Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-14592

In LDAP authentication 'group filter' match should be case insensitive

Log workAgile BoardRank to TopRank to BottomAdd voteVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.0
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None

      Description

      Configure openLDAP server with following configurations(enable ldap, ldap URI, baseDN, userDNPattern, groupDNPattern and groupFilter). If the specified groupFilter case is different than the actual one in directory than Hive cannot find a match and errors out.

      Provided groupFilter value <groupTest>
      Actual group name in directory server - grouptest.

      Similar search works by using ldapsearch (ldap searches are case insensitive).

      Error message snippet -
      avax.security.sasl.AuthenticationException: Authentication failed: User not a member of listed groups]
      at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)

        Attachments

          Activity

          $i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users
          Cancel

            People

            • Assignee:
              kapilrastogi Kapil Rastogi Assign to me
              Reporter:
              kapilrastogi Kapil Rastogi

              Dates

              • Created:
                Updated:

                Issue deployment