[Impala-ASF-CR] IMPALA-2563: Support LDAP search bind operations

Fri, 27 Mar 2020 14:59:10 -0700 

Hello Tim Armstrong, Impala Public Jenkins,

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/15570

to look at the new patch set (#2).

Change subject: IMPALA-2563: Support LDAP search bind operations
......................................................................

IMPALA-2563: Support LDAP search bind operations

This patch adds a number of new options for controlling LDAP
by restricting authentication to particular users and/or members of
particular groups:
--ldap_group_filter: comma separated list of authorized groups
--ldap_user_filter: comma separated list of authorized users

There are also options to control how LDAP is searched when applying
these filters:
--ldap_group_dn_pattern
--ldap_group_membership_key
--ldap_group_membership_class

These options were modelled on equivalent options in Hive, see:
https://cwiki.apache.org/confluence/display/Hive/User+and+Group+Filter+Support+with+LDAP+Atn+Provider+in+HiveServer2
https://github.com/apache/hive/tree/master/service/src/java/org/apache/hive/service/auth/ldap

This patch also refactors LDAP related functionality into a utility
class, both to make authentication.cc more manageable and to
facilitate follow up work that will add LDAP authentication options
for the webserver.

Testing:
- Added a FE custom cluster test that sets --ldap_group_filter and
  --ldap_user_filter and verifies expected behavior.

Change-Id: I7502a96e9a3c16faa67c03ffac54df2bdebbca8c
---
M be/src/common/global-flags.cc
M be/src/rpc/authentication.cc
M be/src/rpc/authentication.h
M be/src/util/CMakeLists.txt
A be/src/util/ldap-util.cc
A be/src/util/ldap-util.h
M fe/src/test/java/org/apache/impala/customcluster/LdapImpalaShellTest.java
M fe/src/test/resources/users.ldif
8 files changed, 446 insertions(+), 166 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/70/15570/2
--
To view, visit http://gerrit.cloudera.org:8080/15570
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I7502a96e9a3c16faa67c03ffac54df2bdebbca8c
Gerrit-Change-Number: 15570
Gerrit-PatchSet: 2
Gerrit-Owner: Thomas Tauber-Marshall <[email protected]>
Gerrit-Reviewer: Impala Public Jenkins <[email protected]>
Gerrit-Reviewer: Tim Armstrong <[email protected]>

Reply via email to