Return-Path: X-Original-To: apmail-hive-issues-archive@minotaur.apache.org Delivered-To: apmail-hive-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5954F18217 for ; Thu, 4 Feb 2016 16:48:46 +0000 (UTC) Received: (qmail 42607 invoked by uid 500); 4 Feb 2016 16:48:40 -0000 Delivered-To: apmail-hive-issues-archive@hive.apache.org Received: (qmail 42582 invoked by uid 500); 4 Feb 2016 16:48:40 -0000 Mailing-List: contact issues-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list issues@hive.apache.org Received: (qmail 42547 invoked by uid 99); 4 Feb 2016 16:48:40 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Feb 2016 16:48:40 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id D46BC2C1F5B for ; Thu, 4 Feb 2016 16:48:39 +0000 (UTC) Date: Thu, 4 Feb 2016 16:48:39 +0000 (UTC) From: "Chaoyu Tang (JIRA)" To: issues@hive.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HIVE-12885) LDAP Authenticator improvements MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HIVE-12885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15132555#comment-15132555 ] Chaoyu Tang commented on HIVE-12885: ------------------------------------ Chatted with Naveen offline in details about the implementation. It seems that he has covered all the cases so far we have run into and addressed the known backward compatibility issues. +1 > LDAP Authenticator improvements > ------------------------------- > > Key: HIVE-12885 > URL: https://issues.apache.org/jira/browse/HIVE-12885 > Project: Hive > Issue Type: Bug > Components: HiveServer2 > Affects Versions: 1.1.0 > Reporter: Naveen Gangam > Assignee: Naveen Gangam > Attachments: HIVE-12885.2.patch, HIVE-12885.3.patch, HIVE-12885.patch > > > Currently Hive's LDAP Atn provider assumes certain defaults to keep its configuration simple. > 1) One of the assumptions is the presence of an attribute "distinguishedName". In certain non-standard LDAP implementations, this attribute may not be available. So instead of basing all ldap searches on this attribute, getNameInNamespace() returns the same value. So this API is to be used instead. > 2) It also assumes that the "user" value being passed in, will be able to bind to LDAP. However, certain LDAP implementations, by default, only allow the full DN to be used, just short user names are not permitted. We will need to be able to support short names too when hive configuration only has "BaseDN" specified (not userDNPatterns). So instead of hard-coding "uid" or "CN" as keys for the short usernames, it probably better to make this a configurable parameter. -- This message was sent by Atlassian JIRA (v6.3.4#6332)