[Presto] Secure with LDAP

For security issue we decided to enable LDAP in presto, to deploy presto into kubernetes cluster we build presto image ourselves which include kerberos authentication and LDAP configurations.

As you see the image structure, configurations under catalog/etc/hive are very important, please pay attention.

krb5.conf and xxx.keytab are used to connect to kerberos

password-authenticator.properties and ldap_server.pem under etc, hive.properties and hive-security.json under catalog are used to connect to LDAP.

password-authenticator.properties

password-authenticator.name=ldap
ldap.url=ldaps://<IP>:<PORT>
ldap.user-bind-pattern=xxxxxx
ldap.user-base-dn=xxxxxx

hive.properties

connector.name=hive-hadoop2
hive.security=file
security.config-file=<hive-security.json>
hive.metastore.authentication.type=KERBEROS
hive.metastore.uri=thrift://<IP>:<PORT>
hive.metastore.service.principal=<SERVER-PRINCIPAL>
hive.metastore.client.principal=<CLIENT-PRINCIPAL>
hive.metastore.client.keytab=<KEYTAB>
hive.config.resources=core-site.xml, hdfs-site.xml

hive-security.json

{
  "schemas": [{
    "user": "user_1",
    "schema": "db_1",
    "owner": false
  }, {
    "user": " ",
    "schema": "db_1",
    "owner": false
  }, {
    "user": "user_2",
    "schema": "db_2",
    "owner": false
  }],
  "tables": [{
    "user": "user_1",
    "schema": "db_1",
    "table": "table_1",
    "privileges": ["SELECT"]
  }, {
    "user": "user_1",
    "schema": "db_1",
    "table": "table_2",
    "privileges": ["SELECT"]
  }, {
    "user": "user_2",
    "schema": "db_1",
    "table": ".*",
    "privileges": ["SELECT"]
  }, {
    "user": "user_2",
    "schema": "db_2",
    "table": "table_1",
    "privileges": ["SELECT"]
  }, {
    "user": "user_2",
    "schema": "db_2",
    "table": "table_2",
    "privileges": ["SELECT"]
  }],
  "sessionProperties": [{
    "allow": false
  }]
}