Naveen Gangam created HIVE-26502: ------------------------------------ Summary: Improve LDAP auth to support include generic user filters Key: HIVE-26502 URL: https://issues.apache.org/jira/browse/HIVE-26502 Project: Hive Issue Type: Improvement Components: HiveServer2 Affects Versions: 4.0.0-alpha-1 Reporter: Naveen Gangam Assignee: Naveen Gangam
Currently, Hive's ldap userfiltering is based on configuring a set of patterns in which wild cards are replaced by usernames and searched for. While this model supports advanced filtering options where a corporate ldap can have users in different orgs and trees, it does not quite support generic ldap searches like this. (&(uid={0})(objectClass=person)) To be able to support this without making changes to the semantics of existing configuration params, and to be backward compatible, we can enhance the existing custom query functionality to support this. For with a configuration like this, we should be able to perform a search for user who uid matches the username being authenticated. <property> <name>hive.server2.authentication.ldap.baseDN</name> <value>dc=apache,dc=org</value> </property> <property> <name>hive.server2.authentication.ldap.customLDAPQuery</name> <value>(&(uid={0})(objectClass=person))</value> </property> -- This message was sent by Atlassian Jira (v8.20.10#820010)