hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "LINTE (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-8190) LDAP user match for authentication on hiveserver2
Date Fri, 19 Sep 2014 16:43:38 GMT

     [ https://issues.apache.org/jira/browse/HIVE-8190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

LINTE updated HIVE-8190:
------------------------
    Description: 
Some LDAP has the user composant as CN and not UID.

SO when you try to authenticate the LDAP authentication module of hive try to authenticate
with the following string :  

uid=$login,basedn

Some AD have user objects that are not uid but cn, so it is be important to personalize the
kind of objects that the authentication moduel look for in ldap.

We can see an exemple in knox LDAP module configuration the parameter main.ldapRealm.userDnTemplate
can be configured to look for :

uid : uid={0}, basedn

or cn : cn={0}, basedn




  was:
Some LDAP has the user composant as CN and not UID.

SO when you try to authenticate the LDAP authentication module of hive try to authenticate
with the following string :  

uid=$login,basedn

Some AD have user objects that are not uid but cn, so it is be important to personalize the
kind of objects that the authentication moduel look for in ldap.

We can see an exemple in knox LDAP module configuration the parameter main.ldapRealm.userDnTemplate
can be configured to look for :

uid : uid={0},basedn

or cn : cn={0},basedn





> LDAP user match for authentication on hiveserver2
> -------------------------------------------------
>
>                 Key: HIVE-8190
>                 URL: https://issues.apache.org/jira/browse/HIVE-8190
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authorization, Clients
>    Affects Versions: 0.13.1
>         Environment: Centos 6.5
>            Reporter: LINTE
>
> Some LDAP has the user composant as CN and not UID.
> SO when you try to authenticate the LDAP authentication module of hive try to authenticate
with the following string :  
> uid=$login,basedn
> Some AD have user objects that are not uid but cn, so it is be important to personalize
the kind of objects that the authentication moduel look for in ldap.
> We can see an exemple in knox LDAP module configuration the parameter main.ldapRealm.userDnTemplate
can be configured to look for :
> uid : uid={0}, basedn
> or cn : cn={0}, basedn



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message