HUE-8821 [core] Fix Hue LDAP StartTLS implementation

Review Request #13910 — Created April 26, 2019 and updated

Information
ranade
hue
master
Reviewers
hue
bgooley, jgauthier, johan, ranade, romain, subrata, weixia, yingc 
commit f4271a17977edcc1d4b664f4826ded91cf737647
Author: Prakash Ranade <ranade@cloudera.com>
Date:   Fri Apr 26 16:21:30 2019 -0700

    HUE-8821 [core] Fix Hue LDAP StartTLS implementation
    
    In testing LDAPS SSL based setup, python ldap module does not need explicit start_tls operation it by default enables secure communication.

:100644 100644 8ef997530a d4480e267d M	apps/useradmin/src/useradmin/ldap_access.py
:100644 100644 78510db3b1 a84c64de71 M	desktop/core/src/desktop/auth/backend.py
Tested using ldaps url.
  • 0
  • 0
  • 0
  • 1
  • 1
Description From Last Updated
jgauthier
jgauthier 
  1. 
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    2. 

















  2. 
 
    
  
  
    
  
 

   
    
    
    



    
 
    
  
    
   
   
    
    
     
     
     
     
     
    
    Show all issues
   
  
    
 
    

    



    
    This looks fine, but we're again changing the configuration that was done by the user.
    
  
    
 
    

 
    
  


    
 
    
 
      

  


    1. 
 
 
      
 
      
  
 
      
 
      
  
      ...or we could look at this as us saving a step for the Hue admin.  If they have specified "ldaps" and have not expliciltly disabled StartTLS, then authentication will fail and the hadoop admin will need to find a single WARN line in the code telling them that StartTLS + LDAPS is not ok.
      
With the code change, now we simply ignore StartTLS and continue.
      

      Since LDAPS is specified, that means the transmitted data will be encrypted.  There is no feature loss here and the goal of securing LDAP communication is accomplished.  If someone specifies an "ldaps://" scheme then they know they are configuring to use a TLS-only port which obviates any usefulness of StartTLS.
      
 
      

      2. 


 
    


    

 
    

    3. 




  3. 
 
    
  
    
   
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    4. 




  

 
















 





 

  

   




bgooley




   

   







  

 



 

  


   

   

    
 
bgooley


    
   


  

  

  



    




  1. 
 
    
  
    
   
    Ship It!
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    2. 















  2. 
 
    
  
    
   
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    3. 




  

 
















 





 

  

   




jgauthier




   

   







  

 



 

  


   

   

    
 
jgauthier


    
   


  

  

  



    




  1. 
 
    
  
    
   
    Ship It!
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    2. 















  2. 
 
    
  
    
   
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    3. 




  

 









     

    

   

  

  

   
   Loading...