[
https://issues.apache.org/jira/browse/HBASE-10919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14136540#comment-14136540
]
Misty Stanley-Jones commented on HBASE-10919:
---------------------------------------------
Potential doc text for this for when this is committed, to go around line 1164
of security.xml:
<!--An idea discussed in <link
xlink:href="https://issues.apache.org/jira/browse/HBASE-10919";>HBASE-10919</link>
makes it
possible to query an LDAP directory for a set of attributes
corresponding to the principal
represented by the request, and convert attributes returned in the
response to additional
auths in the effective set, as shown below. ScanLabelGenerators could
be specified in the
configuration as a comma-separated list of class names. At the time of
this writing, the
feature is not completed.</para>
<figure>
<title>ScanLabelGenerator Diagram</title>
<mediaobject>
<imageobject>
<imagedata fileref="LDAPScanLabelGenerator.png" width="100%"/>
</imageobject>
<textobject>
<para>The <code>LDAPScanLabelGenerator</code> results could
possibly be combined with
the <code>DefaultScanLabelGenerator</code>, to generate the full
set of effective
labels for the principal.</para></textobject>
</mediaobject>
</figure>-->
> [VisibilityController] ScanLabelGenerator using LDAP
> ----------------------------------------------------
>
> Key: HBASE-10919
> URL: https://issues.apache.org/jira/browse/HBASE-10919
> Project: HBase
> Issue Type: New Feature
> Reporter: Andrew Purtell
> Fix For: 0.98.7, 0.99.1
>
> Attachments: slides-10919.pdf
>
>
> A ScanLabelGenerator that queries an external service, using the LDAP
> protocol, for a set of attributes corresponding to the principal represented
> by the request UGI, and converts any returned in the response to additional
> auths in the effective set.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
