hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naveen Gangam (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-13035) Enable Hive Server 2 to use a LDAP user and group search filters (RFC 2254).
Date Wed, 10 Feb 2016 18:25:18 GMT

    [ https://issues.apache.org/jira/browse/HIVE-13035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15141392#comment-15141392
] 

Naveen Gangam commented on HIVE-13035:
--------------------------------------

This would require us to use a separate bind DN than the user being authenticated. So the
LDAP bind occurs with a a specific user everytime and the authenticating users will be found
using a ldap search based on configurable keys.
This is probably a better approach the Atn provider is a service with the same lifecycle as
the hive server2. However, this requires additional configuration that includes adding a password
value(password for the bind user) to an external system like LDAP in the hive-site.xml. This
concerns me.

> Enable Hive Server 2 to use a LDAP user and group search filters (RFC 2254).
> ----------------------------------------------------------------------------
>
>                 Key: HIVE-13035
>                 URL: https://issues.apache.org/jira/browse/HIVE-13035
>             Project: Hive
>          Issue Type: New Feature
>          Components: HiveServer2
>    Affects Versions: 1.2.1
>            Reporter: Robert Justice
>            Assignee: Vaibhav Gumashta
>              Labels: feature
>
> In some AD configurations, user's may wish to authenticate with a attribute other than
sAMAccountName such as uid=, which may not match and cause confusion.   If LDAP user and group
search filters existed, (e.g. (uid={0})) this would allow for such configurations.
> https://www.rfc-editor.org/rfc/rfc2254.txt



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message