Skip to main content
Skip table of contents

Engine LDAP Authentication

The Developer Console, as well as the Galactica Hive Engine, can be configured to use LDAP Authentication.

To configure Galactica to use LDAP as an authentication engine, you must use these parameters in the hive-site.xml configuration file

Connection to the LDAP server

XML 
<property>
  <name>hive.server2.authentication</name>
  <value>LDAP</value>
</property>
<property>
  <name>hive.server2.authentication.ldap.url</name>
  <value>ldap://<your-ldap-hostname></value>
</property>

User and Group Filter Support with LDAP

User Search list

Indexima supports the User Search List mode available in a Hive server as described here

hive.server2.authentication.ldap.userDNPattern

XML 
<property>
  <name>hive.server2.authentication.ldap.userDNPattern</name>
  <value>cn=%s,ou=people,dc=indexima,dc=com</value>
</property>

hive.server2.authentication.ldap.userFilter

This is a comma-separated list of usernames to grant access to. The Atn provider grants access if the user being authenticated is part of this list, and denies access otherwise.

Example:

XML 
<property>
  <name>
    hive.server2.authentication.ldap.userFilter
  </name>
  <value>
    hive-admin,hive,hivetest,hive-user
  </value>
</property>

LDAP Groups/ Group Membership

You can use an LDAP construct called a group (groupOfNames or groupOfUniqueNames) to give access to only a few users instead of your whole organizational unit. To do this, you must add the following properties to hive-site.xml configuration file

hive-site.xml

XML 
<property>
    <name>hive.server2.authentication.ldap.groupFilter</name>
    <value><GROUP_NAME></value>
</property>
<property>
    <name>hive.server2.authentication.ldap.groupDNPattern</name>
    <value>cn=%s,ou=crews,ou=groups,dc=indexima,dc=org</value>
</property>
<property>
    <name>hive.server2.authentication.ldap.groupClassKey</name>
    <value>groupOfUniqueNames</value>
</property>
<property>
    <name>hive.server2.authentication.ldap.groupMembershipKey</name>
    <value>uniqueMember</value>
</property>

The group DN pattern must be changed accordingly to your own LDAP DN.

The groupClassKey and groupMembershipKey must be changed accordingly to your LDAP Group setup. Accepted values are groupOfUniqueNames and groupOfNames for the class key, and member and uniqueMember for the membership key.

Mode not supported

Indexima does not support the "Custom Query String" mode available in a Hive server as described here


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close