diff --git service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java index d075761d079f8a18d7d317483783fe3b801e00d5..7292cd9c1fc0395ab4b985024c7d7758abf7fe3c 100644 --- service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java +++ service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java @@ -24,6 +24,7 @@ import javax.security.sasl.AuthenticationException; import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hive.service.ServiceUtils; public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvider { @@ -45,10 +46,11 @@ public void Authenticate(String user, String password) throws AuthenticationExce env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, ldapURL); - // If the domain is supplied, then append it. LDAP providers like Active Directory - // use a fully qualified user name like foo@bar.com. - if (ldapDomain != null) { - user = user + "@" + ldapDomain; + // If the domain is available in the config, then append it unless domain is + // already part of the username. LDAP providers like Active Directory use a + // fully qualified user name like foo@bar.com. + if (!hasDomain(user) && ldapDomain != null) { + user = user + "@" + ldapDomain; } // setup the security principal @@ -71,4 +73,7 @@ public void Authenticate(String user, String password) throws AuthenticationExce } } + private boolean hasDomain(String userName) { + return (ServiceUtils.indexOfDomainMatch(userName) > 0); + } } diff --git service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java index 3a8ae70d8bd31c9958ea6ae00a2d01c315c80615..3345b5ffb4737cc17ec33e96b4b0877733cef357 100644 --- service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java +++ service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java @@ -33,6 +33,7 @@ import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hive.service.AbstractService; import org.apache.hive.service.ServiceException; +import org.apache.hive.service.ServiceUtils; import org.apache.hive.service.auth.HiveAuthFactory; import org.apache.hive.service.auth.TSetIpAddressProcessor; import org.apache.hive.service.cli.*; @@ -295,11 +296,24 @@ private String getUserName(TOpenSessionReq req) throws HiveSQLException { if (userName == null) { userName = req.getUsername(); } + + userName = getShortName(userName); String effectiveClientUser = getProxyUser(userName, req.getConfiguration(), getIpAddress()); LOG.debug("Client's username: " + effectiveClientUser); return effectiveClientUser; } + private String getShortName(String userName) { + String ret = null; + if (userName != null) { + int indexOfDomainMatch = ServiceUtils.indexOfDomainMatch(userName); + ret = (indexOfDomainMatch <= 0) ? userName : + userName.substring(0, indexOfDomainMatch); + } + + return ret; + } + /** * Create a session handle * @param req