zddr commented on code in PR #51379:
URL: https://github.com/apache/doris/pull/51379#discussion_r2255737580
##########
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java:
##########
@@ -156,32 +156,50 @@ boolean checkPassword(String userName, String password) {
List<String> getGroups(String userName) {
List<String> groups = Lists.newArrayList();
if (LdapConfig.ldap_group_basedn.isEmpty()) {
+ LOG.debug("Group base DN is empty");
return groups;
}
- String userDn = getUserDn(userName);
- if (userDn == null) {
- return groups;
- }
- List<String> groupDns;
- // Support Open Directory implementations
- // If no group filter is configured, it defaults to querying groups
based on the attribute 'member'
- // for standard LDAP implementations
+ List<String> groupDns;
if (!LdapConfig.ldap_group_filter.isEmpty()) {
- groupDns =
getDn(org.springframework.ldap.query.LdapQueryBuilder.query()
- .base(LdapConfig.ldap_group_basedn)
- .filter(getGroupFilter(LdapConfig.ldap_group_filter,
userName)));
+ // Support Open Directory implementations
+ String filter = LdapConfig.ldap_group_filter.replace("{login}",
userName);
+ LOG.debug("Using group filter: {} with base DN: {}", filter,
LdapConfig.ldap_group_basedn);
+
+ LdapQuery query =
org.springframework.ldap.query.LdapQueryBuilder.query()
+ .attributes("dn")
Review Comment:
Hello, can I understand that this PR is aimed at improving performance? Does
it fix any functional bugs?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
