This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • User and Group Filter Support with LDAP Atn Provider in HiveServer2

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fixing the header for group class key so that it matches the attribute name.

...

There could be multiple entries for this attribute, one for each of its members. By default, the LDAP authentication provider assumes "member" to search for users. To alter this default, set a value/key for property for the provider to accurately search for group members.

hive.

...

server2.authentication.ldap.groupClassKey

This value represents the LDAP objectClass each of the groups implements in LDAP. By default, the LDAP Authentication provider uses "groupOfNames" in its search for groups. (Available starting in version 2.1.0.)

...

    dn:uid=testGroup,ou=Groups,dc=domain,dc=com
objectClass: group
objectClass: top
memberUid: uid=testUser1,ou=Users,dc=domain,dc=com
memberUid: uid=testUser2,ou=Users,dc=domain,dc=com
cn: HiveUserGroup
 

Code Block
languagetext
<property>
  <name>hive.server2.authentication.ldap.groupMembershipKey</name>
  <value>memberUid</value>
</property>
<property>
  <name>hive.server2.authentication.ldap.groupClassKey</name>
  <value>group</value>
</property>

...