Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Welcome to the upgraded Community! Read this blog to see What’s New!

Hive and LDAP integration

Labels (1)
Labels:
avatar
author-rank nsabharwal
Mentor

Created on ‎02-10-2016 09:05 PM - edited ‎08-17-2019 01:16 PM

The documentation is straight forward BUT based on my experience, we always end up some kind of LDAP error messages.

This article is walking through the Hive and LDAP integration.

HDP 2.3.4

Ambari 2.2

Security workshop was used to setup the openLDPA

2021-screen-shot-2016-02-10-at-35833-pm.png

2022-screen-shot-2016-02-10-at-35905-pm.png

2024-screen-shot-2016-02-10-at-35955-pm.png

2023-screen-shot-2016-02-10-at-35926-pm.png

Most important:

2016-02-10 08:02:50,705 ERROR [HiveServer2-Handler-Pool: Thread-39]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure

javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]]]

at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)

I kept hitting the above error because of wrong baseDN

Correct setting:

2025-screen-shot-2016-02-10-at-40149-pm.png

Test:

2026-screen-shot-2016-02-10-at-40439-pm.png

2,607 Views
Comments

Re: Hive and LDAP integration

avatar
author-rank pkulshreshtha
New Contributor

Created on ‎06-02-2016 02:33 PM

Thanks Neeraj!

I also set up LDAP through freeIPA service and configured LDAP in Hive in Ambari. Below links helped me a lot to do the setup.

https://github.com/hortonworks-gallery/ambari-freeipa-service

https://github.com/abajwa-hw/security-workshops/blob/master/Setup-Ambari.md#authentication-via-ldap

** If you installed LDAP through freeIPA link given above, you have to set baseDN as “cn=users,cn=accounts,dc=hortonworks,dc=com” in Ambari Properties.

One can try ldap search command "ldapsearch -h localhost:389 -w hortonworks -x -b 'dc=hortonworks,dc=com' uid=ali" after successful LDAP configuration.

Announcements
Community Announcements
September 2023 Community Highlights
What's New @ Cloudera
Cloudera Streaming Analytics (CSA) 1.11 with support for Ice...
What's New @ Cloudera
Cloudera Operational Database (COD) supports creating an ope...
What's New @ Cloudera
Cloudera Operational Database (COD) is available as a Techni...
What's New @ Cloudera
Cloudera Operational Database (COD) has removed the COD_ON_G...
View More Announcements
Labels
Version history
Last update:
‎08-17-2019 01:16 PM
Updated by:
Mentor
Contributors