Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-8190

LDAP user match for authentication on hiveserver2

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.13.1
    • Fix Version/s: 1.3.0, 2.0.0
    • Component/s: Authorization, Clients
    • Labels:
      None
    • Environment:

      Centos 6.5

    • Hadoop Flags:
      Reviewed

      Description

      Some LDAP has the user composant as CN and not UID.

      SO when you try to authenticate the LDAP authentication module of hive try to authenticate with the following string :

      uid=$login,basedn

      Some AD have user objects that are not uid but cn, so it is be important to personalize the kind of objects that the authentication moduel look for in ldap.

      We can see an exemple in knox LDAP module configuration the parameter main.ldapRealm.userDnTemplate can be configured to look for :

      uid : 'uid=

      {0}, basedn'

      or cn : 'cn={0}

      , basedn'

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ngangam Naveen Gangam
                Reporter:
                Alexandre LINTE LINTE
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: