Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hive, mail # user - hiveserver2 with OpenLDAP ?


Copy link to this message
-
Re: hiveserver2 with OpenLDAP ?
Sanjay Subramanian 2013-08-24, 01:24
Thanks a lot Mikhail for getting back.

That means I cannot use this using beeline unless I change the code and build hive again ?

Thanks

sanjay

From: Mikhail Antonov <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>
Reply-To: "[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>" <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>
Date: Friday, August 23, 2013 6:17 PM
To: "[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>" <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>
Subject: Re: hiveserver2 with OpenLDAP ?

I see the same behavior and here's the reason.

LdapAuthenticationProviderImpl - that the one responsible for LDAP authentication in Hive. Look at this class. It has snippet (CDH 4.2.1, hive 0.10):

 // setup the security principal
    String bindDN;
    if (baseDN != null) {
      bindDN = "uid=" + user + "," + baseDN;
    } else {
      bindDN = user;
    }

And according to Cloudera documentation, you're supposed to set baseDN param for OpenLDAP, but not for AD. So when this baseDN isn't present, Hive takes username as it is (say user1) and tries to bind to the ldap server, which works.

When you set this baseDN, it constructs the bind string as uid=user1,dc=wizetest,dc=com. But most likely, your open ldap expects it to be rather cn=user1,dc=wizetest,dc=com, uid attribute isn't being used.

I think the way to go is to provide you own LDAP authenticator, which has more control on how to generate LDAP bind string.

Mikhail
2013/8/23 Sanjay Subramanian <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>
Hi guys

I tested hiveserver2 with Active directory - It works
With Open LDAP it does not

Is there any specific syntax for specifying the LDAP url or baseDN ?

<property>
  <name>hive.server2.authentication.ldap.url</name>
  <value>ldap://myserver.corp.nextag.com:389<http://myserver.corp.nextag.com:389></value>
</property>
<property>
  <name>hive.server2.authentication.ldap.baseDN</name>
  <value>dc=wizetest,dc=com</value>
</property>

Beeline keeps giving error

jdbc:hive2://dev-thdp5:10000> !connect jdbc:hive2://dev-thdp5:10000 hiveuser1 ******** org.apache.hive.jdbc.HiveDriver
Connecting to jdbc:hive2://dev-thdp5:10000
Error: Could not establish connection to jdbc:hive2://dev-thdp5:10000: Peer indicated failure: Error validating the login (state=08S01,code=0)

Any clues ?

Thanks

sanjay

CONFIDENTIALITY NOTICE
=====================This email message and any attachments are for the exclusive use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message along with any attachments, from your computer system. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.

--
Thanks,
Michael Antonov

CONFIDENTIALITY NOTICE
=====================This email message and any attachments are for the exclusive use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message along with any attachments, from your computer system. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.