You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2019/04/05 00:46:42 UTC
[GitHub] [incubator-druid] jon-wei commented on issue #6972: Support LDAP
authentication/authorization
jon-wei commented on issue #6972: Support LDAP authentication/authorization
URL: https://github.com/apache/incubator-druid/pull/6972#issuecomment-480112099
@mohammadjkhan
Regarding my earlier comment (https://github.com/apache/incubator-druid/pull/6972#issuecomment-477778052), after more thought I feel it would be better to split LDAP into a separate contrib extension and leave the existing basic auth extension unchanged.
* The authenticator only shares the minimal "check password" logic
* The authorizer is currently written to shared the role definitions with the basic auth extension, but I think it would be better to have LDAP be the sole source of truth for users/groups/roles/permissions for the LDAP implementation, instead of a mixed model where some information is kept in the Druid metadata store.
* I think it's likely that the LDAP implementations will evolve over time with more features (maybe some are very specific to LDAP), and separating it into its own extension will give us more freedom to build upon it without affecting the basic auth extension.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org