hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naveen Gangam (JIRA)" <>
Subject [jira] [Resolved] (HIVE-8190) LDAP user match for authentication on hiveserver2
Date Mon, 22 Jun 2015 21:51:00 GMT


Naveen Gangam resolved HIVE-8190.
       Resolution: Fixed
    Fix Version/s: 2.0.0
     Hadoop Flags: Reviewed

A more general fix for this issue has been included in HIVE-7193 that add filter support for
LDAP user and groups. Users can configure the following properties to indicate multiple patterns(COMMA-separated)
for DNs where users/groups can be located in LDAP.

ex: uid=%s,ou=Users,DC=domain,DC=com:CN=%s,CN=Users,DC=domain,DC=com

Please provide any feedback you have on the new features. Thanks

> LDAP user match for authentication on hiveserver2
> -------------------------------------------------
>                 Key: HIVE-8190
>                 URL:
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authorization, Clients
>    Affects Versions: 0.13.1
>         Environment: Centos 6.5
>            Reporter: LINTE
>            Assignee: Naveen Gangam
>             Fix For: 1.3.0, 2.0.0
> Some LDAP has the user composant as CN and not UID.
> SO when you try to authenticate the LDAP authentication module of hive try to authenticate
with the following string :  
> uid=$login,basedn
> Some AD have user objects that are not uid but cn, so it is be important to personalize
the kind of objects that the authentication moduel look for in ldap.
> We can see an exemple in knox LDAP module configuration the parameter main.ldapRealm.userDnTemplate
can be configured to look for :
> uid : 'uid={0}, basedn'
> or cn : 'cn={0}, basedn'

This message was sent by Atlassian JIRA

View raw message