[ https://issues.apache.org/jira/browse/IMPALA-10161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tamas Mate resolved IMPALA-10161. --------------------------------- Fix Version/s: Impala 4.0 Resolution: Fixed > User LDAP search bind support > ----------------------------- > > Key: IMPALA-10161 > URL: https://issues.apache.org/jira/browse/IMPALA-10161 > Project: IMPALA > Issue Type: Improvement > Components: Backend, Security > Affects Versions: Impala 3.4.0 > Reporter: Tamas Mate > Assignee: Tamas Mate > Priority: Major > Fix For: Impala 4.0 > > > Currently Impala only supports simple direct bind mechanism to authenticate a > user. While other components allow the administrators to specify a user > search base dn and an administrator bind dn and bind password to search for > the user under the user search base directory. > This method is especially useful for larger organizations where the directory > structure is wide. Given the following two FQDNs: > {code:java} > uid=alice,ou=Engineering,ou=People,dc=mycompany,dc=com > uid=bob,ou=Accounting,ou=People,dc=mycompany,dc=com > {code} > In case the administrator would like to allow both Engineering and Accounting > users to authenticate neither the ldap_baseDN nor the ldap_bind_pattern > configuration could give the flexibility to authenticate correctly. > * ldap_baseDN takes the configured baseDN and prefixes it with _uid=<userid>_ > * ldap_bind_pattern gives the option to specify a pattern with a parameter > such as _user=#UID,OU=foo,CN=bar_ > The convenient solution would be to specify a base dn and execute a search > under it instead of prefixing it with uid, because this depends on the LDAP > directory structure. > LDAP search has already been implemented for groups, this should be > implemented for users as well. > The option to configure the group filters with LDAP filters should be added > to the group check as well. > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org