StarRocks · gengjun-git · Mar 13, 2024 · Mar 12, 2024
diff --git a/fe/fe-core/src/main/java/com/starrocks/mysql/security/LdapSecurity.java b/fe/fe-core/src/main/java/com/starrocks/mysql/security/LdapSecurity.java
@@ -2,6 +2,7 @@
 
 package com.starrocks.mysql.security;
 
+import com.google.common.base.Strings;
 import com.starrocks.common.Config;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -19,6 +20,11 @@ public class LdapSecurity {
 
     //bind to ldap server to check password
     public static boolean checkPassword(String dn, String password) {
+        if (Strings.isNullOrEmpty(password)) {
+            LOG.warn("empty password is not allowed for simple authentication");
+            return false;
+        }
+
         String url = "ldap://" + Config.authentication_ldap_simple_server_host + ":" +
                 Config.authentication_ldap_simple_server_port;
         Hashtable<String, String> env = new Hashtable<>();
@@ -51,6 +57,11 @@ public static boolean checkPassword(String dn, String password) {
     //2. search user
     //3. if match exactly one, check password
     public static boolean checkPasswordByRoot(String user, String password) {
+        if (Strings.isNullOrEmpty(Config.authentication_ldap_simple_bind_root_pwd)) {
+            LOG.warn("empty password is not allowed for simple authentication");
+            return false;
+        }
+
         String url = "ldap://" + Config.authentication_ldap_simple_server_host + ":" +
                 Config.authentication_ldap_simple_server_port;
         Hashtable<String, String> env = new Hashtable<>();