[
https://issues.apache.org/jira/browse/HBASE-27693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17705182#comment-17705182
]
Yash Dodeja edited comment on HBASE-27693 at 3/27/23 5:25 AM:
--------------------------------------------------------------
In this patch, tried to bring in Hadoop's authentication filter initializer to
HBase. This helps initialize AuthenticationFilter and use
LdapAuthenticationHandler in the HBase ecosystem. Tried testing on a cluster
after setting the following configurations in hbase-site:
*hbase.security.authentication.ui = ldap*
*hbase.http.filter.initializers* =
*org.apache.hadoop.hbase.http.AuthenticationFilterInitializer*
Also, had to set the following hadoop related/inherited configurations in
hbase-site:
*hadoop.http.authentication.type = ldap*
*hadoop.http.authentication.ldap.binddomain = EXAMPLE.COM*
*hadoop.http.authentication.ldap.providerurl = ldap://ldap-server-host:8920*
*hadoop.http.authentication.ldap.enablestarttls = false*
Added the same in the Web Security documentation in the patch. On testing the
above setup, observed that HBase Web UI shows a popup asking for LDAP login in
order to access the UI.
A screenshot for the same shown in Safari browser is attached: !Screenshot
2023-03-27 at 10.53.26 AM.png!
was (Author: JIRAUSER299009):
In this patch, tried to bring in Hadoop's authentication filter initializer to
HBase. This helps initialize AuthenticationFilter and use
LdapAuthenticationHandler in the HBase ecosystem. Tried testing on a cluster
after setting the following configurations in hbase-site:
*hbase.security.authentication.ui = ldap*
*hbase.http.filter.initializers* =
*org.apache.hadoop.hbase.http.AuthenticationFilterInitializer*
Also, had to set the following hadoop related/inherited configurations in
hbase-site:
*hadoop.http.authentication.type = ldap*
*hadoop.http.authentication.ldap.binddomain = EXAMPLE.COM*
*hadoop.http.authentication.ldap.providerurl = ldap://ldap-server-host:8920*
*hadoop.http.authentication.ldap.enablestarttls = false*
Added the same in the Web Security documentation in the patch. On testing the
above setup, observed that HBase Web UI shows a popup asking for LDAP login in
order to access the UI.
> Support for Hadoop's LDAP Authentication mechanism
> --------------------------------------------------
>
> Key: HBASE-27693
> URL: https://issues.apache.org/jira/browse/HBASE-27693
> Project: HBase
> Issue Type: New Feature
> Reporter: Yash Dodeja
> Assignee: Yash Dodeja
> Priority: Major
> Attachments: HBASE-27693.patch, Screenshot 2023-03-27 at 10.53.26
> AM.png
>
>
> Hadoop's AuthenticationFilter has changed and now has support for ldap
> mechanism too. HBase still uses an older version tightly coupled with
> kerberos and spnego as the only auth mechanisms. HADOOP-12082 has added
> support for multiple auth handlers including LDAP. On trying to use Hadoop's
> AuthenticationFilterInitializer in hbase.http.filter.initializers, there is a
> casting exception as HBase requires it to extend
> org.apache.hadoop.hbase.http.FilterInitializer.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
