nrg4878 opened a new pull request, #4284:
URL: https://github.com/apache/hive/pull/4284
… Gangam)
### What changes were proposed in this pull request?
Support for generic LDAP search bind authentication with user and group
filtering.
For user filtering, use these configurations
hive.server2.authentication.ldap.baseDN
hive.server2.authentication.ldap.userSearchFilter
For group filtering (in conjunction with the user filtering)
hive.server2.authentication.ldap.groupBaseDN
hive.server2.authentication.ldap.groupSearchFilter
For example:
user search filter: (&(uid={0})(objectClass=person))
baseDN: ou=Users,dc=apache,dc=org
group search filter:
(&(|(memberUid={0})(memberUid={1}))(objectClass=posixGroup))
groupBaseDN: ou=Groups,dc=apache,dc=org
In this case, {0} in user filter is the username to be authenticated. user
search is performed to find the userDN which then is substituted into the group
search filter to perform a search. If the result set is non-empty, the user is
assumed to have satisfied the criteria and the auth succeeds.
Group filter configuration is optional above. In such cases, only a user
search is performed is success is based on finding the user.
### Why are the changes needed?
Enabling generic ldap configuration for Hive LDAP authentication
### Does this PR introduce _any_ user-facing change?
Backward compatible.
### How was this patch tested?
Manually using OpenLDAP server
Unit Tests that use Apache Directory Services LDAP server
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
