hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hive QA (JIRA)" <>
Subject [jira] [Commented] (HIVE-14513) Enhance custom query feature in LDAP atn to support resultset of ldap groups
Date Thu, 11 Aug 2016 17:29:20 GMT


Hive QA commented on HIVE-14513:

Here are the results of testing the latest attachment:

{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.

{color:red}ERROR:{color} -1 due to 3 failed/errored test(s), 10408 tests executed
*Failed tests:*
TestMsgBusConnection - did not produce a TEST-*.xml file
TestQueryLifeTimeHook - did not produce a TEST-*.xml file

Test results:
Console output:
Test logs:

Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 3 tests failed

This message is automatically generated.

ATTACHMENT ID: 12823145 - PreCommit-HIVE-MASTER-Build

> Enhance custom query feature in LDAP atn to support resultset of ldap groups
> ----------------------------------------------------------------------------
>                 Key: HIVE-14513
>                 URL:
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 1.0.0
>            Reporter: Naveen Gangam
>            Assignee: Naveen Gangam
>         Attachments: HIVE-14513.patch
> LDAP Authenticator can be configured to use a result set from a LDAP query to authenticate.
However, is it expected that this LDAP query would only result a set of users (aka full DNs
for the users in LDAP).
> However, its not always straightforward to be able to author queries that return users.
For example, say you would like to allow "all users from group1 and group2" to be authenticated.
The LDAP query has to return a union of all members of the group1 and group2.
> For example, one common configuration is that groups contain a list of its users
>       "dn: uid=group1,ou=Groups,dc=example,dc=com",
>       "distinguishedName: uid=group1,ou=Groups,dc=example,dc=com",
>       "objectClass: top",
>       "objectClass: groupOfNames",
>       "objectClass: ExtensibleObject",
>       "cn: group1",
>       "ou: Groups",
>       "sn: group1",
>       "member: uid=user1,ou=People,dc=example,dc=com",
> The query 
> {{(&(objectClass=groupOfNames)(|(cn=group1)(cn=group2)))}}
> will return the entries
> uid=group1,ou=Groups,dc=example,dc=com
> uid=group2,ou=Groups,dc=example,dc=com
> but there is no means to form a query that would return just the values of "member" attributes.
(ldap client tools are able to do by filtering out the attributes on these entries.
> So it will be useful to have such support to be able to specify queries that return groups.

This message was sent by Atlassian JIRA

View raw message