[
https://issues.apache.org/jira/browse/IMPALA-10161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on IMPALA-10161 started by Tamas Mate.
-------------------------------------------
> User LDAP search bind support
> -----------------------------
>
> Key: IMPALA-10161
> URL: https://issues.apache.org/jira/browse/IMPALA-10161
> Project: IMPALA
> Issue Type: Improvement
> Components: Backend, Security
> Affects Versions: Impala 3.4.0
> Reporter: Tamas Mate
> Assignee: Tamas Mate
> Priority: Major
>
> Currently Impala only supports simple direct bind mechanism to authenticate a
> user. While other components allow the administrators to specify a user
> search base dn and an administrator bind dn and bind password to search for
> the user under the user search base directory.
> This method is especially useful for larger organizations where the directory
> structure is wide. Given the following two FQDNs:
> {code:java}
> uid=alice,ou=Engineering,ou=People,dc=mycompany,dc=com
> uid=bob,ou=Accounting,ou=People,dc=mycompany,dc=com
> {code}
> In case the administrator would like to allow both Engineering and Accounting
> users to authenticate neither the ldap_baseDN nor the ldap_bind_pattern
> configuration could give the flexibility to authenticate correctly.
> * ldap_baseDN takes the configured baseDN and prefixes it with _uid=<userid>_
> * ldap_bind_pattern gives the option to specify a pattern with a parameter
> such as _user=#UID,OU=foo,CN=bar_
> The convenient solution would be to specify a base dn and execute a search
> under it instead of prefixing it with uid, because this depends on the LDAP
> directory structure.
> LDAP search has already been implemented for groups, this should be
> implemented for users as well.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
