hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naveen Gangam (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HIVE-8190) LDAP user match for authentication on hiveserver2
Date Mon, 22 Jun 2015 21:51:00 GMT

     [ https://issues.apache.org/jira/browse/HIVE-8190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Naveen Gangam resolved HIVE-8190.
---------------------------------
       Resolution: Fixed
    Fix Version/s: 2.0.0
                   1.3.0
     Hadoop Flags: Reviewed

A more general fix for this issue has been included in HIVE-7193 that add filter support for
LDAP user and groups. Users can configure the following properties to indicate multiple patterns(COMMA-separated)
for DNs where users/groups can be located in LDAP.
hive.server2.authentication.ldap.groupDNPattern
hive.server2.authentication.ldap.userDNPattern

ex: uid=%s,ou=Users,DC=domain,DC=com:CN=%s,CN=Users,DC=domain,DC=com
uid=%s,ou=Groups,DC=domain,DC=com:CN=%s,CN=Groups,DC=domain,DC=com

Please provide any feedback you have on the new features. Thanks

> LDAP user match for authentication on hiveserver2
> -------------------------------------------------
>
>                 Key: HIVE-8190
>                 URL: https://issues.apache.org/jira/browse/HIVE-8190
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authorization, Clients
>    Affects Versions: 0.13.1
>         Environment: Centos 6.5
>            Reporter: LINTE
>            Assignee: Naveen Gangam
>             Fix For: 1.3.0, 2.0.0
>
>
> Some LDAP has the user composant as CN and not UID.
> SO when you try to authenticate the LDAP authentication module of hive try to authenticate
with the following string :  
> uid=$login,basedn
> Some AD have user objects that are not uid but cn, so it is be important to personalize
the kind of objects that the authentication moduel look for in ldap.
> We can see an exemple in knox LDAP module configuration the parameter main.ldapRealm.userDnTemplate
can be configured to look for :
> uid : 'uid={0}, basedn'
> or cn : 'cn={0}, basedn'



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message