Mohit Sabharwal created HIVE-8916:
-------------------------------------
Summary: Handle user@domain username under LDAP authentication
Key: HIVE-8916
URL: https://issues.apache.org/jira/browse/HIVE-8916
Project: Hive
Issue Type: Bug
Components: Authentication
Reporter: Mohit Sabharwal
Assignee: Mohit Sabharwal
If LDAP is configured with multiple domains for authentication, users can be in
different domains.
Currently, LdapAuthenticationProviderImpl blindly appends the domain configured
"hive.server2.authentication.ldap.Domain" to the username, which limits user to
that domain. However, under multi-domain authentication, the username may
already include the domain (ex: u...@domain.foo.com). We should not append a
domain if one is already present.
Also, if username already includes the domain, rest of Hive and authorization
providers still expects the "short name" ("user" and not "u...@domain.foo.com")
for looking up privilege rules, etc. As such, any domain info in the username
should be stripped off.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
