[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14952398#comment-14952398 ] Naveen Gangam commented on HIVE-7193: - Thanks [~vgumashta] When I had put this feature, most of the testing was done manually because I couldnt get Apache Directory to work the way I wanted to automate the unit tests. I finally cut over to UnboundID to use for unit tests in HIVE-11866. This jira adds a framework that uses unboundID in-memory LDAP Server for testing HS2's LDAP Atn and some basic tests. I havent gotten around to adding tests for HIVE-7193 but I just created a jira a couple of days ago HIVE-12079 (linking to this jira now). I will add UTs for ldap filters soon. I will CC you on the RB when its ready. > Hive should support additional LDAP authentication parameters > - > > Key: HIVE-7193 > URL: https://issues.apache.org/jira/browse/HIVE-7193 > Project: Hive > Issue Type: Bug >Affects Versions: 0.10.0 >Reporter: Mala Chikka Kempanna >Assignee: Naveen Gangam > Fix For: 1.3.0, 2.0.0 > > Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, > HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, > LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx > > > Currently hive has only following authenticator parameters for LDAP > authentication for hiveserver2: > {code:xml} > > hive.server2.authentication > LDAP > > > hive.server2.authentication.ldap.url > ldap://our_ldap_address > > {code} > We need to include other LDAP properties as part of hive-LDAP authentication > like below: > {noformat} > a group search base -> dc=domain,dc=com > a group search filter -> member={0} > a user search base -> dc=domain,dc=com > a user search filter -> sAMAAccountName={0} > a list of valid user groups -> group1,group2,group3 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14630992#comment-14630992 ] Lefty Leverenz commented on HIVE-7193: -- Doc note: The configuration parameters are documented in the HiveServer2 section of Configuration Properties, so I removed the TODOC1.3 label. * [Configuration Properties -- hive.server2.authentication.ldap.groupDNPattern | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.groupDNPattern] * [Configuration Properties -- hive.server2.authentication.ldap.groupFilter | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.groupFilter] * [Configuration Properties -- hive.server2.authentication.ldap.userDNPattern | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.userDNPattern] * [Configuration Properties -- hive.server2.authentication.ldap.userFilter | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.userFilter] * [Configuration Properties -- hive.server2.authentication.ldap.customLDAPQuery | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.customLDAPQuery] Setting Up HiveServer2 has a link to User and Group Filter Support ... (see link in last comment). Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Fix For: 1.3.0, 2.0.0 Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14596472#comment-14596472 ] Hive QA commented on HIVE-7193: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12741055/HIVE-7193.6.patch {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 9013 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestSparkCliDriver.testCliDriver_join28 {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4336/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4336/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4336/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12741055 - PreCommit-HIVE-TRUNK-Build Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14596489#comment-14596489 ] Naveen Gangam commented on HIVE-7193: - This test seems flaky. It failed with patch v4, and passed with patch v5 and failed again with patch v6, although there are no code changes between v4,v5 and v6 of the patch, just doc changes (javadocs and hiveconf parameter descriptions). The failure does not appear to be related to my fix. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14597186#comment-14597186 ] Lefty Leverenz commented on HIVE-7193: -- Doc note: (Removed TODOC2.0 because we only need to document the initial version, which is 1.3.) This adds five configuration parameters, which need to be documented in the HiveServer2 section of Configuration Properties. * hive.server2.authentication.ldap.groupDNPattern * hive.server2.authentication.ldap.groupFilter * hive.server2.authentication.ldap.userDNPattern * hive.server2.authentication.ldap.userFilter * hive.server2.authentication.ldap.customLDAPQuery * [Configuration Properties -- HiveServer2 | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-HiveServer2] Ben Tse wrote up the general documentation here (thanks, Ben): * [User and Group Filter Support with LDAP Atn Provider in HiveServer2 | https://cwiki.apache.org/confluence/display/Hive/User+and+Group+Filter+Support+with+LDAP+Atn+Provider+in+HiveServer2] Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Labels: TODOC1.3 Fix For: 1.3.0, 2.0.0 Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594389#comment-14594389 ] Lefty Leverenz commented on HIVE-7193: -- The parameter descriptions in patch 5 look good. Just one nit unfixed: return should be returns in the description of hive.server2.authentication.ldap.customLDAPQuery. Thanks. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.5.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593269#comment-14593269 ] Hive QA commented on HIVE-7193: --- {color:green}Overall{color}: +1 all checks pass Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12740574/HIVE-7193.5.patch {color:green}SUCCESS:{color} +1 9010 tests passed Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4319/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4319/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4319/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase {noformat} This message is automatically generated. ATTACHMENT ID: 12740574 - PreCommit-HIVE-TRUNK-Build Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.5.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592990#comment-14592990 ] Lefty Leverenz commented on HIVE-7193: -- Yes, I see. Thanks [~ngangam]. Could the parameter descriptions include this information? Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593003#comment-14593003 ] Lefty Leverenz commented on HIVE-7193: -- Well, I'd like to see commas colons explained in the description but maybe that's just because I'm ignorant about LDAP. If you don't think it's necessary, it can still be added to the description in the wiki. And of course it's available here. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593005#comment-14593005 ] Lefty Leverenz commented on HIVE-7193: -- Well, I'd like to see commas colons explained in the description but maybe that's just because I'm ignorant about LDAP. If you don't think it's necessary, it can still be added to the description in the wiki. And of course it's available here. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593019#comment-14593019 ] Lefty Leverenz commented on HIVE-7193: -- Great, then in Configuration Properties the parameters will be linked to the LDAP section. Thanks Naveen. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592984#comment-14592984 ] Naveen Gangam commented on HIVE-7193: - Thank you for the review. Q. Also, why is the example a comma-separated list when the description says colon-separated? A. The example shows a single pattern for users for LDAP. Each attribute in LDAP DN is separated by COMMA CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com However, it is possible that a ldap directory could have users in different trees. The pattern for baseDN for each tree is separated by COLON. For example CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com:CN=%s,OU=IT,DC=domain,DC=com The same is true for group patterns. Does this help? Thanks Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593014#comment-14593014 ] Naveen Gangam commented on HIVE-7193: - I intend to enhance the LDAP section wiki docs about using these new properties in detail, with examples. I just holding out until this patch gets committed. I figured thats where most users will look when attempting to use this feature. Would that suffice? And leave the patch 5 as-was for now? Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592996#comment-14592996 ] Lefty Leverenz commented on HIVE-7193: -- I'm getting 404 Oops, you've found a dead link for patch 5. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592995#comment-14592995 ] Lefty Leverenz commented on HIVE-7193: -- I'm getting 404 Oops, you've found a dead link for patch 5. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593000#comment-14593000 ] Naveen Gangam commented on HIVE-7193: - Sorry, I just deleted it seeing you latest comment about including additional info in the parameter description. Should all of the above info be in the description? Thanks Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593009#comment-14593009 ] Lefty Leverenz commented on HIVE-7193: -- Sorry about the duplicate comments. I'll review patch 5 tomorrow. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14590515#comment-14590515 ] Naveen Gangam commented on HIVE-7193: - The SINGLE test failure is not related to my patch. It failed in the prior run too. Appears there is a mismatch in the query output vs the q.out file. So I think we are good. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14591109#comment-14591109 ] Chaoyu Tang commented on HIVE-7193: --- +1 Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14589876#comment-14589876 ] Naveen Gangam commented on HIVE-7193: - For some reason, the pre-commit test run did not pick up the patch. I will cancel patch, and re-submit to kick it off. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.5.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14590082#comment-14590082 ] Hive QA commented on HIVE-7193: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12740128/HIVE-7193.4.patch {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 9008 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestSparkCliDriver.testCliDriver_join28 {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4286/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4286/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4286/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12740128 - PreCommit-HIVE-TRUNK-Build Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14589224#comment-14589224 ] Chaoyu Tang commented on HIVE-7193: --- Thanks [~ngangam] for the patch. It looks good to me. Regarding to the concern you had whether the AtnProvider should be changed to be implemented as a singleton, I agree with you that you would not address it in this patch for following reasons: 1. The existing code does not implement AtnProvider as a singleton. Making such change might have some backward compatibility issue. For example, what if a user has already implemented and used a CustomAuthenticationProvider which is not for a singleton? 2. The patch only adds several additional read and processing of HiveConf properties in LdapAuthenticationProviderImpl constructor. Compared to LDAP authentication itself, its overhead should be trivial and it should not be a performance bottleneck. 3. In case it turns out the performance is not desirable due to AtnProvider instantiation, we might consider moving some static logic from constructor to a static block to improve runtime performance. Or open a separate JIRA to initiate the investigation to performance implementation (including singleton etc). But this patch will mainly focuses on the LDAP enhancement. 4. As for your concern dont know what the user-coded CustomAuthenticationProvider could do, even if you change the AuthenticationProviderFactory and allow it to be implemented as a singleton, but like you said, we still have no control how he implements the singleton. In addition, the enhancement including its new configuration properties should be properly documented. Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.5.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2: {code:xml} property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property {code} We need to include other LDAP properties as part of hive-LDAP authentication like below: {noformat} a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14575310#comment-14575310 ] Chaoyu Tang commented on HIVE-7193: --- [~ngangam] Overall, the patch looks good to me. I still have some questions, could you help clarify them? Thanks Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2. property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property We need to include other LDAP properties as part of hive-LDAP authentication like below a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14572492#comment-14572492 ] Hive QA commented on HIVE-7193: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12737449/HIVE-7193.3.patch {color:red}ERROR:{color} -1 due to 4 failed/errored test(s), 8997 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_autogen_colalias org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_udf_nondeterministic org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_ql_rewrite_gbtoidx_cbo_2 org.apache.hadoop.hive.metastore.txn.TestCompactionTxnHandler.testRevokeTimedOutWorkers {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4169/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4169/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4169/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 4 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12737449 - PreCommit-HIVE-TRUNK-Build Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2. property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property We need to include other LDAP properties as part of hive-LDAP authentication like below a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14565872#comment-14565872 ] Hive QA commented on HIVE-7193: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12736168/HIVE-7193.2.patch {color:red}ERROR:{color} -1 due to 5 failed/errored test(s), 8983 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_fold_case org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_index_serde org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_ql_rewrite_gbtoidx_cbo_2 org.apache.hadoop.hive.thrift.TestHadoop20SAuthBridge.testSaslWithHiveMetaStore org.apache.hive.jdbc.TestSSL.testSSLFetchHttp {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4100/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4100/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4100/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 5 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12736168 - PreCommit-HIVE-TRUNK-Build Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.2.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2. property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property We need to include other LDAP properties as part of hive-LDAP authentication like below a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14552418#comment-14552418 ] Naveen Gangam commented on HIVE-7193: - Review posted to reviewboard at https://reviews.apache.org/r/34472/. Thanks in advance Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2. property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property We need to include other LDAP properties as part of hive-LDAP authentication like below a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[ https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14550189#comment-14550189 ] Hive QA commented on HIVE-7193: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12733705/HIVE-7193.patch {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 8946 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestEncryptedHDFSCliDriver.testCliDriver_encryption_insert_partition_static {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/3942/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/3942/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-3942/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12733705 - PreCommit-HIVE-TRUNK-Build Hive should support additional LDAP authentication parameters - Key: HIVE-7193 URL: https://issues.apache.org/jira/browse/HIVE-7193 Project: Hive Issue Type: Bug Affects Versions: 0.10.0 Reporter: Mala Chikka Kempanna Assignee: Naveen Gangam Attachments: HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx Currently hive has only following authenticator parameters for LDAP authentication for hiveserver2. property namehive.server2.authentication/name valueLDAP/value /property property namehive.server2.authentication.ldap.url/name valueldap://our_ldap_address/value /property We need to include other LDAP properties as part of hive-LDAP authentication like below a group search base - dc=domain,dc=com a group search filter - member={0} a user search base - dc=domain,dc=com a user search filter - sAMAAccountName={0} a list of valid user groups - group1,group2,group3 -- This message was sent by Atlassian JIRA (v6.3.4#6332)