New Contributor
Posts: 1
Registered: ‎07-19-2018

LDAP Authentication with HiveServer2 only accepts full distinguished name (DN)

[ Edited ]

We have enabled LDAP authentication with HiveServer2 using Active Directory. 


However, with a login form

beeline> !connect jdbc:hive2://hiveserver:10000

I need to enter username the DN of my directory entry such as


CN=Michael Jordan,OU=Staff Accounts,OU=Users,OU=Accounts,DC=nba,DC=com

+ password to authenticate to LDAP.


E-mail address and sAMAccountName (for example, mjordan) + password both got "Peer indicated failure: Error validating the login (state=08S01,code=0)" error.


Is it supposed to be this way? Or is there a way to configure HiveServer2 to solve this DN resolution issue?


The steps we did on Cloudera Manager are:

  1. Check Enable LDAP Authentication.
  2. Enter the LDAP URL in the format ldaps://<host>:<port>
  3. Enter the Active Directory Domain for my environment.

We also configured LDAPS authentication with HiveServer2.


Thank you in advance for any help you can provide.