hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mohit Sabharwal (JIRA)" <>
Subject [jira] [Created] (HIVE-8916) Handle user@domain username under LDAP authentication
Date Wed, 19 Nov 2014 20:31:33 GMT
Mohit Sabharwal created HIVE-8916:

             Summary: Handle user@domain username under LDAP authentication
                 Key: HIVE-8916
             Project: Hive
          Issue Type: Bug
          Components: Authentication
            Reporter: Mohit Sabharwal
            Assignee: Mohit Sabharwal

If LDAP is configured with multiple domains for authentication, users can be in different

Currently, LdapAuthenticationProviderImpl blindly appends the domain configured "hive.server2.authentication.ldap.Domain"
to the username, which limits user to that domain. However, under multi-domain authentication,
the username may already include the domain (ex: We should not append
a domain if one is already present.

Also, if username already includes the domain, rest of Hive and authorization providers still
expects the "short name" ("user" and not "") for looking up privilege rules,
etc.  As such, any domain info in the username should be stripped off.

This message was sent by Atlassian JIRA

View raw message