Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Customer recently implemented ldap for hive authentication. When they connect to hive with beeline, or via ODBC, user is not prompted for the password. and the user can connect to any database, irrespective of ldap group

Solved Go to solution
Highlighted

Customer recently implemented ldap for hive authentication. When they connect to hive with beeline, or via ODBC, user is not prompted for the password. and the user can connect to any database, irrespective of ldap group

Explorer
 
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Customer recently implemented ldap for hive authentication. When they connect to hive with beeline, or via ODBC, user is not prompted for the password. and the user can connect to any database, irrespective of ldap group

@visakh.nair@hortonworks.com

You have to setup/recheck LDAP auth for Hive. Feel free to reach out in case you face any issue.

Link

Authentication/Security Configuration

HiveServer2 supports Anonymous (no authentication) with and without SASL, Kerberos (GSSAPI), pass through LDAP, Pluggable Custom Authentication and Pluggable Authentication Modules (PAM, supported Hive 0.13 onwards).

Configuration

Authentication mode:

hive.server2.authentication – Authentication mode, default NONE. Options are NONE (uses plain SASL), NOSASL, KERBEROS, LDAP, PAM and CUSTOM.

Set following for LDAP mode:

hive.server2.authentication.ldap.url – LDAP URL (for example, ldap://hostname.com:389).

hive.server2.authentication.ldap.baseDN – LDAP base DN. (Optional for AD.)

hive.server2.authentication.ldap.Domain – LDAP domain. (Hive 0.12.0 and later.)

See User and Group Filter Support with LDAP Atn Provider in HiveServer2 for other LDAP configuration parameters in Hive 1.3.0 and later.

Set following for CUSTOM mode:

hive.server2.custom.authentication.class – Custom authentication class that implements theorg.apache.hive.service.auth.PasswdAuthenticationProvider interface.

View solution in original post

6 REPLIES 6
Highlighted

Re: Customer recently implemented ldap for hive authentication. When they connect to hive with beeline, or via ODBC, user is not prompted for the password. and the user can connect to any database, irrespective of ldap group

Master Collaborator

This seems like a configuration error, basically this is the behavior you get when you have simple authentication where password doesn't matter. Can you check what is the value of "hive.server2.authentication" in hive-site.xml?

Highlighted

Re: Customer recently implemented ldap for hive authentication. When they connect to hive with beeline, or via ODBC, user is not prompted for the password. and the user can connect to any database, irrespective of ldap group

@visakh.nair@hortonworks.com

You have to setup/recheck LDAP auth for Hive. Feel free to reach out in case you face any issue.

Link

Authentication/Security Configuration

HiveServer2 supports Anonymous (no authentication) with and without SASL, Kerberos (GSSAPI), pass through LDAP, Pluggable Custom Authentication and Pluggable Authentication Modules (PAM, supported Hive 0.13 onwards).

Configuration

Authentication mode:

hive.server2.authentication – Authentication mode, default NONE. Options are NONE (uses plain SASL), NOSASL, KERBEROS, LDAP, PAM and CUSTOM.

Set following for LDAP mode:

hive.server2.authentication.ldap.url – LDAP URL (for example, ldap://hostname.com:389).

hive.server2.authentication.ldap.baseDN – LDAP base DN. (Optional for AD.)

hive.server2.authentication.ldap.Domain – LDAP domain. (Hive 0.12.0 and later.)

See User and Group Filter Support with LDAP Atn Provider in HiveServer2 for other LDAP configuration parameters in Hive 1.3.0 and later.

Set following for CUSTOM mode:

hive.server2.custom.authentication.class – Custom authentication class that implements theorg.apache.hive.service.auth.PasswdAuthenticationProvider interface.

View solution in original post

Highlighted

Re: Customer recently implemented ldap for hive authentication. When they connect to hive with beeline, or via ODBC, user is not prompted for the password. and the user can connect to any database, irrespective of ldap group

@visakh.nair@hortonworks.com

Please see this

Mutually Exclusive Settings

These two settings are 'mutually exclusive' and should not be used together while trying to integration HS2 with AD.

hive.server2.authentication.ldap.Domain hive.server2.authentication.ldap.baseDN

If these two settings are present together, your AD integration will NOT work

Highlighted

Re: Customer recently implemented ldap for hive authentication. When they connect to hive with beeline, or via ODBC, user is not prompted for the password. and the user can connect to any database, irrespective of ldap group

Contributor

In HDP 2.3, Ambari 2.1, I did't find hive.server2.authentication.ldap.Domain

Highlighted

Re: Customer recently implemented ldap for hive authentication. When they connect to hive with beeline, or via ODBC, user is not prompted for the password. and the user can connect to any database, irrespective of ldap group

New Contributor

If i am using LDAP with hive. I am getting exception saying "Peer indicated failure: Error validating the login (state=08S01,code=0)" . In Active Directory i have added hive user and set the password as hive. But the hive user created by HDP is virtual user and doesnt have password. Please guide us how to pass the password of hive user in LDAP

Highlighted

Re: Customer recently implemented ldap for hive authentication. When they connect to hive with beeline, or via ODBC, user is not prompted for the password. and the user can connect to any database, irrespective of ldap group

@Neeraj Sabharwal , I am not able to see the parameter to set the ldap bind password for base DN for hive . Where to find this parameter.

Don't have an account?
Coming from Hortonworks? Activate your account here