Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Hive and LDAP integration

Labels (1)
Labels:
avatar
author-rank nsabharwal
Master Mentor

Created on ‎02-10-2016 09:05 PM - edited ‎08-17-2019 01:16 PM

The documentation is straight forward BUT based on my experience, we always end up some kind of LDAP error messages.

This article is walking through the Hive and LDAP integration.

HDP 2.3.4

Ambari 2.2

Security workshop was used to setup the openLDPA

2021-screen-shot-2016-02-10-at-35833-pm.png

2022-screen-shot-2016-02-10-at-35905-pm.png

2024-screen-shot-2016-02-10-at-35955-pm.png

2023-screen-shot-2016-02-10-at-35926-pm.png

Most important:

2016-02-10 08:02:50,705 ERROR [HiveServer2-Handler-Pool: Thread-39]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure

javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]]]

at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)

I kept hitting the above error because of wrong baseDN

Correct setting:

2025-screen-shot-2016-02-10-at-40149-pm.png

Test:

2026-screen-shot-2016-02-10-at-40439-pm.png

3,002 Views
Comments

Re: Hive and LDAP integration

avatar
author-rank pkulshreshtha
New Contributor

Created on ‎06-02-2016 02:33 PM

Thanks Neeraj!

I also set up LDAP through freeIPA service and configured LDAP in Hive in Ambari. Below links helped me a lot to do the setup.

https://github.com/hortonworks-gallery/ambari-freeipa-service

https://github.com/abajwa-hw/security-workshops/blob/master/Setup-Ambari.md#authentication-via-ldap

** If you installed LDAP through freeIPA link given above, you have to set baseDN as “cn=users,cn=accounts,dc=hortonworks,dc=com” in Ambari Properties.

One can try ldap search command "ldapsearch -h localhost:389 -w hortonworks -x -b 'dc=hortonworks,dc=com' uid=ali" after successful LDAP configuration.

Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements
Version history
Last update:
‎08-17-2019 01:16 PM
Updated by:
Master Mentor
Contributors