Community Articles

Find and share helpful community-sourced technical articles.
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Labels (1)
avatar
Master Mentor

The documentation is straight forward BUT based on my experience, we always end up some kind of LDAP error messages.

This article is walking through the Hive and LDAP integration.

HDP 2.3.4

Ambari 2.2

Security workshop was used to setup the openLDPA

2021-screen-shot-2016-02-10-at-35833-pm.png

2022-screen-shot-2016-02-10-at-35905-pm.png

2024-screen-shot-2016-02-10-at-35955-pm.png

2023-screen-shot-2016-02-10-at-35926-pm.png

Most important:

2016-02-10 08:02:50,705 ERROR [HiveServer2-Handler-Pool: Thread-39]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure

javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]]]

at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)

I kept hitting the above error because of wrong baseDN

Correct setting:

2025-screen-shot-2016-02-10-at-40149-pm.png

Test:

2026-screen-shot-2016-02-10-at-40439-pm.png

2,821 Views
Comments
avatar
New Contributor

Thanks Neeraj!

I also set up LDAP through freeIPA service and configured LDAP in Hive in Ambari. Below links helped me a lot to do the setup.

https://github.com/hortonworks-gallery/ambari-freeipa-service

https://github.com/abajwa-hw/security-workshops/blob/master/Setup-Ambari.md#authentication-via-ldap

** If you installed LDAP through freeIPA link given above, you have to set baseDN as “cn=users,cn=accounts,dc=hortonworks,dc=com” in Ambari Properties.

One can try ldap search command "ldapsearch -h localhost:389 -w hortonworks -x -b 'dc=hortonworks,dc=com' uid=ali" after successful LDAP configuration.