Reply
Highlighted
New Contributor
Posts: 1
Registered: ‎07-19-2018

LDAP Authentication with HiveServer2 only accepts full distinguished name (DN)

[ Edited ]

We have enabled LDAP authentication with HiveServer2 using Active Directory. 

 

However, with a login form

beeline> !connect jdbc:hive2://hiveserver:10000

I need to enter username the DN of my directory entry such as

 

CN=Michael Jordan,OU=Staff Accounts,OU=Users,OU=Accounts,DC=nba,DC=com

+ password to authenticate to LDAP.

 

E-mail address and sAMAccountName (for example, mjordan) + password both got "Peer indicated failure: Error validating the login (state=08S01,code=0)" error.

 

Is it supposed to be this way? Or is there a way to configure HiveServer2 to solve this DN resolution issue?

 

The steps we did on Cloudera Manager are:

  1. Check Enable LDAP Authentication.
  2. Enter the LDAP URL in the format ldaps://<host>:<port>
  3. Enter the Active Directory Domain for my environment.

We also configured LDAPS authentication with HiveServer2.

 

Thank you in advance for any help you can provide.

Announcements