Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
4.0.0-alpha-2
Description
Hive's LDAP auth configuration is home-baked and a bit specific to hive. This was by design intending to be as flexible as it can be for accommodating various LDAP implementations. But this does not necessarily make it easy to configure hive with such custom values for ldap filtering when most other components accept generic ldap filters, for example: search bind filters.
There has to be a layer of translation to have it configured. Instead we can enhance Hive to support generic search bind filters.
To support this, I am proposing adding NEW alternate configurations.
hive.server2.authentication.ldap.userSearchFilter
hive.server2.authentication.ldap.groupSearchFilter
hive.server2.authentication.ldap.groupBaseDN
Search bind filtering will also use EXISTING config param
hive.server2.authentication.ldap.baseDN
This is alternate configuration and will be used first if specified. So users can continue to use existing configuration as well. These changes should not interfere with existing configurations.
Attachments
Issue Links
- links to