Reply
MC
Explorer
Posts: 29
Registered: ‎03-12-2014
Accepted Solution

Sentry doesn't seem to work with LDAP (CDH 5.3)

Dear fellow Hadoop users,

A couple of weeks ago we installed CDH 5.3 with LDAP authentication. Everything worked like a charm. Next, we turned on Sentry only to hit a road block. The hiveserver2 log shows the following message:

 

2015-01-14 14:23:17,267 ERROR org.apache.hive.service.cli.operation.Operation: Error running hive query:
org.apache.hive.service.cli.HiveSQLException: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:Failed to load Hive binding hive.metastore.sasl.enabled can't be false in non-testing mode)

 

Not sure about what "non-testing mode" means. Keep in mind that sentry.hive.testing.mode is set to true. We also tried to use the hive.test.mode property to no avail.

 

Can anyone shed some light on this please?

Thanks!

Cloudera Employee
Posts: 1
Registered: ‎01-14-2015

Re: Sentry doesn't seem to work with LDAP (CDH 5.3)

 

  Have you set the testing mode in both HiveServer2 and Metastore safety valves ? Note that Sentry enforces same set of policies on HiveServer2 as well as Metastore.

 

thanks

Prasad

 

MC
Explorer
Posts: 29
Registered: ‎03-12-2014

Re: Sentry doesn't seem to work with LDAP (CDH 5.3)

I tried that too with no success. 

MC
Explorer
Posts: 29
Registered: ‎03-12-2014

Re: Sentry doesn't seem to work with LDAP (CDH 5.3)

Never mind... we just realized that the sentry.hive.testing.mode property had been set in the wrong place. It's working now!

Highlighted
MC
Explorer
Posts: 29
Registered: ‎03-12-2014

Re: Sentry doesn't seem to work with LDAP (CDH 5.3)

Before I close this post, here is the solution... Add the sentry.hive.testing.mode property to the "Hive Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml" under the Hive service.

Announcements