Return-Path: 
 <user-return-16842-apmail-hive-user-archive=hive.apache.org@hive.apache.org>
X-Original-To: apmail-hive-user-archive@www.apache.org
Delivered-To: apmail-hive-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 847801169F
	for <apmail-hive-user-archive@www.apache.org>;
 Tue,  8 Jul 2014 00:57:31 +0000 (UTC)
Received: (qmail 98384 invoked by uid 500); 8 Jul 2014 00:57:29 -0000
Delivered-To: apmail-hive-user-archive@hive.apache.org
Received: (qmail 98310 invoked by uid 500); 8 Jul 2014 00:57:29 -0000
Mailing-List: contact user-help@hive.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@hive.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@hive.apache.org>
List-Post: <mailto:user@hive.apache.org>
List-Id: <user.hive.apache.org>
Reply-To: user@hive.apache.org
Delivered-To: mailing list user@hive.apache.org
Received: (qmail 98298 invoked by uid 99); 8 Jul 2014 00:57:29 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Jul 2014 00:57:29 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of venkavis@gmail.com designates
 209.85.216.178 as permitted sender)
Received: from [209.85.216.178] (HELO mail-qc0-f178.google.com)
 (209.85.216.178)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Jul 2014 00:57:26 +0000
Received: by mail-qc0-f178.google.com with SMTP id i17so313538qcy.23
        for <user@hive.apache.org>; Mon, 07 Jul 2014 17:57:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=mT/TlISQMqtKQXTwv2vCvIEAT8wzdU9L+YT+yqvMIRc=;
        b=V2bK8LlAw9SO4DJS9JzWv7rNyKK3RuhlauvOILlAKJQ/hwaW4zRezp4Wi31t8UMIvq
         1nJhVLTKw0qJmDr+r+2b/2xW1N1bUniRKbvpqFKT/LKPhvPQhN5FfBLuvWkw9BicUve/
         k/0gnaA8++JBp8xttxdYqsgiJNcHce4cyS3obeXVR0o1qRhkDJ3WP9xL42J15xIApUOa
         E8Zsl/Q3k5736dAHNA38QCfDkN73SKMsN3viLJCuZAcn3WkGKDsYEFqfTSzArUAAK680
         zTZtZwxkvkKwFhLWFCwhF7eggQdV0Sm1L+G/pIk7AUa5u6yeIYvY4b3q30jW9/yGe+y7
         9sUw==
MIME-Version: 1.0
X-Received: by 10.140.104.161 with SMTP id a30mr51965979qgf.19.1404781021654;
 Mon, 07 Jul 2014 17:57:01 -0700 (PDT)
Received: by 10.96.139.193 with HTTP; Mon, 7 Jul 2014 17:57:01 -0700 (PDT)
Date: Mon, 7 Jul 2014 17:57:01 -0700
Message-ID: 
 <CAODPXVORAAmcxZq5CAXjLXwus1qgeV4a+=g4QLsOvo9Gy7f-qA@mail.gmail.com>
Subject: Issues configuring LDAP on Hive server 2
From: Venkat V <venkavis@gmail.com>
To: user@hive.apache.org
Content-Type: multipart/alternative; boundary=001a11354864c875cd04fda41127
X-Virus-Checked: Checked by ClamAV on apache.org

--001a11354864c875cd04fda41127
Content-Type: text/plain; charset=UTF-8

Hi Users/Developers/Committers

We use Amazons EMR for our Hadoop needs.
We needed to configure LDAP for HiveServer2 so that only a specific set of
users in LDAP say like Groups=HiveUser. We are unable to configure this.

Our LDAP URL definition is ignored by the hive server and allows any valid
LDAP user in my company to use it. For example it ignores all parameters
after the PortNumber.

The only working configuration is as below.

<property><name>hive.server2.authentication</name><value>LDAP</value></property>

<property><name>hive.server2.authentication.ldap.url</name><value>ldap://adsi.mycompany:3268/</value></property>

 If I add any further filter like below it ignores it
<value>ldap://adsi.mycompany:3268/Groups=HiveUsers</value></property>

Is this the feature or the limited support for LDAP? Or is there any ways
to configure.

We dont have LDAP and we use ActiveDirectory.

Appreciate the support.

-- 
Venkat V

--001a11354864c875cd04fda41127
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span style=3D"font-family:arial,sans-serif;font-size:13px=
">Hi Users/Developers/</span><font face=3D"arial, sans-serif">Committers</f=
ont><div style=3D"font-family:arial,sans-serif;font-size:13px"><div><br></d=
iv><div>
We use Amazons EMR for our Hadoop needs.</div><div>We needed to configure L=
DAP for HiveServer2 so that only a specific set of users in LDAP say like G=
roups=3DHiveUser. We are unable to configure this.</div><div><br></div><div=
>
Our LDAP URL definition is ignored by the hive server and allows any valid =
LDAP user in my company to use it. For example it ignores all parameters af=
ter the PortNumber.</div><div><br></div><div>The only working configuration=
 is as below.</div>
<div>







<p class=3D"">&lt;property&gt;&lt;name&gt;hive.server2.authentication&lt;/n=
ame&gt;&lt;value&gt;LDAP&lt;/value&gt;&lt;/property&gt;</p>
<p class=3D"">&lt;property&gt;&lt;name&gt;hive.server2.authentication.ldap.=
url&lt;/name&gt;&lt;value&gt;ldap://adsi.mycompany:3268/&lt;/value&gt;&lt;/=
property&gt;</p>
<p class=3D"">=C2=A0If I add any further filter like below it ignores it</p=
></div><div>&lt;value&gt;ldap://adsi.mycompany:3268/Groups=3DHiveUsers&lt;/=
value&gt;&lt;/property&gt;<br></div><div><br></div><div>Is this the feature=
 or the limited support for LDAP? Or is there any ways to configure.</div>
<div><br></div><div>We dont have LDAP and we use ActiveDirectory.</div><div=
><br></div><div>Appreciate the support.</div></div><div><br></div>-- <br>Ve=
nkat V
</div>

--001a11354864c875cd04fda41127--