Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
Impala 4.0.0
-
None
-
None
-
ghx-label-11
Description
IMPALA-2563 added support for user and group filter on LDAP, with options modeled after those in Hive, but they are somewhat restrictive - only allowing specifying particular parts of the LDAP search filter used.
There are additional, more general ldap filter options that Impala should also support which allow for specifying arbitrary search filters. This for example would enable an LDAP configuration where the authenticated usernames are not part of the user's DN.
We should model these configs after equivalent options in HDFS, see in particular 'hadoop.security.group.mapping.ldap.search.filter.user' and 'hadoop.security.group.mapping.ldap.search.filter.group'