I'm trying to configure Hive and Impala to use ldap authentication against AD without SSL. Hive is working. But I'm stuck with Impala. Here are details:
Lines I added to hive-site.xml:
<property>
<name>hive.server2.authentication</name>
<value>LDAP</value>
</property>
<property>
<name>hive.server2.authentication.ldap.url</name>
<value>ldap://sfad.sf.vit-cdc.com:389</value>
</property>
<property>
<name>hive.server2.authentication.ldap.Domain</name>
<value>sf.vit-cdc.com</value>
</property>
In Impala configuration, I checked Enable LDAP Authentication and set LDAP URI to ldap://sfad.sf.vit-cdc.com:389. In Impala Daemon Command Line Argument Advanced Configuration Snippet field, I added --ldap_bind_pattern="sAMAccountName=#UID,CN=Users,DC=sf,DC=vit-cdc,DC=com"
I used LDAP Admin to make sure there's an attibute sAMAccountName=ylu in object CN=Ying Lu,CN=Users,DC=sf,DC=vit-cdc,DC=com
Here's what I got in my impalad log:
I0729 10:48:10.298579 19737 impalad-main.cc:87] Impala has started.
I0729 10:48:35.219799 20083 authentication.cc:188] Trying simple LDAP bind for: "sAMAccountName=ylu,CN=Users,DC=sf,DC=vit-cdc,DC=com"
W0729 10:48:35.233507 20083 authentication.cc:194] LDAP bind failed: Invalid credentials
E0729 10:48:35.233678 20083 authentication.cc:117] SASL message: Password verification failed
I0729 10:48:35.241914 20083 thrift-util.cc:105] TThreadPoolServer: TServerTransport died on accept: SASL(-13): user not found: Password verification failed
Any help will be much appreciated!
