You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/04/01 03:06:00 UTC
[jira] [Commented] (IMPALA-2563) Support LDAP search bind
operations
[ https://issues.apache.org/jira/browse/IMPALA-2563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17072339#comment-17072339 ]
ASF subversion and git services commented on IMPALA-2563:
---------------------------------------------------------
Commit 4e6780ebf1dfa90aea01b3e35d3dc9ceb100eaee in impala's branch refs/heads/master from Thomas Tauber-Marshall
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=4e6780e ]
IMPALA-2563: Support LDAP search bind operations
This patch adds a number of new options for controlling LDAP
by restricting authentication to particular users and/or members of
particular groups:
--ldap_group_filter: comma separated list of authorized groups
--ldap_user_filter: comma separated list of authorized users
There are also options to control how LDAP is searched when applying
these filters:
--ldap_group_dn_pattern
--ldap_group_membership_key
--ldap_group_membership_class
These options were modelled on equivalent options in Hive, see:
https://cwiki.apache.org/confluence/display/Hive/User+and+Group+Filter+Support+with+LDAP+Atn+Provider+in+HiveServer2
https://github.com/apache/hive/tree/master/service/src/java/org/apache/hive/service/auth/ldap
This patch also refactors LDAP related functionality into a utility
class, both to make authentication.cc more manageable and to
facilitate follow up work that will add LDAP authentication options
for the webserver.
Testing:
- Added a FE custom cluster test that sets --ldap_group_filter and
--ldap_user_filter and verifies expected behavior.
Change-Id: I7502a96e9a3c16faa67c03ffac54df2bdebbca8c
Reviewed-on: http://gerrit.cloudera.org:8080/15570
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
> Support LDAP search bind operations
> -----------------------------------
>
> Key: IMPALA-2563
> URL: https://issues.apache.org/jira/browse/IMPALA-2563
> Project: IMPALA
> Issue Type: Improvement
> Components: Security
> Affects Versions: Impala 2.2.4
> Reporter: Mike Yoder
> Assignee: Thomas Tauber-Marshall
> Priority: Minor
> Labels: security
>
> Today Impala supports a simple direct bind model. This improvement jira is to bring Impala's LDAP model to be in line with Hive's. Please see in particular https://issues.apache.org/jira/browse/HIVE-7193 and https://cwiki.apache.org/confluence/display/Hive/User+and+Group+Filter+Support+with+LDAP+Atn+Provider+in+HiveServer2.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org