I am trying to enable LDAP integration in impala but it doesnt seem to be working. The cluster has Sentry and Kerebos enabled. I am playing off of a QuickStartVM. I run impala via "impala-shell --ssl". I am expect to see Impala prompt me for a user name or password but instead I get errors. These are the errors I am seeing:
[cloudera@quickstart impalad]$ impala-shell --ssl Starting Impala Shell without Kerberos authentication SSL is enabled. Impala server certificates will NOT be verified (set --ca_cert to change) Error connecting: TTransportException, Could not connect to quickstart.cloudera:21000 Kerberos ticket found in the credentials cache, retrying the connection with a secure transport. Error connecting: TTransportException, Could not connect to quickstart.cloudera:21000
IMPALA LOGS: I0125 15:27:00.196347 1696 authentication.cc:422] Successfully authenticated principal "impala/quickstart.cloudera@CLOUDERA" on an internal connection I0125 15:27:00.334786 7069 simple-scheduler.cc:332] Registering local backend with statestore I0125 15:27:20.983526 1785 thrift-util.cc:109] TThreadPoolServer: TServerTransport died on accept: invalid sasl status I0125 15:27:20.987000 1785 thrift-util.cc:109] TThreadPoolServer: TServerTransport died on accept: invalid sasl status
You have to give the shell the -l option to tell it to try and use LDAP. Impala and the shell do not try to negotiate the authentication mechanism, instead the shell needs to be explicitly told what to try and use.
You may also need to -u option to provide the username to authenticate with.