[ https://issues.apache.org/jira/browse/HIVE-13035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15141392#comment-15141392 ]
Naveen Gangam commented on HIVE-13035: -------------------------------------- This would require us to use a separate bind DN than the user being authenticated. So the LDAP bind occurs with a a specific user everytime and the authenticating users will be found using a ldap search based on configurable keys. This is probably a better approach the Atn provider is a service with the same lifecycle as the hive server2. However, this requires additional configuration that includes adding a password value(password for the bind user) to an external system like LDAP in the hive-site.xml. This concerns me. > Enable Hive Server 2 to use a LDAP user and group search filters (RFC 2254). > ---------------------------------------------------------------------------- > > Key: HIVE-13035 > URL: https://issues.apache.org/jira/browse/HIVE-13035 > Project: Hive > Issue Type: New Feature > Components: HiveServer2 > Affects Versions: 1.2.1 > Reporter: Robert Justice > Assignee: Vaibhav Gumashta > Labels: feature > > In some AD configurations, user's may wish to authenticate with a attribute > other than sAMAccountName such as uid=, which may not match and cause > confusion. If LDAP user and group search filters existed, (e.g. (uid={0})) > this would allow for such configurations. > https://www.rfc-editor.org/rfc/rfc2254.txt -- This message was sent by Atlassian JIRA (v6.3.4#6332)