[jira] [Resolved] (HIVE-26502) Improve LDAP auth to support include generic user filters

["Naveen Gangam (Jira)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/HIVE-26502?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Naveen Gangam resolved HIVE-26502.
----------------------------------
    Fix Version/s: 4.0.0
       Resolution: Fixed

Fix has been merged to master. Thank you for the review [~dengzh]

> Improve LDAP auth to support include generic user filters
> ---------------------------------------------------------
>
>                 Key: HIVE-26502
>                 URL: https://issues.apache.org/jira/browse/HIVE-26502
>             Project: Hive
>          Issue Type: Improvement
>          Components: HiveServer2
>    Affects Versions: 4.0.0-alpha-1
>            Reporter: Naveen Gangam
>            Assignee: Naveen Gangam
>            Priority: Major
>             Fix For: 4.0.0
>
>
> Currently, Hive's ldap userfiltering is based on configuring a set of patterns in which wild cards are replaced by usernames and searched for. While this model supports advanced filtering options where a corporate ldap can have users in different orgs and trees, it does not quite support generic ldap searches like this.
> (&(uid={0})(objectClass=person))
> To be able to support this without making changes to the semantics of existing configuration params, and to be backward compatible, we can enhance the existing custom query functionality to support this.
> For with a configuration like this, we should be able to perform a search for user who uid matches the username being authenticated.
> {noformat}
>   <property>
>     <name>hive.server2.authentication.ldap.baseDN</name>
>     <value>dc=apache,dc=org</value>
>   </property>
>   <property>
>     <name>hive.server2.authentication.ldap.customLDAPQuery</name>
>     <value>(&(uid={0})(objectClass=person))</value>
>   </property>
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)