[jira] [Updated] (HBASE-29244) Support admin users acl setting with LDAP (Web UI only)
[
https://issues.apache.org/jira/browse/HBASE-29244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rushabh Shah updated HBASE-29244:
-
Attachment: Screenshot 2025-06-17 at 1.24.25 PM.png
> Support admin users acl setting with LDAP (Web UI only)
> ---
>
> Key: HBASE-29244
> URL: https://issues.apache.org/jira/browse/HBASE-29244
> Project: HBase
> Issue Type: New Feature
> Components: security, UI
>Reporter: Nihal Jain
>Assignee: Nihal Jain
>Priority: Major
> Labels: pull-request-available
> Fix For: 3.0.0-beta-2, 2.6.3, 2.5.12
>
> Attachments: Screenshot 2025-06-17 at 1.24.25 PM.png
>
>
> HBASE-27693 added support for LDAP in web UI, but there is not way to
> access/secure admin instrumentation endpoints with it. With this PR we will
> extend the AccessControlList to also work when LDAP is setup.
> After this we will be able to set a new key say
> ""hbase.security.authentication.ldap.admin.users" = "user1,user2" to
> configure which all LDAP users can access a secured page. This will be
> similar to the one we have for SPNEGO i.e.
> {code}
>
> hbase.security.authentication.spnego.admin.users
>
>
> {code}
> [https://hbase.apache.org/book.html#_defining_administrators_of_the_web_ui]
> NOTE: Do not intend to add support for groups as of with this JIRA.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HBASE-29244) Support admin users acl setting with LDAP (Web UI only)
[
https://issues.apache.org/jira/browse/HBASE-29244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-29244:
---
Hadoop Flags: Reviewed
Resolution: Fixed
Status: Resolved (was: Patch Available)
Pushed to all active branches. Thank you [~ndimiduk] and [~paksyd] for the
reviews!
> Support admin users acl setting with LDAP (Web UI only)
> ---
>
> Key: HBASE-29244
> URL: https://issues.apache.org/jira/browse/HBASE-29244
> Project: HBase
> Issue Type: New Feature
> Components: security, UI
>Reporter: Nihal Jain
>Assignee: Nihal Jain
>Priority: Major
> Labels: pull-request-available
> Fix For: 3.0.0-beta-2, 2.6.3, 2.5.12
>
>
> HBASE-27693 added support for LDAP in web UI, but there is not way to
> access/secure admin instrumentation endpoints with it. With this PR we will
> extend the AccessControlList to also work when LDAP is setup.
> After this we will be able to set a new key say
> ""hbase.security.authentication.ldap.admin.users" = "user1,user2" to
> configure which all LDAP users can access a secured page. This will be
> similar to the one we have for SPNEGO i.e.
> {code}
>
> hbase.security.authentication.spnego.admin.users
>
>
> {code}
> [https://hbase.apache.org/book.html#_defining_administrators_of_the_web_ui]
> NOTE: Do not intend to add support for groups as of with this JIRA.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HBASE-29244) Support admin users acl setting with LDAP (Web UI only)
[
https://issues.apache.org/jira/browse/HBASE-29244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-29244:
---
Fix Version/s: 3.0.0-beta-2
2.6.3
2.5.12
> Support admin users acl setting with LDAP (Web UI only)
> ---
>
> Key: HBASE-29244
> URL: https://issues.apache.org/jira/browse/HBASE-29244
> Project: HBase
> Issue Type: New Feature
> Components: security, UI
>Reporter: Nihal Jain
>Assignee: Nihal Jain
>Priority: Major
> Labels: pull-request-available
> Fix For: 3.0.0-beta-2, 2.6.3, 2.5.12
>
>
> HBASE-27693 added support for LDAP in web UI, but there is not way to
> access/secure admin instrumentation endpoints with it. With this PR we will
> extend the AccessControlList to also work when LDAP is setup.
> After this we will be able to set a new key say
> ""hbase.security.authentication.ldap.admin.users" = "user1,user2" to
> configure which all LDAP users can access a secured page. This will be
> similar to the one we have for SPNEGO i.e.
> {code}
>
> hbase.security.authentication.spnego.admin.users
>
>
> {code}
> [https://hbase.apache.org/book.html#_defining_administrators_of_the_web_ui]
> NOTE: Do not intend to add support for groups as of with this JIRA.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HBASE-29244) Support admin users acl setting with LDAP (Web UI only)
[
https://issues.apache.org/jira/browse/HBASE-29244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-29244:
---
Release Note: We now support configuring an LDAP user as admin for all
HBase Web UIs, privileged pages can only be accessed by the admin user. (was:
Support for LDAP Authentication in the HBase Web UI via Hadoop's
LdapAuthenticationFilter.)
> Support admin users acl setting with LDAP (Web UI only)
> ---
>
> Key: HBASE-29244
> URL: https://issues.apache.org/jira/browse/HBASE-29244
> Project: HBase
> Issue Type: New Feature
> Components: security, UI
>Reporter: Nihal Jain
>Assignee: Nihal Jain
>Priority: Major
> Labels: pull-request-available
> Fix For: 3.0.0-beta-2, 2.6.3, 2.5.12
>
>
> HBASE-27693 added support for LDAP in web UI, but there is not way to
> access/secure admin instrumentation endpoints with it. With this PR we will
> extend the AccessControlList to also work when LDAP is setup.
> After this we will be able to set a new key say
> ""hbase.security.authentication.ldap.admin.users" = "user1,user2" to
> configure which all LDAP users can access a secured page. This will be
> similar to the one we have for SPNEGO i.e.
> {code}
>
> hbase.security.authentication.spnego.admin.users
>
>
> {code}
> [https://hbase.apache.org/book.html#_defining_administrators_of_the_web_ui]
> NOTE: Do not intend to add support for groups as of with this JIRA.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HBASE-29244) Support admin users acl setting with LDAP (Web UI only)
[
https://issues.apache.org/jira/browse/HBASE-29244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-29244:
---
Status: Patch Available (was: In Progress)
> Support admin users acl setting with LDAP (Web UI only)
> ---
>
> Key: HBASE-29244
> URL: https://issues.apache.org/jira/browse/HBASE-29244
> Project: HBase
> Issue Type: New Feature
> Components: security, UI
>Reporter: Nihal Jain
>Assignee: Nihal Jain
>Priority: Major
> Labels: pull-request-available
>
> HBASE-27693 added support for LDAP in web UI, but there is not way to
> access/secure admin instrumentation endpoints with it. With this PR we will
> extend the AccessControlList to also work when LDAP is setup.
> After this we will be able to set a new key say
> ""hbase.security.authentication.ldap.admin.users" = "user1,user2" to
> configure which all LDAP users can access a secured page. This will be
> similar to the one we have for SPNEGO i.e.
> {code}
>
> hbase.security.authentication.spnego.admin.users
>
>
> {code}
> [https://hbase.apache.org/book.html#_defining_administrators_of_the_web_ui]
> NOTE: Do not intend to add support for groups as of with this JIRA.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HBASE-29244) Support admin users acl setting with LDAP (Web UI only)
[
https://issues.apache.org/jira/browse/HBASE-29244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated HBASE-29244:
---
Labels: pull-request-available (was: )
> Support admin users acl setting with LDAP (Web UI only)
> ---
>
> Key: HBASE-29244
> URL: https://issues.apache.org/jira/browse/HBASE-29244
> Project: HBase
> Issue Type: New Feature
> Components: security, UI
>Reporter: Nihal Jain
>Assignee: Nihal Jain
>Priority: Major
> Labels: pull-request-available
>
> HBASE-27693 added support for LDAP in web UI, but there is not way to
> access/secure admin instrumentation endpoints with it. With this PR we will
> extend the AccessControlList to also work when LDAP is setup.
> After this we will be able to set a new key say
> ""hbase.security.authentication.ldap.admin.users" = "user1,user2" to
> configure which all LDAP users can access a secured page. This will be
> similar to the one we have for SPNEGO i.e.
> {code}
>
> hbase.security.authentication.spnego.admin.users
>
>
> {code}
> [https://hbase.apache.org/book.html#_defining_administrators_of_the_web_ui]
> NOTE: Do not intend to add support for groups as of with this JIRA.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HBASE-29244) Support admin users acl setting with LDAP (Web UI only)
[
https://issues.apache.org/jira/browse/HBASE-29244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-29244:
---
Summary: Support admin users acl setting with LDAP (Web UI only) (was:
Support admin users acl setting with LDAP in hbase web ui)
> Support admin users acl setting with LDAP (Web UI only)
> ---
>
> Key: HBASE-29244
> URL: https://issues.apache.org/jira/browse/HBASE-29244
> Project: HBase
> Issue Type: New Feature
> Components: security, UI
>Reporter: Nihal Jain
>Assignee: Nihal Jain
>Priority: Major
>
> HBASE-27693 added support for LDAP in web UI, but there is not way to
> access/secure admin instrumentation endpoints with it. With this PR we will
> extend the AccessControlList to also work when LDAP is setup.
> After this we will be able to set a new key say
> ""hbase.security.authentication.ldap.admin.users" = "user1,user2" to
> configure which all LDAP users can access a secured page. This will be
> similar to the one we have for SPNEGO i.e.
> {code}
>
> hbase.security.authentication.spnego.admin.users
>
>
> {code}
> [https://hbase.apache.org/book.html#_defining_administrators_of_the_web_ui]
> NOTE: Do not intend to add support for groups as of with this JIRA.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
