You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Lefty Leverenz (JIRA)" <ji...@apache.org> on 2016/01/19 00:15:39 UTC
[jira] [Commented] (HIVE-12885) LDAP Authenticator improvements
[ https://issues.apache.org/jira/browse/HIVE-12885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15105941#comment-15105941 ]
Lefty Leverenz commented on HIVE-12885:
---------------------------------------
Little nit: For the description of *hive.server2.authentication.ldap.guidKey*, please make ldap all-caps in "ldap server".
{code}
+ "LDAP attribute name whose values are unique in this ldap server.\n" +
+ "For example: uid or CN."),
{code}
> LDAP Authenticator improvements
> -------------------------------
>
> Key: HIVE-12885
> URL: https://issues.apache.org/jira/browse/HIVE-12885
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 1.1.0
> Reporter: Naveen Gangam
> Assignee: Naveen Gangam
> Attachments: HIVE-12885.patch
>
>
> Currently Hive's LDAP Atn provider assumes certain defaults to keep its configuration simple.
> 1) One of the assumptions is the presence of an attribute "distinguishedName". In certain non-standard LDAP implementations, this attribute may not be available. So instead of basing all ldap searches on this attribute, getNameInNamespace() returns the same value. So this API is to be used instead.
> 2) It also assumes that the "user" value being passed in, will be able to bind to LDAP. However, certain LDAP implementations, by default, only allow the full DN to be used, just short user names are not permitted. We will need to be able to support short names too when hive configuration only has "BaseDN" specified (not userDNPatterns). So instead of hard-coding "uid" or "CN" as keys for the short usernames, it probably better to make this a configurable parameter.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)