Posts: 12
Registered: ‎03-12-2018

How to connect hiveserver2 though beeline with OpenLdap auth on a kerberized cluster

[ Edited ]

Hi :


  I have deployed CDH5.5.0 without Cloudera Manager. And I have integrated kerberos on my cluster. I deployed zk,hdfs,yarn,hive and sentry.


   I want to use Openldap to manage User/Groups , so I integrated ldap in core-site.xml .

   But when I use ldap to auth hive on my kerberized cluster ,  I can not connect to hiveserver2.


   Here is my configuration:



And my beeline is : beeline -u "jdbc:hive2://xardc4:15002/default;" -n "uid=e3base,ou=People,dc=e3base,dc=com" -p e3base


The hiveserver2 log :


2018-05-04 14:59:35,073 ERROR [HiveServer2-Handler-Pool: Thread-23]: transport.TSaslTransport ( - SASL negotiation failure PLAIN auth failed: Authentication failed: User search failed [Caused by Authentication failed: User search failed]
        at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(
        at org.apache.thrift.server.TThreadPoolServer$
        at java.util.concurrent.ThreadPoolExecutor.runWorker(
        at java.util.concurrent.ThreadPoolExecutor$
Caused by: Authentication failed: User search failed
        at org.apache.hive.service.auth.LdapAuthenticationProviderImpl.Authenticate(
        at org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler.handle(
        ... 8 more




When I configure my cluster with no kerberos , only integrate oplenldap to auth hiveserver2, I can connect to hiveserver2 successfully.


I don't know why.


Can anyone help me ? Thanks!

Cloudera Employee
Posts: 824
Registered: ‎03-23-2015

Re: How to connect hiveserver2 though beeline with OpenLdap auth on a kerberized cluster

After kerberize Hive, the connection string need become:


Please give it a try.