LIVY-356 Enabling LDAP authentication for Client to Server.

[jakhani]

Currently, Livy doesn't support LDAP Authentication from client(sparkmagic) to server(livy). We need to add LDAP authentication as that's preferable method due to security reasons. We won't be able to use Knox for this purpose. That is why I am raising this PR which contains LDAP authentication.

[jakhani]

@jerryshao Can you please review this PR?

[codecov-io]

Codecov Report

Merging #20 into master will decrease coverage by 1.44%. The diff coverage is 9.52%.

@@             Coverage Diff              @@
##             master      #20      +/-   ##
============================================
- Coverage     70.41%   68.97%   -1.45%     
+ Complexity      777      774       -3     
============================================
  Files            97       98       +1     
  Lines          5256     5382     +126     
  Branches        797      817      +20     
============================================
+ Hits           3701     3712      +11     
- Misses         1024     1135     +111     
- Partials        531      535       +4

Impacted Files	Coverage Δ	Complexity Δ
...main/scala/org/apache/livy/server/LivyServer.scala	33.51% <0%> (-2.96%)	10 <0> (ø)
...rver/src/main/scala/org/apache/livy/LivyConf.scala	96.09% <100%> (+0.15%)	15 <0> (ø)	:arrow_down:
...vy/server/auth/LdapAuthenticationHandlerImpl.scala	6.6% <6.6%> (ø)	0 <0> (?)
...java/org/apache/livy/rsc/rpc/KryoMessageCodec.java	94.33% <0%> (-3.78%)	18% <0%> (-1%)
...ain/java/org/apache/livy/rsc/driver/RSCDriver.java	77.15% <0%> (-0.44%)	39% <0%> (-2%)
rsc/src/main/java/org/apache/livy/rsc/rpc/Rpc.java	78.61% <0%> (+0.62%)	12% <0%> (ø)	:arrow_down:
rsc/src/main/java/org/apache/livy/rsc/Utils.java	85.71% <0%> (+2.38%)	16% <0%> (ø)	:arrow_down:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 75902eb...2586290. Read the comment docs.

[jerryshao]

Sure, I will.

[jakhani]

@jerryshao Earlier my plan was to use LDAP authentication supported by Hadoop auth library of 2.8+ version. But it didn't work well with our setup LDAP setup. Here I have implemented LDAP authentication which is working similar to that but with less restriction. I have fixed all the comments and also removed whatever code was not needed. There are couple of methods which are inherited from AuthenticationHandler interface. So I need to keep those. Init and Destroy methods are called from AuthenticationFilter. Can you please review recent changes?

[pranayhasan]

@jakhani Can you please address the issues raised?

[ajbozarth]

@jakhani if you aren't planning on following up on this could you close this? It's been stale for a while now

[ajbozarth]

@jakhani are you still willing to work on this? I know some users who would like to see this merged, but it still needs work.

[jakhani]

Sorry for taking so much time in completing this PR. I am planning to work on this. I will submit review comment fixes in a week and close this PR.

[ajbozarth]

Thanks @jakhani

[jasonmoore2k]

Hi @jakhani, are you going to attend to the issues or have you abandoned this PR?

[AranVinkItility]

@jakhani It would really help me to see this great feature released. Can you give an update on what your plans are with this PR?

[jerryshao]

The PR proposer seems doesn't work on this any more, and we don't have enough knowledge about LDAP, so this will be pending indefinitely.

[pranayhasan]

@jerryshao @AranVinkItility Janki probably would address the comments by end of the month as she's out since 3 months. You can probably abandon this PR if it's not addressed by end of this month. Thanks for your patience.

[ghost]

any updates on this?

[captainzmc]

Hi @jakhani, Now we need this part. If there are no updates, I will continue your work in the new PR and keep your previous commits.

[jakhani]

Please go ahead. I won't be able to make this change. I have moved to different team.

On Tue, Sep 10, 2019 at 12:22 AM micah zhao [email protected] wrote:

Hi @jakhani https://github.com/jakhani, Now we need this part. If there are no updates, I will continue your work in the new PR and keep your previous commits.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/apache/incubator-livy/pull/20?email_source=notifications&email_token=AF5362IUHG4BDRFGDYOTFTDQI5DMHA5CNFSM4DUG776KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6KDT7Y#issuecomment-529807871, or mute the thread https://github.com/notifications/unsubscribe-auth/AF5362KNOCPTE3PYRESIMATQI5DMHANCNFSM4DUG776A .

-- Thanks & Regards, Janki Akhani

[RooseveltAdvisors]

Thanks for adding this feature. But I couldn't find documentations on this topic. Posting my LDAP configs here. Hopefully it helps.

Livy config

# LDAP
livy.server.auth.type = ldap
livy.server.auth.ldap.url = ldap://localhost:389
livy.server.auth.ldap.base-dn = ou=people,dc=intellinum,dc=co
#livy.server.auth.ldap.username-domain = 
livy.server.auth.ldap.enable-start-tls = false
livy.server.auth.ldap.security-authentication = simple

LDAP Config

dn: uid=livy,ou=people,dc=intellinum,dc=co
objectclass: inetOrgPerson
cn: livy
sn: livy
uid: livy
userpassword: XXXXXX
ou: IT