[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14952398#comment-14952398
]
Naveen Gangam commented on HIVE-7193:
-
Thanks [~vgumashta] When I had put this feature, most of the testing was done
manually because I couldnt get Apache Directory to work the way I wanted to
automate the unit tests. I finally cut over to UnboundID to use for unit tests
in HIVE-11866. This jira adds a framework that uses unboundID in-memory LDAP
Server for testing HS2's LDAP Atn and some basic tests. I havent gotten around
to adding tests for HIVE-7193 but I just created a jira a couple of days ago
HIVE-12079 (linking to this jira now). I will add UTs for ldap filters soon. I
will CC you on the RB when its ready.
> Hive should support additional LDAP authentication parameters
> -
>
> Key: HIVE-7193
> URL: https://issues.apache.org/jira/browse/HIVE-7193
> Project: Hive
> Issue Type: Bug
>Affects Versions: 0.10.0
>Reporter: Mala Chikka Kempanna
>Assignee: Naveen Gangam
> Fix For: 1.3.0, 2.0.0
>
> Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
> HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch,
> LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx
>
>
> Currently hive has only following authenticator parameters for LDAP
> authentication for hiveserver2:
> {code:xml}
>
> hive.server2.authentication
> LDAP
>
>
> hive.server2.authentication.ldap.url
> ldap://our_ldap_address
>
> {code}
> We need to include other LDAP properties as part of hive-LDAP authentication
> like below:
> {noformat}
> a group search base -> dc=domain,dc=com
> a group search filter -> member={0}
> a user search base -> dc=domain,dc=com
> a user search filter -> sAMAAccountName={0}
> a list of valid user groups -> group1,group2,group3
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14630992#comment-14630992
]
Lefty Leverenz commented on HIVE-7193:
--
Doc note: The configuration parameters are documented in the HiveServer2
section of Configuration Properties, so I removed the TODOC1.3 label.
* [Configuration Properties -- hive.server2.authentication.ldap.groupDNPattern
|
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.groupDNPattern]
* [Configuration Properties -- hive.server2.authentication.ldap.groupFilter |
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.groupFilter]
* [Configuration Properties -- hive.server2.authentication.ldap.userDNPattern |
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.userDNPattern]
* [Configuration Properties -- hive.server2.authentication.ldap.userFilter |
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.userFilter]
* [Configuration Properties -- hive.server2.authentication.ldap.customLDAPQuery
|
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.authentication.ldap.customLDAPQuery]
Setting Up HiveServer2 has a link to User and Group Filter Support ... (see
link in last comment).
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Fix For: 1.3.0, 2.0.0
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch,
LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14596472#comment-14596472
]
Hive QA commented on HIVE-7193:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12741055/HIVE-7193.6.patch
{color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 9013 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestSparkCliDriver.testCliDriver_join28
{noformat}
Test results:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4336/testReport
Console output:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4336/console
Test logs:
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4336/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 1 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12741055 - PreCommit-HIVE-TRUNK-Build
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch,
LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14596489#comment-14596489
]
Naveen Gangam commented on HIVE-7193:
-
This test seems flaky. It failed with patch v4, and passed with patch v5 and
failed again with patch v6, although there are no code changes between v4,v5
and v6 of the patch, just doc changes (javadocs and hiveconf parameter
descriptions). The failure does not appear to be related to my fix.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch,
LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14597186#comment-14597186
]
Lefty Leverenz commented on HIVE-7193:
--
Doc note: (Removed TODOC2.0 because we only need to document the initial
version, which is 1.3.)
This adds five configuration parameters, which need to be documented in the
HiveServer2 section of Configuration Properties.
* hive.server2.authentication.ldap.groupDNPattern
* hive.server2.authentication.ldap.groupFilter
* hive.server2.authentication.ldap.userDNPattern
* hive.server2.authentication.ldap.userFilter
* hive.server2.authentication.ldap.customLDAPQuery
* [Configuration Properties -- HiveServer2 |
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-HiveServer2]
Ben Tse wrote up the general documentation here (thanks, Ben):
* [User and Group Filter Support with LDAP Atn Provider in HiveServer2 |
https://cwiki.apache.org/confluence/display/Hive/User+and+Group+Filter+Support+with+LDAP+Atn+Provider+in+HiveServer2]
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Labels: TODOC1.3
Fix For: 1.3.0, 2.0.0
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.5.patch, HIVE-7193.6.patch, HIVE-7193.patch,
LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594389#comment-14594389
]
Lefty Leverenz commented on HIVE-7193:
--
The parameter descriptions in patch 5 look good. Just one nit unfixed:
return should be returns in the description of
hive.server2.authentication.ldap.customLDAPQuery. Thanks.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.5.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593269#comment-14593269
]
Hive QA commented on HIVE-7193:
---
{color:green}Overall{color}: +1 all checks pass
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12740574/HIVE-7193.5.patch
{color:green}SUCCESS:{color} +1 9010 tests passed
Test results:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4319/testReport
Console output:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4319/console
Test logs:
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4319/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12740574 - PreCommit-HIVE-TRUNK-Build
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.5.patch, HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592990#comment-14592990
]
Lefty Leverenz commented on HIVE-7193:
--
Yes, I see. Thanks [~ngangam]. Could the parameter descriptions include this
information?
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593003#comment-14593003
]
Lefty Leverenz commented on HIVE-7193:
--
Well, I'd like to see commas colons explained in the description but maybe
that's just because I'm ignorant about LDAP. If you don't think it's
necessary, it can still be added to the description in the wiki. And of course
it's available here.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593005#comment-14593005
]
Lefty Leverenz commented on HIVE-7193:
--
Well, I'd like to see commas colons explained in the description but maybe
that's just because I'm ignorant about LDAP. If you don't think it's
necessary, it can still be added to the description in the wiki. And of course
it's available here.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593019#comment-14593019
]
Lefty Leverenz commented on HIVE-7193:
--
Great, then in Configuration Properties the parameters will be linked to the
LDAP section. Thanks Naveen.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592984#comment-14592984
]
Naveen Gangam commented on HIVE-7193:
-
Thank you for the review.
Q. Also, why is the example a comma-separated list when the description says
colon-separated?
A. The example shows a single pattern for users for LDAP. Each attribute in
LDAP DN is separated by COMMA
CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com
However, it is possible that a ldap directory could have users in different
trees. The pattern for baseDN for each tree is separated by COLON.
For example
CN=%s,CN=Users,DC=subdomain,DC=domain,DC=com:CN=%s,OU=IT,DC=domain,DC=com
The same is true for group patterns. Does this help? Thanks
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593014#comment-14593014
]
Naveen Gangam commented on HIVE-7193:
-
I intend to enhance the LDAP section wiki docs about using these new properties
in detail, with examples. I just holding out until this patch gets committed. I
figured thats where most users will look when attempting to use this feature.
Would that suffice? And leave the patch 5 as-was for now?
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592996#comment-14592996
]
Lefty Leverenz commented on HIVE-7193:
--
I'm getting 404 Oops, you've found a dead link for patch 5.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592995#comment-14592995
]
Lefty Leverenz commented on HIVE-7193:
--
I'm getting 404 Oops, you've found a dead link for patch 5.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593000#comment-14593000
]
Naveen Gangam commented on HIVE-7193:
-
Sorry, I just deleted it seeing you latest comment about including additional
info in the parameter description. Should all of the above info be in the
description? Thanks
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593009#comment-14593009
]
Lefty Leverenz commented on HIVE-7193:
--
Sorry about the duplicate comments. I'll review patch 5 tomorrow.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14590515#comment-14590515
]
Naveen Gangam commented on HIVE-7193:
-
The SINGLE test failure is not related to my patch. It failed in the prior run
too. Appears there is a mismatch in the query output vs the q.out file. So I
think we are good.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14591109#comment-14591109
]
Chaoyu Tang commented on HIVE-7193:
---
+1
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14589876#comment-14589876
]
Naveen Gangam commented on HIVE-7193:
-
For some reason, the pre-commit test run did not pick up the patch. I will
cancel patch, and re-submit to kick it off.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.5.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14590082#comment-14590082
]
Hive QA commented on HIVE-7193:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12740128/HIVE-7193.4.patch
{color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 9008 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestSparkCliDriver.testCliDriver_join28
{noformat}
Test results:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4286/testReport
Console output:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4286/console
Test logs:
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4286/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 1 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12740128 - PreCommit-HIVE-TRUNK-Build
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.4.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14589224#comment-14589224
]
Chaoyu Tang commented on HIVE-7193:
---
Thanks [~ngangam] for the patch. It looks good to me. Regarding to the concern
you had whether the AtnProvider should be changed to be implemented as a
singleton, I agree with you that you would not address it in this patch for
following reasons:
1. The existing code does not implement AtnProvider as a singleton. Making such
change might have some backward compatibility issue. For example, what if a
user has already implemented and used a CustomAuthenticationProvider which is
not for a singleton?
2. The patch only adds several additional read and processing of HiveConf
properties in LdapAuthenticationProviderImpl constructor. Compared to LDAP
authentication itself, its overhead should be trivial and it should not be a
performance bottleneck.
3. In case it turns out the performance is not desirable due to AtnProvider
instantiation, we might consider moving some static logic from constructor to a
static block to improve runtime performance. Or open a separate JIRA to
initiate the investigation to performance implementation (including singleton
etc). But this patch will mainly focuses on the LDAP enhancement.
4. As for your concern dont know what the user-coded
CustomAuthenticationProvider could do, even if you change the
AuthenticationProviderFactory and allow it to be implemented as a singleton,
but like you said, we still have no control how he implements the singleton.
In addition, the enhancement including its new configuration properties should
be properly documented.
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.5.patch,
HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2:
{code:xml}
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
{code}
We need to include other LDAP properties as part of hive-LDAP authentication
like below:
{noformat}
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14575310#comment-14575310
]
Chaoyu Tang commented on HIVE-7193:
---
[~ngangam] Overall, the patch looks good to me. I still have some questions,
could you help clarify them? Thanks
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.patch,
LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2.
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
We need to include other LDAP properties as part of hive-LDAP authentication
like below
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14572492#comment-14572492
]
Hive QA commented on HIVE-7193:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12737449/HIVE-7193.3.patch
{color:red}ERROR:{color} -1 due to 4 failed/errored test(s), 8997 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_autogen_colalias
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_udf_nondeterministic
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_ql_rewrite_gbtoidx_cbo_2
org.apache.hadoop.hive.metastore.txn.TestCompactionTxnHandler.testRevokeTimedOutWorkers
{noformat}
Test results:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4169/testReport
Console output:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4169/console
Test logs:
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4169/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 4 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12737449 - PreCommit-HIVE-TRUNK-Build
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.patch,
LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2.
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
We need to include other LDAP properties as part of hive-LDAP authentication
like below
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14565872#comment-14565872
]
Hive QA commented on HIVE-7193:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12736168/HIVE-7193.2.patch
{color:red}ERROR:{color} -1 due to 5 failed/errored test(s), 8983 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_fold_case
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_index_serde
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_ql_rewrite_gbtoidx_cbo_2
org.apache.hadoop.hive.thrift.TestHadoop20SAuthBridge.testSaslWithHiveMetaStore
org.apache.hive.jdbc.TestSSL.testSSLFetchHttp
{noformat}
Test results:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4100/testReport
Console output:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/4100/console
Test logs:
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-4100/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 5 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12736168 - PreCommit-HIVE-TRUNK-Build
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.2.patch, HIVE-7193.patch,
LDAPAuthentication_Design_Doc.docx, LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2.
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
We need to include other LDAP properties as part of hive-LDAP authentication
like below
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14552418#comment-14552418
]
Naveen Gangam commented on HIVE-7193:
-
Review posted to reviewboard at https://reviews.apache.org/r/34472/. Thanks in
advance
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
LDAPAuthentication_Design_Doc_V2.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2.
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
We need to include other LDAP properties as part of hive-LDAP authentication
like below
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-7193) Hive should support additional LDAP authentication parameters
[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14550189#comment-14550189
]
Hive QA commented on HIVE-7193:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12733705/HIVE-7193.patch
{color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 8946 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestEncryptedHDFSCliDriver.testCliDriver_encryption_insert_partition_static
{noformat}
Test results:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/3942/testReport
Console output:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/3942/console
Test logs:
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-3942/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 1 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12733705 - PreCommit-HIVE-TRUNK-Build
Hive should support additional LDAP authentication parameters
-
Key: HIVE-7193
URL: https://issues.apache.org/jira/browse/HIVE-7193
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0
Reporter: Mala Chikka Kempanna
Assignee: Naveen Gangam
Attachments: HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx
Currently hive has only following authenticator parameters for LDAP
authentication for hiveserver2.
property
namehive.server2.authentication/name
valueLDAP/value
/property
property
namehive.server2.authentication.ldap.url/name
valueldap://our_ldap_address/value
/property
We need to include other LDAP properties as part of hive-LDAP authentication
like below
a group search base - dc=domain,dc=com
a group search filter - member={0}
a user search base - dc=domain,dc=com
a user search filter - sAMAAccountName={0}
a list of valid user groups - group1,group2,group3
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
