Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Now Live: Explore expert insights and technical deep dives on the new Cloudera Community BlogsRead the Announcement

Hive and LDAP integration

Labels (1)
Labels:
avatar
author-rank nsabharwal
Master Mentor

Created on ‎02-10-2016 09:05 PM - edited ‎08-17-2019 01:16 PM

The documentation is straight forward BUT based on my experience, we always end up some kind of LDAP error messages.

This article is walking through the Hive and LDAP integration.

HDP 2.3.4

Ambari 2.2

Security workshop was used to setup the openLDPA

2021-screen-shot-2016-02-10-at-35833-pm.png

2022-screen-shot-2016-02-10-at-35905-pm.png

2024-screen-shot-2016-02-10-at-35955-pm.png

2023-screen-shot-2016-02-10-at-35926-pm.png

Most important:

2016-02-10 08:02:50,705 ERROR [HiveServer2-Handler-Pool: Thread-39]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure

javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]]]

at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)

I kept hitting the above error because of wrong baseDN

Correct setting:

2025-screen-shot-2016-02-10-at-40149-pm.png

Test:

2026-screen-shot-2016-02-10-at-40439-pm.png

3,513 Views
Comments

Re: Hive and LDAP integration

avatar
author-rank pkulshreshtha
New Member

Created on ‎06-02-2016 02:33 PM

Thanks Neeraj!

I also set up LDAP through freeIPA service and configured LDAP in Hive in Ambari. Below links helped me a lot to do the setup.

https://github.com/hortonworks-gallery/ambari-freeipa-service

https://github.com/abajwa-hw/security-workshops/blob/master/Setup-Ambari.md#authentication-via-ldap

** If you installed LDAP through freeIPA link given above, you have to set baseDN as “cn=users,cn=accounts,dc=hortonworks,dc=com” in Ambari Properties.

One can try ldap search command "ldapsearch -h localhost:389 -w hortonworks -x -b 'dc=hortonworks,dc=com' uid=ali" after successful LDAP configuration.

Announcements
Community Announcements
Announcing the Launch of Cloudera Community Blogs
Community Announcements
October / November 2025 Community Highlights
What's New @ Cloudera
Announcing Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
Announcing Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
Welcome to the Cloudera Community!
View More Announcements
Version history
Last update:
‎08-17-2019 01:16 PM
Updated by:
Master Mentor
Contributors