hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hive QA (JIRA)" <>
Subject [jira] [Commented] (HIVE-15076) Improve scalability of LDAP authentication provider group filter
Date Thu, 08 Dec 2016 09:30:58 GMT


Hive QA commented on HIVE-15076:

Here are the results of testing the latest attachment:

{color:green}SUCCESS:{color} +1 due to 6 test(s) being added or modified.

{color:red}ERROR:{color} -1 due to 9 failed/errored test(s), 10805 tests executed
*Failed tests:*
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[sample2] (batchId=5)
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[sample4] (batchId=15)
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[sample6] (batchId=61)
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[sample7] (batchId=60)
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[sample9] (batchId=38)
org.apache.hadoop.hive.cli.TestMiniLlapCliDriver.testCliDriver[orc_ppd_basic] (batchId=132)
org.apache.hadoop.hive.cli.TestMiniLlapCliDriver.testCliDriver[transform_ppr2] (batchId=134)
org.apache.hadoop.hive.cli.TestMiniTezCliDriver.testCliDriver[explainanalyze_2] (batchId=92)

Test results:
Console output:
Test logs:

Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 9 tests failed

This message is automatically generated.

ATTACHMENT ID: 12842254 - PreCommit-HIVE-Build

> Improve scalability of LDAP authentication provider group filter
> ----------------------------------------------------------------
>                 Key: HIVE-15076
>                 URL:
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authentication
>    Affects Versions: 2.1.0
>            Reporter: Illya Yalovyy
>            Assignee: Illya Yalovyy
>         Attachments: HIVE-15076.1.patch, HIVE-15076.2.patch, HIVE-15076.3.patch
> Current implementation uses following algorithm:
> #   For a given user find all groups that user is a member of. (A list of LDAP groups
is constructed as a result of that request)
> #  Match this list of groups with provided group filter.
> Time/Memory complexity of this approach is O(N) on client side, where N – is a number
of groups the user has membership in. On a large directory (800+ groups per user) we can observe
up to 2x performance degradation and failures because of size of LDAP response (LDAP: error
code 4 - Sizelimit Exceeded).
> Some Directory Services (Microsoft Active Directory for instance) provide a virtual attribute
for User Object that contains a list of groups that user belongs to. This attribute can be
used to quickly determine whether this user passes or fails the group filter.   

This message was sent by Atlassian JIRA

View raw message