Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-27311

Improve LDAP auth to support generic search bind authentication

    XMLWordPrintableJSON

Details

    Description

      Hive's LDAP auth configuration is home-baked and a bit specific to hive. This was by design intending to be as flexible as it can be for accommodating various LDAP implementations. But this does not necessarily make it easy to configure hive with such custom values for ldap filtering when most other components accept generic ldap filters, for example: search bind filters.

      There has to be a layer of translation to have it configured. Instead we can enhance Hive to support generic search bind filters.

      To support this, I am proposing adding NEW alternate configurations.
      hive.server2.authentication.ldap.userSearchFilter
      hive.server2.authentication.ldap.groupSearchFilter
      hive.server2.authentication.ldap.groupBaseDN

      Search bind filtering will also use EXISTING config param
      hive.server2.authentication.ldap.baseDN

      This is alternate configuration and will be used first if specified. So users can continue to use existing configuration as well. These changes should not interfere with existing configurations.

      Attachments

        Issue Links

          Activity

            People

              ngangam Naveen Gangam
              ngangam Naveen Gangam
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h 40m
                  2h 40m