[
https://issues.apache.org/jira/browse/HIVE-13035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15141392#comment-15141392
]
Naveen Gangam commented on HIVE-13035:
--------------------------------------
This would require us to use a separate bind DN than the user being
authenticated. So the LDAP bind occurs with a a specific user everytime and the
authenticating users will be found using a ldap search based on configurable
keys.
This is probably a better approach the Atn provider is a service with the same
lifecycle as the hive server2. However, this requires additional configuration
that includes adding a password value(password for the bind user) to an
external system like LDAP in the hive-site.xml. This concerns me.
> Enable Hive Server 2 to use a LDAP user and group search filters (RFC 2254).
> ----------------------------------------------------------------------------
>
> Key: HIVE-13035
> URL: https://issues.apache.org/jira/browse/HIVE-13035
> Project: Hive
> Issue Type: New Feature
> Components: HiveServer2
> Affects Versions: 1.2.1
> Reporter: Robert Justice
> Assignee: Vaibhav Gumashta
> Labels: feature
>
> In some AD configurations, user's may wish to authenticate with a attribute
> other than sAMAccountName such as uid=, which may not match and cause
> confusion. If LDAP user and group search filters existed, (e.g. (uid={0}))
> this would allow for such configurations.
> https://www.rfc-editor.org/rfc/rfc2254.txt
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
