Reply
Explorer
Posts: 8
Registered: ‎04-18-2016
Accepted Solution

HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Hi all,

 

Currently using CDH 5.14.4 and looking to enable user authention on HiveServer2 using OpenLDAP. The two connection options I'm seeing are LDAP and LDAPS, but we currently don't have LDAPS configured with our OpenLDAP server. Hue supports LDAP with StartTLS so I figured Hive would too. I'm wondering if StartTLS is an option that I'm not finding documentation for or if its not supported. 

 

Thanks for your help!

 

 

Highlighted
Expert Contributor
Posts: 92
Registered: ‎01-08-2016

Re: HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Hello @Steve206,

 

Yup, you are right mate. Most of the documentation that I came across talks about ldaps implementation support for hs2.

 

Thinking loud here.. hypothetically if there was an option and with above setup of no-ssl on ad server. starttls secure connection neg. will fail anyways and it will be a standard connection.

 

There is an option to write pluggable class and then set authentication to custom.

 

Hope that helps.

Posts: 1,892
Kudos: 432
Solutions: 302
Registered: ‎07-31-2013

Re: HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Currently Hive's connections to LDAP do not support the StartTLS extension [1]. This does make sense as a feature request however, could you log your request over at https://issues.apache.org/jira/projects/HIVE please?

[1] - https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/auth/ldap/LdapSe...
Explorer
Posts: 8
Registered: ‎04-18-2016

Re: HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Thanks for the quick response. I'll look at enabling LDAPS before writing anything custom. I was being optimistic with only wanting to support StartTLS on OpenLDAP but we'll most likely come across another application at some point that only works with LDAPS.

Explorer
Posts: 8
Registered: ‎04-18-2016

Re: HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Thank you for the confirmation. Yes, I'll make a feature request.

Announcements