[
https://issues.apache.org/jira/browse/HIVE-12885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15106283#comment-15106283
]
Lefty Leverenz commented on HIVE-12885:
---------------------------------------
Thank you [~ngangam].
> LDAP Authenticator improvements
> -------------------------------
>
> Key: HIVE-12885
> URL: https://issues.apache.org/jira/browse/HIVE-12885
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 1.1.0
> Reporter: Naveen Gangam
> Assignee: Naveen Gangam
> Attachments: HIVE-12885.2.patch, HIVE-12885.patch
>
>
> Currently Hive's LDAP Atn provider assumes certain defaults to keep its
> configuration simple.
> 1) One of the assumptions is the presence of an attribute
> "distinguishedName". In certain non-standard LDAP implementations, this
> attribute may not be available. So instead of basing all ldap searches on
> this attribute, getNameInNamespace() returns the same value. So this API is
> to be used instead.
> 2) It also assumes that the "user" value being passed in, will be able to
> bind to LDAP. However, certain LDAP implementations, by default, only allow
> the full DN to be used, just short user names are not permitted. We will need
> to be able to support short names too when hive configuration only has
> "BaseDN" specified (not userDNPatterns). So instead of hard-coding "uid" or
> "CN" as keys for the short usernames, it probably better to make this a
> configurable parameter.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
