[ https://issues.apache.org/jira/browse/HBASE-10919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14136540#comment-14136540 ]
Misty Stanley-Jones commented on HBASE-10919: --------------------------------------------- Potential doc text for this for when this is committed, to go around line 1164 of security.xml: <!--An idea discussed in <link xlink:href="https://issues.apache.org/jira/browse/HBASE-10919">HBASE-10919</link> makes it possible to query an LDAP directory for a set of attributes corresponding to the principal represented by the request, and convert attributes returned in the response to additional auths in the effective set, as shown below. ScanLabelGenerators could be specified in the configuration as a comma-separated list of class names. At the time of this writing, the feature is not completed.</para> <figure> <title>ScanLabelGenerator Diagram</title> <mediaobject> <imageobject> <imagedata fileref="LDAPScanLabelGenerator.png" width="100%"/> </imageobject> <textobject> <para>The <code>LDAPScanLabelGenerator</code> results could possibly be combined with the <code>DefaultScanLabelGenerator</code>, to generate the full set of effective labels for the principal.</para></textobject> </mediaobject> </figure>--> > [VisibilityController] ScanLabelGenerator using LDAP > ---------------------------------------------------- > > Key: HBASE-10919 > URL: https://issues.apache.org/jira/browse/HBASE-10919 > Project: HBase > Issue Type: New Feature > Reporter: Andrew Purtell > Fix For: 0.98.7, 0.99.1 > > Attachments: slides-10919.pdf > > > A ScanLabelGenerator that queries an external service, using the LDAP > protocol, for a set of attributes corresponding to the principal represented > by the request UGI, and converts any returned in the response to additional > auths in the effective set. -- This message was sent by Atlassian JIRA (v6.3.4#6332)