https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87301#M28375 <P>Hello&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/16013">@Steve206</a>,</P><P>&nbsp;</P><P>Yup, you are right mate. Most of the documentation that I came across talks about ldaps implementation support for hs2.</P><P>&nbsp;</P><P>Thinking loud here.. hypothetically if there was an option and with above setup of no-ssl on ad server. starttls secure connection neg. will fail anyways and it will be a standard connection.</P><P>&nbsp;</P><P>There is an option to write pluggable class and then set authentication to custom.</P><P>&nbsp;</P><P>Hope that helps.</P> Wed, 06 Mar 2019 11:04:37 GMT Consult 2019-03-06T11:04:37Z https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87182#M28374 <P>Hi all,</P><P>&nbsp;</P><P>Currently using CDH 5.14.4 and looking to enable user authention on HiveServer2 using OpenLDAP. The two connection options I'm seeing are LDAP and LDAPS, but we currently don't have LDAPS configured with our OpenLDAP server. Hue supports LDAP with StartTLS so I figured Hive would too. I'm wondering if StartTLS is an option that I'm not finding documentation for or if its not supported.&nbsp;</P><P>&nbsp;</P><P>Thanks for your help!</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 16 Sep 2022 14:12:25 GMT https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87182#M28374 Steve206 2022-09-16T14:12:25Z https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87301#M28375 <P>Hello&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/16013">@Steve206</a>,</P><P>&nbsp;</P><P>Yup, you are right mate. Most of the documentation that I came across talks about ldaps implementation support for hs2.</P><P>&nbsp;</P><P>Thinking loud here.. hypothetically if there was an option and with above setup of no-ssl on ad server. starttls secure connection neg. will fail anyways and it will be a standard connection.</P><P>&nbsp;</P><P>There is an option to write pluggable class and then set authentication to custom.</P><P>&nbsp;</P><P>Hope that helps.</P> Wed, 06 Mar 2019 11:04:37 GMT https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87301#M28375 Consult 2019-03-06T11:04:37Z https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87366#M28376 Currently Hive's connections to LDAP do not support the StartTLS extension [1]. This does make sense as a feature request however, could you log your request over at <A href="https://issues.apache.org/jira/projects/HIVE" target="_blank">https://issues.apache.org/jira/projects/HIVE</A> please?<BR /><BR />[1] - <A href="https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/auth/ldap/LdapSearchFactory.java#L52-L62" target="_blank">https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/auth/ldap/LdapSearchFactory.java#L52-L62</A> Thu, 07 Mar 2019 00:30:09 GMT https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87366#M28376 Harsh J 2019-03-07T00:30:09Z https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87429#M28377 <P>Thanks for the quick response. I'll look at enabling LDAPS before writing anything custom. I was being optimistic with only wanting to support StartTLS on OpenLDAP but we'll most likely come across another application at some point that only works with LDAPS.</P> Thu, 07 Mar 2019 16:19:37 GMT https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87429#M28377 Steve206 2019-03-07T16:19:37Z https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87431#M28378 <P>Thank you for the confirmation. Yes, I'll make a feature request.</P> Thu, 07 Mar 2019 16:21:16 GMT https://community.cloudera.com/t5/Support-Questions/HiveServer2-is-StartTLS-an-option-for-user-authentication/m-p/87431#M28378 Steve206 2019-03-07T16:21:16Z