You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Naveen Gangam (Jira)" <ji...@apache.org> on 2022/10/03 19:46:00 UTC
[jira] [Resolved] (HIVE-26502) Improve LDAP auth to support include generic user filters
[ https://issues.apache.org/jira/browse/HIVE-26502?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Naveen Gangam resolved HIVE-26502.
----------------------------------
Fix Version/s: 4.0.0
Resolution: Fixed
Fix has been merged to master. Thank you for the review [~dengzh]
> Improve LDAP auth to support include generic user filters
> ---------------------------------------------------------
>
> Key: HIVE-26502
> URL: https://issues.apache.org/jira/browse/HIVE-26502
> Project: Hive
> Issue Type: Improvement
> Components: HiveServer2
> Affects Versions: 4.0.0-alpha-1
> Reporter: Naveen Gangam
> Assignee: Naveen Gangam
> Priority: Major
> Fix For: 4.0.0
>
>
> Currently, Hive's ldap userfiltering is based on configuring a set of patterns in which wild cards are replaced by usernames and searched for. While this model supports advanced filtering options where a corporate ldap can have users in different orgs and trees, it does not quite support generic ldap searches like this.
> (&(uid={0})(objectClass=person))
> To be able to support this without making changes to the semantics of existing configuration params, and to be backward compatible, we can enhance the existing custom query functionality to support this.
> For with a configuration like this, we should be able to perform a search for user who uid matches the username being authenticated.
> {noformat}
> <property>
> <name>hive.server2.authentication.ldap.baseDN</name>
> <value>dc=apache,dc=org</value>
> </property>
> <property>
> <name>hive.server2.authentication.ldap.customLDAPQuery</name>
> <value>(&(uid={0})(objectClass=person))</value>
> </property>
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)