Return-Path: 
 <dev-return-115245-apmail-hive-dev-archive=hive.apache.org@hive.apache.org>
X-Original-To: apmail-hive-dev-archive@www.apache.org
Delivered-To: apmail-hive-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 5438A10D5B
	for <apmail-hive-dev-archive@www.apache.org>;
 Wed, 19 Nov 2014 20:31:34 +0000 (UTC)
Received: (qmail 4869 invoked by uid 500); 19 Nov 2014 20:31:33 -0000
Delivered-To: apmail-hive-dev-archive@hive.apache.org
Received: (qmail 4722 invoked by uid 500); 19 Nov 2014 20:31:33 -0000
Mailing-List: contact dev-help@hive.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hive.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hive.apache.org>
List-Post: <mailto:dev@hive.apache.org>
List-Id: <dev.hive.apache.org>
Reply-To: dev@hive.apache.org
Delivered-To: mailing list dev@hive.apache.org
Received: (qmail 4516 invoked by uid 500); 19 Nov 2014 20:31:33 -0000
Delivered-To: apmail-hadoop-hive-dev@hadoop.apache.org
Received: (qmail 4513 invoked by uid 99); 19 Nov 2014 20:31:33 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Nov 2014 20:31:33 +0000
Date: Wed, 19 Nov 2014 20:31:33 +0000 (UTC)
From: "Mohit Sabharwal (JIRA)" <jira@apache.org>
To: hive-dev@hadoop.apache.org
Message-ID: <JIRA.12756526.1416429046000.538606.1416429093708@Atlassian.JIRA>
In-Reply-To: <JIRA.12756526.1416429046000@Atlassian.JIRA>
References: <JIRA.12756526.1416429046000@Atlassian.JIRA>
 <JIRA.12756526.1416429046067@arcas>
Subject: [jira] [Created] (HIVE-8916) Handle user@domain username under LDAP
 authentication
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Mohit Sabharwal created HIVE-8916:
-------------------------------------

             Summary: Handle user@domain username under LDAP authentication
                 Key: HIVE-8916
                 URL: https://issues.apache.org/jira/browse/HIVE-8916
             Project: Hive
          Issue Type: Bug
          Components: Authentication
            Reporter: Mohit Sabharwal
            Assignee: Mohit Sabharwal


If LDAP is configured with multiple domains for authentication, users can be in different domains.

Currently, LdapAuthenticationProviderImpl blindly appends the domain configured "hive.server2.authentication.ldap.Domain" to the username, which limits user to that domain. However, under multi-domain authentication, the username may already include the domain (ex:  user@domain.foo.com). We should not append a domain if one is already present.

Also, if username already includes the domain, rest of Hive and authorization providers still expects the "short name" ("user" and not "user@domain.foo.com") for looking up privilege rules, etc.  As such, any domain info in the username should be stripped off.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)