Community Articles

GrazittiAPI · ‎01-26-2026

Summary

Yarn distributed shell test job fails when running with Ldap group mapping turned on with basic CDP 7.1.9 SP1 cluster using Java 17 JDK.

24/12/11 15:21:29 ERROR distributedshell.ApplicationMaster: Error running ApplicationMaster
java.lang.IllegalAccessError: class org.apache.hadoop.security.LdapGroupsMapping (in unnamed module @0x3901d134) cannot access class com.sun.jndi.ldap.LdapCtxFactory (in module java.naming) because module java.naming does not export com.sun.jndi.ldap to unnamed module @0x3901d134
at org.apache.hadoop.security.LdapGroupsMapping.<clinit>(LdapGroupsMapping.java:264)

Symptoms Applies to

New clusters using CDP 7.1.9 SP1 and Java 17 JDK with Ldap group mapping on.

Instructions

Need to add In Yarn - Configuration - search for yarn.nodemanager.admin-env and change the NodeManager Group (all of them if you have more then one) to: JDK_JAVA_OPTIONS=--add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-exports=java.base/sun.net.dns=ALL-UNNAMED --add-exports=java.base/sun.net.util=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-exports=java.base/sun.net.dns=ALL-UNNAMED --add-exports=java.base/sun.net.util=ALL-UNNAMED,MALLOC_ARENA_MAX=$MALLOC_ARENA_MAX

Cloudera Community

Community Articles

When using Java 17 with CDP 7.1.9 SP1 simple Yarn distributed shell job fails when Ldap group mapping turned on

Apache YARN

Cloudera

Cloudera Manager

Summary

Symptoms Applies to

Instructions