apache/kyuubi
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
c8f01e69cb
kyuubi/docs/security/ldap.md
liangbowen ab1c46d431 [KYUUBI #5154] [Doc] Move configuration docs to the top level 
### _Why are the changes needed?_

- Move the configuration docs to the top level of docs, which is most commonly used and referenced
- update relevant doc links

![image](https://github.com/apache/kyuubi/assets/1935105/a1dd35cc-d37f-4294-9fed-b275956c2cc5)

### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request

Closes #5154 from bowenliang123/config-doc-first.

Closes #5154

b49ed3f8b [liangbowen] nit
db7f0d14d [liangbowen] update doc links
f8fd697a2 [liangbowen] move config docs to the top level
7448e4487 [liangbowen] change title of settings doc
40214ddd8 [liangbowen] move config doc in the front of deployment

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
2023-08-11 18:23:08 +08:00

61 lines
2.9 KiB
Markdown
Raw Blame History

<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-->
# Configure Kyuubi to use LDAP Authentication
Kyuubi can be configured to enable frontend LDAP authentication for clients, such as the BeeLine, or the JDBC and ODBC drivers.
At present, only simple LDAP authentication mechanism involving username and password is supported. The client sends
a username and password to the Kyuubi server, and the Kyuubi server validates these credentials using an external LDAP service.
## Enable LDAP Authentication
To enable LDAP authentication for Kyuubi, LDAP-related configurations is required to be configured in
`$KYUUBI_HOME/conf/kyuubi-defaults.conf` on each node where Kyuubi server is installed.
For example,
```properties example
kyuubi.authentication=LDAP
kyuubi.authentication.ldap.baseDN=dc=org
kyuubi.authentication.ldap.domain=apache.org
kyuubi.authentication.ldap.binddn=uid=kyuubi,OU=Users,DC=apache,DC=org
kyuubi.authentication.ldap.bindpw=kyuubi123123
kyuubi.authentication.ldap.url=ldap://hostname.com:389/
```
## User and Group Filter in LDAP
Kyuubi also supports complex LDAP cases as [Apache Hive](https://cwiki.apache.org/confluence/display/Hive/User+and+Group+Filter+Support+with+LDAP+Atn+Provider+in+HiveServer2#UserandGroupFilterSupportwithLDAPAtnProviderinHiveServer2-UserandGroupFilterSupportwithLDAP) does.
For example,
```properties example
# Group Membership
kyuubi.authentication.ldap.groupClassKey=groupOfNames
kyuubi.authentication.ldap.groupDNPattern=CN=%s,OU=Groups,DC=apache,DC=org
kyuubi.authentication.ldap.groupFilter=group1,group2
kyuubi.authentication.ldap.groupMembershipKey=memberUid
# User Search List
kyuubi.authentication.ldap.userDNPattern=CN=%s,CN=Users,DC=apache,DC=org
kyuubi.authentication.ldap.userFilter=hive-admin,hive,hive-test,hive-user
# Custom Query
kyuubi.authentication.ldap.customLDAPQuery=(&(objectClass=group)(objectClass=top)(instanceType=4)(cn=Domain*)), (&(objectClass=person)(|(sAMAccountName=admin)(|(memberOf=CN=Domain Admins,CN=Users,DC=domain,DC=com)(memberOf=CN=Administrators,CN=Builtin,DC=domain,DC=com))))
```
Please refer to [Settings for LDAP authentication in Kyuubi](../configuration/settings.html?highlight=LDAP#authentication)
for all configurations.
Reference in New Issue View Git Blame Copy Permalink