[
https://issues.apache.org/jira/browse/HIVE-8190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Naveen Gangam resolved HIVE-8190.
---------------------------------
Resolution: Fixed
Fix Version/s: 2.0.0
1.3.0
Hadoop Flags: Reviewed
A more general fix for this issue has been included in HIVE-7193 that add
filter support for LDAP user and groups. Users can configure the following
properties to indicate multiple patterns(COMMA-separated) for DNs where
users/groups can be located in LDAP.
hive.server2.authentication.ldap.groupDNPattern
hive.server2.authentication.ldap.userDNPattern
ex: uid=%s,ou=Users,DC=domain,DC=com:CN=%s,CN=Users,DC=domain,DC=com
uid=%s,ou=Groups,DC=domain,DC=com:CN=%s,CN=Groups,DC=domain,DC=com
Please provide any feedback you have on the new features. Thanks
> LDAP user match for authentication on hiveserver2
> -------------------------------------------------
>
> Key: HIVE-8190
> URL: https://issues.apache.org/jira/browse/HIVE-8190
> Project: Hive
> Issue Type: Improvement
> Components: Authorization, Clients
> Affects Versions: 0.13.1
> Environment: Centos 6.5
> Reporter: LINTE
> Assignee: Naveen Gangam
> Fix For: 1.3.0, 2.0.0
>
>
> Some LDAP has the user composant as CN and not UID.
> SO when you try to authenticate the LDAP authentication module of hive try to
> authenticate with the following string :
> uid=$login,basedn
> Some AD have user objects that are not uid but cn, so it is be important to
> personalize the kind of objects that the authentication moduel look for in
> ldap.
> We can see an exemple in knox LDAP module configuration the parameter
> main.ldapRealm.userDnTemplate can be configured to look for :
> uid : 'uid={0}, basedn'
> or cn : 'cn={0}, basedn'
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
