https://community.cloudera.com/t5/Support-Questions/Impala-failures-after-LDAP-integration/m-p/86470#M35739 <P>Hello,</P> <P>&nbsp;</P> <P>I have an HDFS-Hive-Impala regression script that works fine on my kerberized &amp; sentry protected CDH cluster.</P> <P>&nbsp;</P> <P>Now, I enabled LDAP authentication on HDFS (LdapGroupsMapping), Hive and Impala and the regression script passes HDFS and Hive but fails on the SELECT-INSERT-CREATE Impala actions:</P> <P>&nbsp;</P> <P>Failure 1 &amp; 2 (similar error for select and insert):</P> <P>&nbsp;</P> <PRE>Query: select * from customer.cons limit 10 ERROR: AnalysisException: Failed to load metadata for table: 'customer.cons' CAUSED BY: TableLoadingException: Failed to load file metadata for 1 paths for table customer.cons. Table's file metadata could be partially loaded. Check the Catalog server log for more details.</PRE> <P>&nbsp;</P> <P>&nbsp;Failure 2:&nbsp;</P> <P>&nbsp;</P> <PRE>Query: create table customer.test_141226 (id int) ERROR: ImpalaRuntimeException: Error making 'createTable' RPC to Hive Metastore: CAUSED BY: MetaException: Got exception: org.apache.hadoop.security.AccessControlException Permission denied: user=impala, access=WRITE, inode="/user/hive/warehouse/customer.db":hive:hive:drwxrwx--t</PRE> <P>&nbsp;</P> <P>Note 1: Hive and Impala share the exact the same queries on the regression script. The latter seems like an impersonation problem, but why does it appear now and not before LDAP?</P> <P>Note 2: services principals are localy (KDC) while user principals on AD.</P> <P>&nbsp;</P> <P>Thank you,</P> <P>Gerasimos</P> Fri, 16 Sep 2022 14:09:31 GMT gerasimos 2022-09-16T14:09:31Z https://community.cloudera.com/t5/Support-Questions/Impala-failures-after-LDAP-integration/m-p/86470#M35739 <P>Hello,</P> <P>&nbsp;</P> <P>I have an HDFS-Hive-Impala regression script that works fine on my kerberized &amp; sentry protected CDH cluster.</P> <P>&nbsp;</P> <P>Now, I enabled LDAP authentication on HDFS (LdapGroupsMapping), Hive and Impala and the regression script passes HDFS and Hive but fails on the SELECT-INSERT-CREATE Impala actions:</P> <P>&nbsp;</P> <P>Failure 1 &amp; 2 (similar error for select and insert):</P> <P>&nbsp;</P> <PRE>Query: select * from customer.cons limit 10 ERROR: AnalysisException: Failed to load metadata for table: 'customer.cons' CAUSED BY: TableLoadingException: Failed to load file metadata for 1 paths for table customer.cons. Table's file metadata could be partially loaded. Check the Catalog server log for more details.</PRE> <P>&nbsp;</P> <P>&nbsp;Failure 2:&nbsp;</P> <P>&nbsp;</P> <PRE>Query: create table customer.test_141226 (id int) ERROR: ImpalaRuntimeException: Error making 'createTable' RPC to Hive Metastore: CAUSED BY: MetaException: Got exception: org.apache.hadoop.security.AccessControlException Permission denied: user=impala, access=WRITE, inode="/user/hive/warehouse/customer.db":hive:hive:drwxrwx--t</PRE> <P>&nbsp;</P> <P>Note 1: Hive and Impala share the exact the same queries on the regression script. The latter seems like an impersonation problem, but why does it appear now and not before LDAP?</P> <P>Note 2: services principals are localy (KDC) while user principals on AD.</P> <P>&nbsp;</P> <P>Thank you,</P> <P>Gerasimos</P> Fri, 16 Sep 2022 14:09:31 GMT https://community.cloudera.com/t5/Support-Questions/Impala-failures-after-LDAP-integration/m-p/86470#M35739 gerasimos 2022-09-16T14:09:31Z https://community.cloudera.com/t5/Support-Questions/Impala-failures-after-LDAP-integration/m-p/86487#M35740 <P>I managed to fix this by&nbsp;configuring CompositeGroupMapping instead of LdapGroupMapping.</P> Thu, 14 Feb 2019 20:54:36 GMT https://community.cloudera.com/t5/Support-Questions/Impala-failures-after-LDAP-integration/m-p/86487#M35740 gerasimos 2019-02-14T20:54:36Z