[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14953511#comment-14953511 ] Vaibhav Gumashta commented on HIVE-7193: Thanks [~ngangam]. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Fix For: 1.3.0, 2.0.0 > > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14952398#comment-14952398 ] Naveen Gangam commented on HIVE-7193: - Thanks [~vgumashta] When I had put this feature, most of the testing was done manually because I couldnt get Apache Directory to work the way I wanted to automate the unit tests. I finally cut over to UnboundID to use for unit tests in HIVE-11866. This jira adds a framework that uses unboundID in-memory LDAP Server for testing HS2's LDAP Atn and some basic tests. I havent gotten around to adding tests for HIVE-7193 but I just created a jira a couple of days ago HIVE-12079 (linking to this jira now). I will add UTs for ldap filters soon. I will CC you on the RB when its ready. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Fix For: 1.3.0, 2.0.0 > > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14951266#comment-14951266 ] Vaibhav Gumashta commented on HIVE-7193: [~ngangam] Thanks for the useful enhancement. Any tips on testing the changes here? I am trying to figure out if there could be a good way to add a UT to test this. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Fix For: 1.3.0, 2.0.0 > > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14630992#comment-14630992 ] Lefty Leverenz commented on HIVE-7193: -- Doc note: The configuration parameters are documented in the HiveServer2 section of Configuration Properties, so I removed the TODOC1.3 label. * [Configuration Properties -- hive.server2.authentication.ldap.groupDNPattern | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.groupDNPattern] * [Configuration Properties -- hive.server2.authentication.ldap.groupFilter | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.groupFilter] * [Configuration Properties -- hive.server2.authentication.ldap.userDNPattern | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.userDNPattern] * [Configuration Properties -- hive.server2.authentication.ldap.userFilter | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.userFilter] * [Configuration Properties -- hive.server2.authentication.ldap.customLDAPQuery | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.customLDAPQuery] Setting Up HiveServer2 has a link to User and Group Filter Support ... (see link in last comment). > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Fix For: 1.3.0, 2.0.0 > > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14597186#comment-14597186 ] Lefty Leverenz commented on HIVE-7193: -- Doc note: (Removed TODOC2.0 because we only need to document the initial version, which is 1.3.) This adds five configuration parameters, which need to be documented in the HiveServer2 section of Configuration Properties. * hive.server2.authentication.ldap.groupDNPattern * hive.server2.authentication.ldap.groupFilter * hive.server2.authentication.ldap.userDNPattern * hive.server2.authentication.ldap.userFilter * hive.server2.authentication.ldap.customLDAPQuery * [Configuration Properties -- HiveServer2 | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-HiveServer2] Ben Tse wrote up the general documentation here (thanks, Ben): * [User and Group Filter Support with LDAP Atn Provider in HiveServer2 | https://cwiki.apache.org/confluence/display/Hive/User+and+Group+Filter+Support+with+LDAP+Atn+Provider+in+HiveServer2] > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Labels: TODOC1.3 > Fix For: 1.3.0, 2.0.0 > > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14596489#comment-14596489 ] Naveen Gangam commented on HIVE-7193: - This test seems flaky. It failed with patch v4, and passed with patch v5 and failed again with patch v6, although there are no code changes between v4,v5 and v6 of the patch, just doc changes (javadocs and hiveconf parameter descriptions). The failure does not appear to be related to my fix. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14596472#comment-14596472 ] Hive QA commented on HIVE-7193: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12741055/HIVE-7193.6.patch {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 9013 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestSparkCliDriver.testCliDriver_join28 {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4336/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4336/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4336/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12741055 - PreCommit-HIVE-TRUNK-Build > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14594389#comment-14594389 ] Lefty Leverenz commented on HIVE-7193: -- The parameter descriptions in patch 5 look good. Just one nit unfixed: "return" should be "returns" in the description of hive.server2.authentication.ldap.customLDAPQuery. Thanks. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.5.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14593269#comment-14593269 ] Hive QA commented on HIVE-7193: --- {color:green}Overall{color}: +1 all checks pass Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12740574/HIVE-7193.5.patch {color:green}SUCCESS:{color} +1 9010 tests passed Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4319/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4319/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4319/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase {noformat} This message is automatically generated. ATTACHMENT ID: 12740574 - PreCommit-HIVE-TRUNK-Build > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.5.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14593019#comment-14593019 ] Lefty Leverenz commented on HIVE-7193: -- Great, then in Configuration Properties the parameters will be linked to the LDAP section. Thanks Naveen. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14593014#comment-14593014 ] Naveen Gangam commented on HIVE-7193: - I intend to enhance the LDAP section wiki docs about using these new properties in detail, with examples. I just holding out until this patch gets committed. I figured thats where most users will look when attempting to use this feature. Would that suffice? And leave the patch 5 as-was for now? > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14593009#comment-14593009 ] Lefty Leverenz commented on HIVE-7193: -- Sorry about the duplicate comments. I'll review patch 5 tomorrow. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14593003#comment-14593003 ] Lefty Leverenz commented on HIVE-7193: -- Well, I'd like to see commas & colons explained in the description but maybe that's just because I'm ignorant about LDAP. If you don't think it's necessary, it can still be added to the description in the wiki. And of course it's available here. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14593005#comment-14593005 ] Lefty Leverenz commented on HIVE-7193: -- Well, I'd like to see commas & colons explained in the description but maybe that's just because I'm ignorant about LDAP. If you don't think it's necessary, it can still be added to the description in the wiki. And of course it's available here. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14593000#comment-14593000 ] Naveen Gangam commented on HIVE-7193: - Sorry, I just deleted it seeing you latest comment about including additional info in the parameter description. Should all of the above info be in the description? Thanks > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592995#comment-14592995 ] Lefty Leverenz commented on HIVE-7193: -- I'm getting 404 "Oops, you've found a dead link" for patch 5. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592996#comment-14592996 ] Lefty Leverenz commented on HIVE-7193: -- I'm getting 404 "Oops, you've found a dead link" for patch 5. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592990#comment-14592990 ] Lefty Leverenz commented on HIVE-7193: -- Yes, I see. Thanks [~ngangam]. Could the parameter descriptions include this information? > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592984#comment-14592984 ] Naveen Gangam commented on HIVE-7193: - Thank you for the review. Q. Also, why is the example a comma-separated list when the description says colon-separated? A. The example shows a single pattern for users for LDAP. Each attribute in LDAP DN is separated by COMMA "CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com" However, it is possible that a ldap directory could have users in different trees. The pattern for baseDN for each tree is separated by COLON. For example "CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com:CN=%s,OU=IT,DC=domain,DC=com" The same is true for group patterns. Does this help? Thanks > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592969#comment-14592969 ] Lefty Leverenz commented on HIVE-7193: -- Doc review (parameter descriptions): *hive.server2.authentication.ldap.groupDNPattern* {code} +"COLON-separated list of patterns to use to find DNs for group entities in this directory \n" + +"use %s where the actual group name is to be substituted for.\n" + +"For example: CN=%s,CN=Groups,DC=subdomain,DC=domain,DC=com."), {code} Please add a period at end of first line and start second line with initial capital "Use " Also, why is the example a comma-separated list when the description says colon-separated? *hive.server2.authentication.ldap.groupFilter* {code} +"COMMA-separated list of LDAP Group names (short name not full DNs) \n" + +" For example: HiveAdmins,HadoopAdmins,Administrators"), {code} Again, end the first line with a period. Remove the space at beginning of second line. *hive.server2.authentication.ldap.userDNPattern* {code} +"COLON-separated list of patterns to use to find DNs for users in this directory \n" + +"use %s where the actual group name is to be substituted for.\n" + +"For example: CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com." + +"COLON-seperated list of Base DNs for User entities in the LDAP directory"), {code} Again, add period to first line and start second line "Use". Why is the list comma-separated? Does the fourth line belong somewhere else? (It misspells "separated" too.) *hive.server2.authentication.ldap.userFilter* {code} +"COMMA-separated list of LDAP usernames (just short names, not full DNs) \n" + +"For example: hiveuser,impalauser,hiveadmin,hadoopadmin"), {code} Add period at end of first line. *hive.server2.authentication.ldap.customLDAPQuery* {code} +"A full LDAP query that LDAP Atn provider uses to execute against LDAP Server \n" + +"If this query return a null resultset, the LDAP Provider fails the Authentication request \n" + +", succeeds otherwise." + +"For example: (&(objectClass=group)(objectClass=top)(instanceType=4)(cn=Domain*)) \n" + +"(&(objectClass=person)(|(sAMAccountName=admin)(|(memberOf=CN=Domain Admins,CN=Users,DC=domain,DC=com)" + +"(memberOf=CN=Administrators,CN=Builtin,DC=domain,DC=com"), {code} Add a period at end of first line. Second line: "If this query returns ..." (add the s to return) and move comma from start of third line to end of second line (or move "request" to third line). > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14591109#comment-14591109 ] Chaoyu Tang commented on HIVE-7193: --- +1 > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14590515#comment-14590515 ] Naveen Gangam commented on HIVE-7193: - The SINGLE test failure is not related to my patch. It failed in the prior run too. Appears there is a mismatch in the query output vs the q.out file. So I think we are good. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14590082#comment-14590082 ] Hive QA commented on HIVE-7193: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12740128/HIVE-7193.4.patch {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 9008 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestSparkCliDriver.testCliDriver_join28 {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4286/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4286/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4286/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12740128 - PreCommit-HIVE-TRUNK-Build > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14589876#comment-14589876 ] Naveen Gangam commented on HIVE-7193: - For some reason, the pre-commit test run did not pick up the patch. I will cancel patch, and re-submit to kick it off. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.5.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14589224#comment-14589224 ] Chaoyu Tang commented on HIVE-7193: --- Thanks [~ngangam] for the patch. It looks good to me. Regarding to the concern you had whether the AtnProvider should be changed to be implemented as a singleton, I agree with you that you would not address it in this patch for following reasons: 1. The existing code does not implement AtnProvider as a singleton. Making such change might have some backward compatibility issue. For example, what if a user has already implemented and used a CustomAuthenticationProvider which is not for a singleton? 2. The patch only adds several additional read and processing of HiveConf properties in LdapAuthenticationProviderImpl constructor. Compared to LDAP authentication itself, its overhead should be trivial and it should not be a performance bottleneck. 3. In case it turns out the performance is not desirable due to AtnProvider instantiation, we might consider moving some static logic from constructor to a static block to improve runtime performance. Or open a separate JIRA to initiate the investigation to performance implementation (including singleton etc). But this patch will mainly focuses on the LDAP enhancement. 4. As for your concern "dont know what the user-coded CustomAuthenticationProvider could do", even if you change the AuthenticationProviderFactory and allow it to be implemented as a singleton, but like you said, we still have no control how he implements the singleton. In addition, the enhancement including its new configuration properties should be properly documented. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.5.patch, > HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14575310#comment-14575310 ] Chaoyu Tang commented on HIVE-7193: --- [~ngangam] Overall, the patch looks good to me. I still have some questions, could you help clarify them? Thanks > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2. > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > We need to include other LDAP properties as part of hive-LDAP authentication > like below > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14572492#comment-14572492 ] Hive QA commented on HIVE-7193: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12737449/HIVE-7193.3.patch {color:red}ERROR:{color} -1 due to 4 failed/errored test(s), 8997 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_autogen_colalias org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_udf_nondeterministic org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_ql_rewrite_gbtoidx_cbo_2 org.apache.hadoop.hive.metastore.txn.TestCompactionTxnHandler.testRevokeTimedOutWorkers {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4169/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4169/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4169/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 4 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12737449 - PreCommit-HIVE-TRUNK-Build > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2. > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > We need to include other LDAP properties as part of hive-LDAP authentication > like below > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14565872#comment-14565872 ] Hive QA commented on HIVE-7193: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12736168/HIVE-7193.2.patch {color:red}ERROR:{color} -1 due to 5 failed/errored test(s), 8983 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_fold_case org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_index_serde org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_ql_rewrite_gbtoidx_cbo_2 org.apache.hadoop.hive.thrift.TestHadoop20SAuthBridge.testSaslWithHiveMetaStore org.apache.hive.jdbc.TestSSL.testSSLFetchHttp {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4100/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4100/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4100/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 5 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12736168 - PreCommit-HIVE-TRUNK-Build > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.2.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2. > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > We need to include other LDAP properties as part of hive-LDAP authentication > like below > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14552418#comment-14552418 ] Naveen Gangam commented on HIVE-7193: - Review posted to reviewboard at https://reviews.apache.org/r/34472/. Thanks in advance > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2. > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > We need to include other LDAP properties as part of hive-LDAP authentication > like below > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14550850#comment-14550850 ] Naveen Gangam commented on HIVE-7193: - The failure is a qtest failure where the expected output does not match the real output. This failure is not related to the patch I uploaded. {code} Running: diff -a /home/hiveptest/54.159.220.74-hiveptest-2/apache-github-source-source/itests/qtest/../../itests/qtest/target/qfile-results/clientpositive/encryption_insert_partition_static.q.out /home/hiveptest/54.159.220.74-hiveptest-2/apache-github-source-source/itests/qtest/../../ql/src/test/results/clientpositive/encrypted/encryption_insert_partition_static.q.out 558c558 < Statistics: Num rows: 12 Data size: 2777 Basic stats: COMPLETE Column stats: NONE --- > Statistics: Num rows: 12 Data size: 2767 Basic stats: COMPLETE > Column stats: NONE 563c563 < Statistics: Num rows: 12 Data size: 2777 Basic stats: COMPLETE Column stats: NONE --- > Statistics: Num rows: 12 Data size: 2767 Basic stats: COMPLETE > Column stats: NONE 567c567 < Statistics: Num rows: 12 Data size: 2777 Basic stats: COMPLETE Column stats: NONE --- > Statistics: Num rows: 12 Data size: 2767 Basic stats: > COMPLETE Column stats: NONE 598c598 < totalSize 1392 --- > totalSize 1385 646c646 < totalSize 1385 --- > totalSize 1382 678c678 < Statistics: Num rows: 12 Data size: 2777 Basic stats: COMPLETE Column stats: NONE --- > Statistics: Num rows: 12 Data size: 2767 Basic stats: COMPLETE > Column stats: NONE 685c685 < Statistics: Num rows: 12 Data size: 2777 Basic stats: COMPLETE Column stats: NONE --- > Statistics: Num rows: 12 Data size: 2767 Basic stats: COMPLETE > Column stats: NONE {code} > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, > LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2. > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > We need to include other LDAP properties as part of hive-LDAP authentication > like below > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14550189#comment-14550189 ] Hive QA commented on HIVE-7193: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12733705/HIVE-7193.patch {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 8946 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestEncryptedHDFSCliDriver.testCliDriver_encryption_insert_partition_static {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/3942/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/3942/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-3942/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12733705 - PreCommit-HIVE-TRUNK-Build > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Attachments: HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2. > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > We need to include other LDAP properties as part of hive-LDAP authentication > like below > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)