Naveen Gangam created HIVE-27311:
------------------------------------
Summary: Improve LDAP auth to support generic search bind
authentication
Key: HIVE-27311
URL: https://issues.apache.org/jira/browse/HIVE-27311
Project: Hive
Issue Type: Improvement
Components: HiveServer2
Affects Versions: 4.0.0-alpha-2
Reporter: Naveen Gangam
Assignee: Naveen Gangam
Hive's LDAP auth configuration is home-baked and a bit specific to hive. This
was by design intending to be as flexible as it can be for accommodating
various LDAP implementations. But this does not necessarily make it easy to
configure hive with such custom values for ldap filtering when most other
components accept generic ldap filters, for example: search bind filters.
There has to be a layer of translation to have it configured. Instead we can
enhance Hive to support generic search bind filters.
To support this, I am proposing adding NEW alternate configurations.
hive.server2.authentication.ldap.userSearchFilter
hive.server2.authentication.ldap.groupSearchFilter
hive.server2.authentication.ldap.groupBaseDN
Search bind filtering will also use EXISTING config param
hive.server2.authentication.ldap.baseDN
This is alternate configuration and will be used first if specified. So users
can continue to use existing configuration as well. These changes should not
interfere with existing configurations.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
