Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-14592

In LDAP authentication 'group filter' match should be case insensitive

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.0
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None

      Description

      Configure openLDAP server with following configurations(enable ldap, ldap URI, baseDN, userDNPattern, groupDNPattern and groupFilter). If the specified groupFilter case is different than the actual one in directory than Hive cannot find a match and errors out.

      Provided groupFilter value <groupTest>
      Actual group name in directory server - grouptest.

      Similar search works by using ldapsearch (ldap searches are case insensitive).

      Error message snippet -
      avax.security.sasl.AuthenticationException: Authentication failed: User not a member of listed groups]
      at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)

        Attachments

          Activity

            People

            • Assignee:
              kapilrastogi Kapil Rastogi
              Reporter:
              kapilrastogi Kapil Rastogi
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: