Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-8916

Handle user@domain username under LDAP authentication

Log workAgile BoardRank to TopRank to BottomBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.1.0
    • Authentication

    Description

      If LDAP is configured with multiple domains for authentication, users can be in different domains.

      Currently, LdapAuthenticationProviderImpl blindly appends the domain configured "hive.server2.authentication.ldap.Domain" to the username, which limits user to that domain. However, under multi-domain authentication, the username may already include the domain (ex: user@domain.foo.com). We should not append a domain if one is already present.

      Also, if username already includes the domain, rest of Hive and authorization providers still expects the "short name" ("user" and not "user@domain.foo.com") for looking up privilege rules, etc. As such, any domain info in the username should be stripped off.

      Attachments

        1. HIVE-8916.2.patch
          3 kB
          Mohit Sabharwal
        2. HIVE-8916.3.patch
          5 kB
          Mohit Sabharwal
        3. HIVE-8916.patch
          5 kB
          Mohit Sabharwal

        Issue Links

        is related to

        Bug - A problem which impairs or prevents the functions of the product. SENTRY-540 Fix Sentry test validating special chars in username due to HIVE-8916

        • Major - Major loss of function.
        • Resolved
        relates to

        Bug - A problem which impairs or prevents the functions of the product. HIVE-4707 Support configurable domain name for HiveServer2 LDAP authentication using Active Directory

        • Major - Major loss of function.
        • Closed
        links to

        Web Link review board

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            mohitsabharwal Mohit Sabharwal Assign to me
            mohitsabharwal Mohit Sabharwal
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment