Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Configuring LDAP authentication for Impala

Solved Go to solution

Configuring LDAP authentication for Impala

New Contributor

I'm trying to configure Hive and Impala to use ldap authentication against AD without SSL. Hive is working. But I'm stuck with Impala. Here are details: 

 

Lines I added to hive-site.xml:

 

<property>
<name>hive.server2.authentication</name>
<value>LDAP</value>
</property>
<property>
<name>hive.server2.authentication.ldap.url</name>
<value>ldap://sfad.sf.vit-cdc.com:389</value>
</property>
<property>
<name>hive.server2.authentication.ldap.Domain</name>
<value>sf.vit-cdc.com</value>
</property>

 

In Impala configuration, I checked Enable LDAP Authentication and set LDAP URI to ldap://sfad.sf.vit-cdc.com:389. In Impala Daemon Command Line Argument Advanced Configuration Snippet field, I added --ldap_bind_pattern="sAMAccountName=#UID,CN=Users,DC=sf,DC=vit-cdc,DC=com"

 

I used LDAP Admin to make sure there's an attibute sAMAccountName=ylu in object CN=Ying Lu,CN=Users,DC=sf,DC=vit-cdc,DC=com

 

Here's what I got in my impalad log:

 

I0729 10:48:10.298579 19737 impalad-main.cc:87] Impala has started.
I0729 10:48:35.219799 20083 authentication.cc:188] Trying simple LDAP bind for: "sAMAccountName=ylu,CN=Users,DC=sf,DC=vit-cdc,DC=com"
W0729 10:48:35.233507 20083 authentication.cc:194] LDAP bind failed: Invalid credentials
E0729 10:48:35.233678 20083 authentication.cc:117] SASL message: Password verification failed
I0729 10:48:35.241914 20083 thrift-util.cc:105] TThreadPoolServer: TServerTransport died on accept: SASL(-13): user not found: Password verification failed

 

Any help will be much appreciated!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Configuring LDAP authentication for Impala

New Contributor
Never mind. Set --ldap_domain in Impala Daemon Command Line Argument Advanced Configuration Snippet field worked.
3 REPLIES 3

Re: Configuring LDAP authentication for Impala

New Contributor
Never mind. Set --ldap_domain in Impala Daemon Command Line Argument Advanced Configuration Snippet field worked.

Re: Configuring LDAP authentication for Impala

Explorer
Hi
I am facing the same problem but unable to understand your solution. Is it that you first set Advanced Configuration snippet field to True and then passed on ldap_domain details in command line?

Regards
Sreeman

Re: Configuring LDAP authentication for Impala

New Contributor
No, I directly added --ldap_domain=YourDomainName in Impala Daemon Command Line Argument Advanced Configuration Snippet (Safety Valve) field.