[
https://issues.apache.org/jira/browse/HIVE-4707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14630931#comment-14630931
]
Lefty Leverenz commented on HIVE-4707:
--------------------------------------
Doc note: This adds configuration parameter
*hive.server2.authentication.ldap.Domain* to HiveConf.java. It is documented
in the wiki here:
* [Configuration Properties -- hive.server2.authentication.ldap.Domain |
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.Domain]
* [Setting Up HiveServer2 -- Configuration |
https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-Configuration]
> Support configurable domain name for HiveServer2 LDAP authentication using
> Active Directory
> -------------------------------------------------------------------------------------------
>
> Key: HIVE-4707
> URL: https://issues.apache.org/jira/browse/HIVE-4707
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 0.11.0
> Reporter: Prasad Mujumdar
> Assignee: Prasad Mujumdar
> Fix For: 0.12.0
>
> Attachments: HIVE-4707-1.patch
>
>
> LDAP providers like Active Directory use a fully qualified user name in
> user@domain format. For HiveServer2 LDAP auth can be used with active
> directory by passing the userid in that format. This causes hive
> authentication module to retrun the username in that mangled format. This
> prohibits LDAP users to be impersonated over secure hadoop or reported
> correctly in audit etc.
> HiveServer2 should support a configurable LDAP domain that is appended to the
> user name.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
