hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naveen Gangam (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-12885) LDAP Authenticator improvements
Date Tue, 19 Jan 2016 04:59:39 GMT

    [ https://issues.apache.org/jira/browse/HIVE-12885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15106246#comment-15106246
] 

Naveen Gangam commented on HIVE-12885:
--------------------------------------

The test failures do not appear related to the change.

> LDAP Authenticator improvements
> -------------------------------
>
>                 Key: HIVE-12885
>                 URL: https://issues.apache.org/jira/browse/HIVE-12885
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 1.1.0
>            Reporter: Naveen Gangam
>            Assignee: Naveen Gangam
>         Attachments: HIVE-12885.patch
>
>
> Currently Hive's LDAP Atn provider assumes certain defaults to keep its configuration
simple. 
> 1) One of the assumptions is the presence of an attribute "distinguishedName". In certain
non-standard LDAP implementations, this attribute may not be available. So instead of basing
all ldap searches on this attribute, getNameInNamespace() returns the same value. So this
API is to be used instead.
> 2) It also assumes that the "user" value being passed in, will be able to bind to LDAP.
However, certain LDAP implementations, by default, only allow the full DN to be used, just
short user names are not permitted. We will need to be able to support short names too when
hive configuration only has "BaseDN" specified (not userDNPatterns). So instead of hard-coding
"uid" or "CN" as keys for the short usernames, it probably better to make this a configurable
parameter.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message