Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-7193

Hive should support additional LDAP authentication parameters

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.10.0
    • 1.3.0, 2.0.0
    • None
    • None

    Description

      Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2:

      <property> 
  <name>hive.server2.authentication</name> 
  <value>LDAP</value> 
</property> 
<property> 
  <name>hive.server2.authentication.ldap.url</name> 
  <value>ldap://our_ldap_address</value> 
</property>

      We need to include other LDAP properties as part of hive-LDAP authentication like below:

      a group search base -> dc=domain,dc=com 
a group search filter -> member={0} 
a user search base -> dc=domain,dc=com 
a user search filter -> sAMAAccountName={0} 
a list of valid user groups -> group1,group2,group3

      Attachments

        1. LDAPAuthentication_Design_Doc.docx
          126 kB
          Naveen Gangam
        2. LDAPAuthentication_Design_Doc_V2.docx
          130 kB
          Naveen Gangam
        3. HIVE-7193.patch
          27 kB
          Naveen Gangam
        4. HIVE-7193.6.patch
          23 kB
          Naveen Gangam
        5. HIVE-7193.5.patch
          23 kB
          Naveen Gangam
        6. HIVE-7193.4.patch
          23 kB
          Naveen Gangam
        7. HIVE-7193.3.patch
          25 kB
          Naveen Gangam
        8. HIVE-7193.2.patch
          27 kB
          Naveen Gangam

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. HIVE-12007 Hive LDAP Authenticator should allow just Domain without baseDN (for AD)

          • Major - Major loss of function.
          • Closed
          contains

          Bug - A problem which impairs or prevents the functions of the product. HIVE-9880 Support configurable username attribute for HiveServer2 LDAP authentication

          • Major - Major loss of function.
          • Closed
          is depended upon by

          Bug - A problem which impairs or prevents the functions of the product. HIVE-6026 Ldap Authenticator should be more generic with BindDN

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. HIVE-8190 LDAP user match for authentication on hiveserver2

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. HIVE-11512 Hive LDAP Authenticator should also support full DN in Authenticate()

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. HIVE-12885 LDAP Authenticator improvements

          • Major - Major loss of function.
          • Closed
          is required by

          Test - A new unit, integration or system test. HIVE-12079 Add units tests for HiveServer2 LDAP filters added in HIVE-7193

          • Major - Major loss of function.
          • Closed

          Activity

            People

              ngangam Naveen Gangam
              mkempanna Mala Chikka Kempanna
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: