ayushbilala opened a new issue, #16971:
URL: https://github.com/apache/pinot/issues/16971
Pinot currently lacks built-in LDAP/Active Directory authentication support
for securing Broker and Controller REST APIs. This feature request proposes
adding configurable LDAP authentication to enable enterprise integration with
existing directory services.
## Problem Statement
Organizations using Apache Pinot need to:
1. Integrate with existing LDAP/Active Directory infrastructure
2. Authenticate users accessing Pinot Query Console and REST APIs
3. Secure broker query endpoints and controller management APIs
4. Support standard Basic Authentication with LDAP backend validation
Currently, Pinot has limited authentication options, making it challenging
for enterprises to deploy Pinot in environments with strict security
requirements.
## Backward Compatibility
- **Fully backward compatible**: Existing deployments without LDAP config
continue to work
- **Opt-in feature**: Only enabled when `authentication.factory.class` is
configured
- **No breaking changes**: All changes are additive, no modifications to
existing APIs
## Future Enhancements (Not in Initial PR)
This feature lays the groundwork for future authentication/authorization
enhancements:
1. **RBAC Authorization** (Separate PR)
- File-based authorization policies
- Table-level permissions
- Endpoint-level access control
2. **UI Session Management** (Separate PR)
- Browser session persistence
- Auto-restore on page refresh
4. **Advanced Features** (Future)
- OAuth/OIDC support
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
