Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-2794

User/group mapping rules similar to Hadoop's auth_to_local

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Blocker
    • Resolution: Unresolved
    • 0.7.0
    • None
    • Core
    • None

    • HDP 2.6 + Kerberos + AD LDAP multi-domain forest

    Description

      Feature Request to add user/group mapping rules similar to Hadoop's auth_to_local.

      This will allow munging users/groups and rule based remappings to differentiate duplicate users in multi-domain Active Directory forests where the LDAP results returned from the global catalog include duplicate usernames which need to be translated with a prefix/suffix in order to differentiate between domains to prevent users from different domains sharing logins, permissions etc.

      I understand that Shiro is responsible for this integration and have raised SHIRO-631, but thought I'd create this top level Zeppelin ticket to track Zeppelin's ability to support this scenario as it'll need to upgrade to a later Shiro version when Shiro supports this.

      Attachments

        Issue Links

          depends upon

          New Feature - A new feature of the product, which has yet to be developed. SHIRO-631 Principal mapping rules similar to Hadoop's auth_to_local

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            People

              Unassigned Unassigned
              harisekhon Hari Sekhon
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: