Naveen Gangam created HIVE-26502:
------------------------------------
Summary: Improve LDAP auth to support include generic user filters
Key: HIVE-26502
URL: https://issues.apache.org/jira/browse/HIVE-26502
Project: Hive
Issue Type: Improvement
Components: HiveServer2
Affects Versions: 4.0.0-alpha-1
Reporter: Naveen Gangam
Assignee: Naveen Gangam
Currently, Hive's ldap userfiltering is based on configuring a set of patterns
in which wild cards are replaced by usernames and searched for. While this
model supports advanced filtering options where a corporate ldap can have users
in different orgs and trees, it does not quite support generic ldap searches
like this.
(&(uid={0})(objectClass=person))
To be able to support this without making changes to the semantics of existing
configuration params, and to be backward compatible, we can enhance the
existing custom query functionality to support this.
For with a configuration like this, we should be able to perform a search for
user who uid matches the username being authenticated.
<property>
<name>hive.server2.authentication.ldap.baseDN</name>
<value>dc=apache,dc=org</value>
</property>
<property>
<name>hive.server2.authentication.ldap.customLDAPQuery</name>
<value>(&(uid={0})(objectClass=person))</value>
</property>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
