Configuring LDAP authentication for Impala

ylu123 — Fri, 16 Sep 2022 09:03:32 GMT

I'm trying to configure Hive and Impala to use ldap authentication against AD without SSL. Hive is working. But I'm stuck with Impala. Here are details:

Lines I added to hive-site.xml:

<property>
<name>hive.server2.authentication</name>
<value>LDAP</value>
</property>
<property>
<name>hive.server2.authentication.ldap.url</name>
<value>ldap://sfad.sf.vit-cdc.com:389</value>
</property>
<property>
<name>hive.server2.authentication.ldap.Domain</name>
<value>sf.vit-cdc.com</value>
</property>

In Impala configuration, I checked Enable LDAP Authentication and set LDAP URI to ldap://sfad.sf.vit-cdc.com:389. In Impala Daemon Command Line Argument Advanced Configuration Snippet field, I added --ldap_bind_pattern="sAMAccountName=#UID,CN=Users,DC=sf,DC=vit-cdc,DC=com"

I used LDAP Admin to make sure there's an attibute sAMAccountName=ylu in object CN=Ying Lu,CN=Users,DC=sf,DC=vit-cdc,DC=com

Here's what I got in my impalad log:

I0729 10:48:10.298579 19737 impalad-main.cc:87] Impala has started.
I0729 10:48:35.219799 20083 authentication.cc:188] Trying simple LDAP bind for: "sAMAccountName=ylu,CN=Users,DC=sf,DC=vit-cdc,DC=com"
W0729 10:48:35.233507 20083 authentication.cc:194] LDAP bind failed: Invalid credentials
E0729 10:48:35.233678 20083 authentication.cc:117] SASL message: Password verification failed
I0729 10:48:35.241914 20083 thrift-util.cc:105] TThreadPoolServer: TServerTransport died on accept: SASL(-13): user not found: Password verification failed

Any help will be much appreciated!

Re: Configuring LDAP authentication for Impala

ylu123 — Tue, 29 Jul 2014 03:05:50 GMT

Never mind. Set --ldap_domain in Impala Daemon Command Line Argument Advanced Configuration Snippet field worked.

Re: Configuring LDAP authentication for Impala

Sreeman — Wed, 06 Aug 2014 06:02:59 GMT

Hi
I am facing the same problem but unable to understand your solution. Is it that you first set Advanced Configuration snippet field to True and then passed on ldap_domain details in command line?

Regards
Sreeman

Re: Configuring LDAP authentication for Impala

ylu123 — Wed, 06 Aug 2014 06:30:43 GMT

No, I directly added --ldap_domain=YourDomainName in Impala Daemon Command Line Argument Advanced Configuration Snippet (Safety Valve) field.

question Re: Configuring LDAP authentication for Impala in Archives of Support Questions (Read Only)

Configuring LDAP authentication for Impala

Re: Configuring LDAP authentication for Impala

Re: Configuring LDAP authentication for Impala

Re: Configuring LDAP authentication for Impala