[ https://issues.apache.org/jira/browse/HIVE-14513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15417631#comment-15417631 ]
Hive QA commented on HIVE-14513: -------------------------------- Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12823145/HIVE-14513.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 3 failed/errored test(s), 10408 tests executed *Failed tests:* {noformat} TestMsgBusConnection - did not produce a TEST-*.xml file TestQueryLifeTimeHook - did not produce a TEST-*.xml file org.apache.hadoop.hive.cli.TestMiniLlapCliDriver.testCliDriver_orc_llap_counters {noformat} Test results: https://builds.apache.org/job/PreCommit-HIVE-MASTER-Build/854/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-MASTER-Build/854/console Test logs: http://ec2-204-236-174-241.us-west-1.compute.amazonaws.com/logs/PreCommit-HIVE-MASTER-Build-854/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 3 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12823145 - PreCommit-HIVE-MASTER-Build > Enhance custom query feature in LDAP atn to support resultset of ldap groups > ---------------------------------------------------------------------------- > > Key: HIVE-14513 > URL: https://issues.apache.org/jira/browse/HIVE-14513 > Project: Hive > Issue Type: Bug > Components: HiveServer2 > Affects Versions: 1.0.0 > Reporter: Naveen Gangam > Assignee: Naveen Gangam > Attachments: HIVE-14513.patch > > > LDAP Authenticator can be configured to use a result set from a LDAP query to > authenticate. However, is it expected that this LDAP query would only result > a set of users (aka full DNs for the users in LDAP). > However, its not always straightforward to be able to author queries that > return users. For example, say you would like to allow "all users from group1 > and group2" to be authenticated. The LDAP query has to return a union of all > members of the group1 and group2. > For example, one common configuration is that groups contain a list of its > users > "dn: uid=group1,ou=Groups,dc=example,dc=com", > "distinguishedName: uid=group1,ou=Groups,dc=example,dc=com", > "objectClass: top", > "objectClass: groupOfNames", > "objectClass: ExtensibleObject", > "cn: group1", > "ou: Groups", > "sn: group1", > "member: uid=user1,ou=People,dc=example,dc=com", > The query > {{(&(objectClass=groupOfNames)(|(cn=group1)(cn=group2)))}} > will return the entries > uid=group1,ou=Groups,dc=example,dc=com > uid=group2,ou=Groups,dc=example,dc=com > but there is no means to form a query that would return just the values of > "member" attributes. (ldap client tools are able to do by filtering out the > attributes on these entries. > So it will be useful to have such support to be able to specify queries that > return groups. -- This message was sent by Atlassian JIRA (v6.3.4#6332)