[jira] [Comment Edited] (HIVE-26502) Improve LDAP auth to support include generic user filters

Mon, 29 Aug 2022 20:23:07 -0700 


    [ 
https://issues.apache.org/jira/browse/HIVE-26502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17597499#comment-17597499
 ] 

Naveen Gangam edited comment on HIVE-26502 at 8/30/22 3:22 AM:
---------------------------------------------------------------

{noformat}
  <property>
    <name>hive.server2.authentication.ldap.baseDN</name>
    <value>dc=apache,dc=org</value>
  </property>
  <property>
    <name>hive.server2.authentication.ldap.customLDAPQuery</name>
    <value>(&(uid={0})(objectClass=person))</value>
  </property>
{noformat}



was (Author: ngangam):

{noformat}
  <property>
    <name>hive.server2.authentication.ldap.baseDN</name>
    <value>dc=cloudera,dc=com</value>
  </property>
  <property>
    <name>hive.server2.authentication.ldap.customLDAPQuery</name>
    <value>(&(uid={0})(objectClass=person))</value>
  </property>
{noformat}


> Improve LDAP auth to support include generic user filters
> ---------------------------------------------------------
>
>                 Key: HIVE-26502
>                 URL: https://issues.apache.org/jira/browse/HIVE-26502
>             Project: Hive
>          Issue Type: Improvement
>          Components: HiveServer2
>    Affects Versions: 4.0.0-alpha-1
>            Reporter: Naveen Gangam
>            Assignee: Naveen Gangam
>            Priority: Major
>
> Currently, Hive's ldap userfiltering is based on configuring a set of 
> patterns in which wild cards are replaced by usernames and searched for. 
> While this model supports advanced filtering options where a corporate ldap 
> can have users in different orgs and trees, it does not quite support generic 
> ldap searches like this.
> (&(uid={0})(objectClass=person))
> To be able to support this without making changes to the semantics of 
> existing configuration params, and to be backward compatible, we can enhance 
> the existing custom query functionality to support this.
> For with a configuration like this, we should be able to perform a search for 
> user who uid matches the username being authenticated.
>   <property>
>     <name>hive.server2.authentication.ldap.baseDN</name>
>     <value>dc=apache,dc=org</value>
>   </property>
>   <property>
>     <name>hive.server2.authentication.ldap.customLDAPQuery</name>
>     <value>(&(uid={0})(objectClass=person))</value>
>   </property>



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to