Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-8916

Handle user@domain username under LDAP authentication

Log workAgile BoardRank to TopRank to BottomVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.1.0
    • Component/s: Authentication
    • Labels:

      Description

      If LDAP is configured with multiple domains for authentication, users can be in different domains.

      Currently, LdapAuthenticationProviderImpl blindly appends the domain configured "hive.server2.authentication.ldap.Domain" to the username, which limits user to that domain. However, under multi-domain authentication, the username may already include the domain (ex: user@domain.foo.com). We should not append a domain if one is already present.

      Also, if username already includes the domain, rest of Hive and authorization providers still expects the "short name" ("user" and not "user@domain.foo.com") for looking up privilege rules, etc. As such, any domain info in the username should be stripped off.

        Attachments

        1. HIVE-8916.2.patch
          3 kB
          Mohit Sabharwal
        2. HIVE-8916.3.patch
          5 kB
          Mohit Sabharwal
        3. HIVE-8916.patch
          5 kB
          Mohit Sabharwal

        Issue Links

          Activity

          $i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users
          Cancel

            People

            • Assignee:
              mohitsabharwal Mohit Sabharwal Assign to me
              Reporter:
              mohitsabharwal Mohit Sabharwal

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment