-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 1.1.0
-
Component/s: Authentication
-
Labels:
If LDAP is configured with multiple domains for authentication, users can be in different domains.
Currently, LdapAuthenticationProviderImpl blindly appends the domain configured "hive.server2.authentication.ldap.Domain" to the username, which limits user to that domain. However, under multi-domain authentication, the username may already include the domain (ex: user@domain.foo.com). We should not append a domain if one is already present.
Also, if username already includes the domain, rest of Hive and authorization providers still expects the "short name" ("user" and not "user@domain.foo.com") for looking up privilege rules, etc. As such, any domain info in the username should be stripped off.
- is related to
-
SENTRY-540 Fix Sentry test validating special chars in username due to HIVE-8916
-
- Resolved
-
- relates to
-
HIVE-4707 Support configurable domain name for HiveServer2 LDAP authentication using Active Directory
-
- Closed
-
- links to