ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rahul Pathak (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-21407) Ambari login username case is not consistent
Date Wed, 05 Jul 2017 17:01:00 GMT
Rahul Pathak created AMBARI-21407:
-------------------------------------

             Summary: Ambari login username case is not consistent
                 Key: AMBARI-21407
                 URL: https://issues.apache.org/jira/browse/AMBARI-21407
             Project: Ambari
          Issue Type: Bug
          Components: ambari-views
            Reporter: Rahul Pathak


Ambari allows users to login with UPPERCASE as well as lowercase names (LDAP account name)
however ambari stores the username in lowercase. 

But the problem is when one uses the Hive View/File View, the username is treated as the logged
in username.
Means if user logs in with lowercase username "abcd" and executes some queries in HiveView
then it expects following: 

1. Need to have a "/user/abcd" directory in HDFS. 
2. The HiveServer2.log will show the ugi as 'abcd' for the queries that are being executed:


NOTICE: ugi=abcd	
{code} 
2017-07-05 11:16:05,183 INFO [HiveServer2-Background-Pool: Thread-58801]: metastore.HiveMetaStore
(HiveMetaStore.java:logInfo(824)) - 374: get_database: default 
2017-07-05 11:16:05,183 INFO [HiveServer2-Background-Pool: Thread-58801]: HiveMetaStore.audit
(HiveMetaStore.java:logAuditEvent(393)) - ugi=abcd	ip=unknown-ip-addr cmd=get_database: default

2017-07-05 11:16:05,183 INFO [HiveServer2-Background-Pool: Thread-58801]: metastore.HiveMetaStore
(HiveMetaStore.java:newRawStore(667)) - 374: Opening raw store with implemenation class:org.apache.hadoop.hive.metastore.ObjectStore

{code} 

Other case: (When user logs into ambari using upper case 'ABCD') 

Ambari allows user to login in. 

But while accessing Views we will need to have a directory in HDFS as "/user/ABCD" (in uppercase)
and the permission of the directory need to be set in Case Specific manner. 

Also when the user performs query like Hive Query then the queries are executed in the uppercase
"ugi" which hiveserver2 see as following in the "hiveserver2.log". 

NOTICE: ugi=ABCD	

{code} 
2017-07-05 10:54:03,853 INFO [HiveServer2-Handler-Pool: Thread-47]: metastore.HiveMetaStore
(HiveMetaStore.java:logInfo(824)) - 2: get_database: default 
2017-07-05 10:54:33,134 INFO [HiveServer2-Background-Pool: Thread-58606]: HiveMetaStore.audit
(HiveMetaStore.java:logAuditEvent(393)) - ugi=ABCD	ip=unknown-ip-addr cmd=get_databases: *

2017-07-05 10:54:33,134 INFO [HiveServer2-Background-Pool: Thread-58606]: metastore.HiveMetaStore
(HiveMetaStore.java:newRawStore(667)) - 306: Opening raw store with implemenation class:org.apache.hadoop.hive.metastore.ObjectStore

{code} 

Above is not consistent behavior. It needs to be improved/fixed. 

Ambari has been setup for AD authentication with user in AD being in UPPER case.

[root@xx ~]# ambari-server --version
2.5.0.3-7

grep -i lower /etc/ambari-server/conf/ambari.properties
authentication.ldap.username.forceLowercase=true

{code}
ldapsearch -LLL -x -H ldap://xx:389 -D "CN=Hr1 HR,OU=CorpUsers,DC=lab,DC=xx,DC=net" -w XXXX
-b OU=CorpUsers,DC=lab,DC=xx,DC=net samaccountname=RPATHAK
dn: CN=RPATHAK,OU=CorpUsers,DC=lab,DC=xx,DC=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: RPATHAK
givenName: Rahul
distinguishedName: CN=RPATHAK,OU=CorpUsers,DC=lab,DC=xx,DC=net
instanceType: 4
whenCreated: 20170629084742.0Z
whenChanged: 20170629094921.0Z
displayName: Rahul
uSNCreated: 111268103
uSNChanged: 111285423
name: RPATHAK
objectGUID:: Q6GvVx6OcUy/ue+rDF3zbA==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 131431996626025016
primaryGroupID: 513
objectSid:: xxxx==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: RPATHAK
sAMAccountType: 805306368
userPrincipalName: RPATHAK@lab.xxxx.net
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=lab,DC=xxx,DC=
 net
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 131432033616183030
{code}  

Rahul



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message