[jira] [Work logged] (HIVE-27311) Improve LDAP auth to support generic search bind authentication

Wed, 03 May 2023 08:43:07 -0700 


     [ 
https://issues.apache.org/jira/browse/HIVE-27311?focusedWorklogId=860376&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-860376
 ]

ASF GitHub Bot logged work on HIVE-27311:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 03/May/23 15:42
            Start Date: 03/May/23 15:42
    Worklog Time Spent: 10m 
      Work Description: nrg4878 commented on PR #4284:
URL: https://github.com/apache/hive/pull/4284#issuecomment-1533272027

   @henrib Could you please review this change? Thank you in advance




Issue Time Tracking
-------------------

    Worklog Id:     (was: 860376)
    Time Spent: 20m  (was: 10m)

> Improve LDAP auth to support generic search bind authentication
> ---------------------------------------------------------------
>
>                 Key: HIVE-27311
>                 URL: https://issues.apache.org/jira/browse/HIVE-27311
>             Project: Hive
>          Issue Type: Improvement
>          Components: HiveServer2
>    Affects Versions: 4.0.0-alpha-2
>            Reporter: Naveen Gangam
>            Assignee: Naveen Gangam
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Hive's LDAP auth configuration is home-baked and a bit specific to hive. This 
> was by design intending to be as flexible as it can be for accommodating 
> various LDAP implementations. But this does not necessarily make it easy to 
> configure hive with such custom values for ldap filtering when most other 
> components accept generic ldap filters, for example: search bind filters.
> There has to be a layer of translation to have it configured. Instead we can 
> enhance Hive to support generic search bind filters.
> To support this, I am proposing adding NEW alternate configurations. 
> hive.server2.authentication.ldap.userSearchFilter
> hive.server2.authentication.ldap.groupSearchFilter
> hive.server2.authentication.ldap.groupBaseDN
> Search bind filtering will also use EXISTING config param
> hive.server2.authentication.ldap.baseDN
> This is alternate configuration and will be used first if specified. So users 
> can continue to use existing configuration as well. These changes should not 
> interfere with existing configurations.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to