Sentry配置
Hive(服务范围)下 hive.sentry.provider配置为默认值
org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider
hue配置
backend = desktop.auth.backend.LdapBackend
ldap_url = ldap://master
使用搜索绑定身份验证search_bind_authentication = true
LDAP 搜索基础base_dn: dc=ohkj,dc=com
LDAP 绑定用户可分辨名称bind_dn: uid=ldapadmin,ou=people,dc=ohkj,dc=com
LDAP 绑定密码bind_password = ${BIND_PASSWORD}
LDAP User Filter = (objectClass=posixAccount)
LDAP user_name_attr = uid
LDAP group_filter = (objectClass=posixGroup)
LDAP group_name_attr = cn
LDAP group_member_attr = memberUID
sentry服务:Sentry
hue的配置中搜索:sqoop
sqoop服务选择sqoop2
hive配置
hive-site.xml 的 HiveServer2 高级配置代码段(安全阀)
添加如下配置:
<property>
<name>hive.server2.authentication</name>
<value>LDAP</value>
</property>
<property>
<name>hive.server2.authentication.ldap.url</name>
<value>ldap://master</value>
</property>
<property>
<name>hive.server2.authentication.ldap.baseDN</name>
<value>ou=people,dc=0hkj,dc=com</value>
</property>
**********************************************************************************************************************************
在CM上转入Hive的配置页面:
取消勾选 HiveServer2 启用模拟
设置Sentry 服务属性为 Sentry
CDH中只需要配置上面两项即可,其余配置文件CDH会自动配置好。
HDFS配置
Hadoop 用户组映射实现
hadoop.security.group.mapping
org.apache.hadoop.security.LdapGroupsMapping
----------------------------------------------------------------
Hadoop 用户组 进程ping LDAP URL
hadoop.security.group.mapping.ldap.url
ldap://master
----------------------------------------------------------------
Hadoop 用户组映射 LDAP 绑定用户可分辨名称
hadoop.security.group.mapping.ldap.bind.user
uid=ldapadmin,ou=people,dc=sunmnet,dc=com
----------------------------------------------------------------
Hadoop 用户组 进程ping 搜索基础
hadoop.security.group.mapping.ldap.base
dc=sunmnet,dc=com
----------------------------------------------------------------
Hadoop 用户组 进程ping LDAP 用户搜索筛选器
hadoop.security.group.mapping.ldap.search.filter.user
(&(objectClass=posixAccount)(uid={0}))
-----------------------------------------------------------------
Hadoop 用户组 进程ping LDAP 组搜索筛选器
hadoop.security.group.mapping.ldap.search.filter.group
(objectClass=posixGroup)
-----------------------------------------------------------------
Hadoop 用户组 进程ping LDAP 组成员身份属性
hadoop.security.group.mapping.ldap.search.attr.member
memberUid
-----------------------------------------------------------------
Hadoop 用户组 进程ping LDAP 组名称属性
hadoop.security.group.mapping.ldap.search.attr.group.name
cn
-----------------------------------------------------------------
Hadoop 用户组 进程ping LDAP 绑定用户密码
hadoop.security.group.mapping.ldap.bind.password
${BIND_PASSWORD}
网友评论