Reply
Contributor
Posts: 78
Registered: ‎06-19-2014

hive+ldap LDAP: error code 34 - invalid DN

hi,

 

CDH5.5.1


2016-02-05 13:42:06,455 WARN org.apache.hadoop.hive.conf.HiveConf: [HiveServer2-Handler-Pool: Thread-34]: HiveConf of name hive.entity.capture.input.URI does not exist
2016-02-05 13:42:06,469 ERROR org.apache.thrift.transport.TSaslTransport: [HiveServer2-Handler-Pool: Thread-34]: SASL negotiation failure
javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: LDAP Authentication failed for user [Caused by javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]]]
at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)
at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.sasl.AuthenticationException: LDAP Authentication failed for user [Caused by javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]]
at org.apache.hive.service.auth.LdapAuthenticationProviderImpl.Authenticate(LdapAuthenticationProviderImpl.java:266)
at org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler.handle(PlainSaslHelper.java:106)
at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:102)
... 8 more
Caused by: javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3076)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at org.apache.hive.service.auth.LdapAuthenticationProviderImpl.Authenticate(LdapAuthenticationProviderImpl.java:159)
... 10 more
2016-02-05 13:42:06,472 ERROR org.apache.thrift.server.TThreadPoolServer: [HiveServer2-Handler-Pool: Thread-34]: Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: Error validating the login
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.thrift.transport.TTransportException: Error validating the login
at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316)
at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
... 4 more

 

anybody help me

 

regards

 

rube

Contributor
Posts: 78
Registered: ‎06-19-2014

Re: hive+ldap LDAP: error code 34 - invalid DN

hive-1.1.0-CDH5.5.2  have the same problem.

apache-hive-1.2.1-bin and  hive-1.1.0-cdh5.4.5 works.

 

anybody helps me?

Highlighted
Explorer
Posts: 21
Registered: ‎10-27-2015

Re: hive+ldap LDAP: error code 34 - invalid DN

I have a case open with Cloudera and this is a known issue with Hive and LDAP.  The fix is in HIVE-12885.  They say it should ship in CDH 5.5.3.

 

Explorer
Posts: 8
Registered: ‎07-18-2014

Re: hive+ldap LDAP: error code 34 - invalid DN

Ouch.  I have clusters with cdh 5.4.0 and 5.4.8 with Hive authenticating against OpenLDAP and they work just fine.

 

I just set up cdh 5.5.2 and Hive authenticating against the same OpenLDAP servers using the same configurations like those of cdh 5.4.* and now things do not work at all.  I added hive.server2.authentication.ldap.groupDNPattern, hive.server2.authentication.ldap.userDNPattern along with previous params hive.server2.authentication.ldap.baseDN,hive.server2.authentication.ldap.url but this is the error I have seen.

 

Big surprised for me.  Now, I cross my fingers and wait for CDH 5.5.3.

 

Thanks for shaing more information on this issue.

New Contributor
Posts: 1
Registered: ‎04-11-2016

Re: hive+ldap LDAP: error code 34 - invalid DN

Just upgrade my CDH5.5.2 to CDH5.7.0 hoping the latest CDH5.7.0 has the fix. But it seems that the latest CDH5.7.0 still have the issue. Does anyone run this successfully on CDH5.7.0? Thanks, cuckoo
Explorer
Posts: 21
Registered: ‎10-27-2015

Re: hive+ldap LDAP: error code 34 - invalid DN

CDH 5.7.0 does include HIVE-12885.  I have not tested it.

 

To add to my previous post, we were having a difficult time getting group restrictions to work with a client's RFC2307 compliant OpenLDAP and objectClass=posixGroup.  HIVE-13295 was created to help solve that problem.  Perhaps it might help you as well?

 

Announcements