Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/15570 )
Change subject: IMPALA-2563: Support LDAP search bind operations ...................................................................... IMPALA-2563: Support LDAP search bind operations This patch adds a number of new options for controlling LDAP by restricting authentication to particular users and/or members of particular groups: --ldap_group_filter: comma separated list of authorized groups --ldap_user_filter: comma separated list of authorized users There are also options to control how LDAP is searched when applying these filters: --ldap_group_dn_pattern --ldap_group_membership_key --ldap_group_membership_class These options were modelled on equivalent options in Hive, see: https://cwiki.apache.org/confluence/display/Hive/User+and+Group+Filter+Support+with+LDAP+Atn+Provider+in+HiveServer2 https://github.com/apache/hive/tree/master/service/src/java/org/apache/hive/service/auth/ldap This patch also refactors LDAP related functionality into a utility class, both to make authentication.cc more manageable and to facilitate follow up work that will add LDAP authentication options for the webserver. Testing: - Added a FE custom cluster test that sets --ldap_group_filter and --ldap_user_filter and verifies expected behavior. Change-Id: I7502a96e9a3c16faa67c03ffac54df2bdebbca8c Reviewed-on: http://gerrit.cloudera.org:8080/15570 Reviewed-by: Impala Public Jenkins <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> --- M be/src/common/global-flags.cc M be/src/rpc/authentication.cc M be/src/rpc/authentication.h M be/src/util/CMakeLists.txt A be/src/util/ldap-util.cc A be/src/util/ldap-util.h M fe/src/test/java/org/apache/impala/customcluster/LdapImpalaShellTest.java M fe/src/test/resources/users.ldif 8 files changed, 495 insertions(+), 166 deletions(-) Approvals: Impala Public Jenkins: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/15570 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I7502a96e9a3c16faa67c03ffac54df2bdebbca8c Gerrit-Change-Number: 15570 Gerrit-PatchSet: 6 Gerrit-Owner: Thomas Tauber-Marshall <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Thomas Tauber-Marshall <[email protected]> Gerrit-Reviewer: Tim Armstrong <[email protected]>
