[
https://issues.apache.org/jira/browse/HIVE-27311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Naveen Gangam resolved HIVE-27311.
----------------------------------
Fix Version/s: 4.0.0
Resolution: Fixed
Thank you for the review. Fix has been merged to master.
> Improve LDAP auth to support generic search bind authentication
> ---------------------------------------------------------------
>
> Key: HIVE-27311
> URL: https://issues.apache.org/jira/browse/HIVE-27311
> Project: Hive
> Issue Type: Improvement
> Components: HiveServer2
> Affects Versions: 4.0.0-alpha-2
> Reporter: Naveen Gangam
> Assignee: Naveen Gangam
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.0.0
>
> Time Spent: 2h 40m
> Remaining Estimate: 0h
>
> Hive's LDAP auth configuration is home-baked and a bit specific to hive. This
> was by design intending to be as flexible as it can be for accommodating
> various LDAP implementations. But this does not necessarily make it easy to
> configure hive with such custom values for ldap filtering when most other
> components accept generic ldap filters, for example: search bind filters.
> There has to be a layer of translation to have it configured. Instead we can
> enhance Hive to support generic search bind filters.
> To support this, I am proposing adding NEW alternate configurations.
> hive.server2.authentication.ldap.userSearchFilter
> hive.server2.authentication.ldap.groupSearchFilter
> hive.server2.authentication.ldap.groupBaseDN
> Search bind filtering will also use EXISTING config param
> hive.server2.authentication.ldap.baseDN
> This is alternate configuration and will be used first if specified. So users
> can continue to use existing configuration as well. These changes should not
> interfere with existing configurations.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
