3, Line 323: if (nrOfEntries != 1) {
             :       LOG(WARNING) << "LDAP Search returned " << nrOfEntries << 
" entries, authentication"
             :                    << "failed due to incorrect number of 
results.";
             :       return false;
             :     }
Can you add a comment why do we require nrOfEntries to be 1?
Btw accepting only 1 means that the logic below could be simpler - no for loop 
is necessary, as ldap_first_message() should be the only message, and any other 
message than LDAP_RES_SEARCH_ENTRY should return false, as there can't be 
another LDAP_RES_SEARCH_ENTRY to Bind to.


http://gerrit.cloudera.org:8080/#/c/16717/3/be/src/util/ldap-util.cc@379
PS3, Line 379:   return success;
This can be incorrectly true in many paths, as 'success' starts as true after 
line 304, and only line 338 can set it false.



--
To view, visit http://gerrit.cloudera.org:8080/16717
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I978744ad05d9ef408328d1e4dd2d18c329f4d3b7
Gerrit-Change-Number: 16717
Gerrit-PatchSet: 3
Gerrit-Owner: Tamas Mate <tm...@cloudera.com>
Gerrit-Reviewer: Attila Jeges <atti...@cloudera.com>
Gerrit-Reviewer: Csaba Ringhofer <csringho...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Gerrit-Reviewer: Tamas Mate <tm...@cloudera.com>
Gerrit-Reviewer: Thomas Tauber-Marshall <tmarsh...@cloudera.com>
Gerrit-Comment-Date: Wed, 18 Nov 2020 08:32:25 +0000
Gerrit-HasComments: Yes

[Impala-ASF-CR] IMPALA-10161: User LDAP Search bind support

Reply via email to