-
Type:
New Feature
-
Status: Open
-
Priority:
Blocker
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Authentication (log-in), Authorization (access control) , Realms
-
Labels:None
-
Environment:HDP 2.6 + Kerberos + AD LDAP multi-domain forest
Feature Request to add principal mapping rules similar to Hadoop's auth_to_local.
This will allow munging pincipals and rule based remappings to differentiate duplicate users in multi-domain Active Directory forests where the LDAP results returned from the global catalog include duplicate usernames which need to be translated with a prefix/suffix in order to differentiate between domains to prevent users from different domains sharing logins, permissions etc.
- depends upon
-
SHIRO-465 Support externalized principal mapping in AuthenticatingRealm and ModularRealmAuthenticator
-
- Open
-
- is depended upon by
-
ZEPPELIN-2794 User/group mapping rules similar to Hadoop's auth_to_local
-
- Open
-
- relates to
-
SHIRO-465 Support externalized principal mapping in AuthenticatingRealm and ModularRealmAuthenticator
-
- Open
-