[
https://issues.apache.org/jira/browse/HIVE-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Naveen Gangam resolved HIVE-9880.
---------------------------------
Resolution: Fixed
Fix Version/s: 2.0.0
1.3.0
Hadoop Flags: Reviewed
A more general fix for this issue has been included in HIVE-7193 that add
filter support for LDAP user and groups. Users can configure the following
properties to indicate multiple patterns(COMMA-separated) for DNs where
users/groups can be located in LDAP.
hive.server2.authentication.ldap.groupDNPattern
hive.server2.authentication.ldap.userDNPattern
ex: uid=%s,ou=Users,DC=domain,DC=com:CN=%s,CN=Users,DC=domain,DC=com
uid=%s,ou=Groups,DC=domain,DC=com:CN=%s,CN=Groups,DC=domain,DC=com
Please provide any feedback you have on the new features. Thanks
> Support configurable username attribute for HiveServer2 LDAP authentication
> ---------------------------------------------------------------------------
>
> Key: HIVE-9880
> URL: https://issues.apache.org/jira/browse/HIVE-9880
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 0.13.0
> Reporter: Jaime Murillo
> Assignee: Naveen Gangam
> Fix For: 1.3.0, 2.0.0
>
> Attachments: HIVE-9880-1.patch
>
>
> OpenLDAP requires that when bind authenticating, the DN being supplied must
> be the creation DN of the account. Since, OpenLDAP allows for any attribute
> to be used when creating a DN for an account, organizations that don’t use
> hardcoded *uid* attribute won’t be able to utilize HiveServer2 LDAP
> authentication.
> HiveServer2 should support a configurable username attribute when
> constructing the bindDN
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
