Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Customer recently implemented ldap for hive authentication. When they connect to hive with beeline, or via ODBC, user is not prompted for the password. and the user can connect to any database, irrespective of ldap group

Explorer
 
1 ACCEPTED SOLUTION

@visakh.nair@hortonworks.com

You have to setup/recheck LDAP auth for Hive. Feel free to reach out in case you face any issue.

Link

Authentication/Security Configuration

HiveServer2 supports Anonymous (no authentication) with and without SASL, Kerberos (GSSAPI), pass through LDAP, Pluggable Custom Authentication and Pluggable Authentication Modules (PAM, supported Hive 0.13 onwards).

Configuration

Authentication mode:

hive.server2.authentication – Authentication mode, default NONE. Options are NONE (uses plain SASL), NOSASL, KERBEROS, LDAP, PAM and CUSTOM.

Set following for LDAP mode:

hive.server2.authentication.ldap.url – LDAP URL (for example, ldap://hostname.com:389).

hive.server2.authentication.ldap.baseDN – LDAP base DN. (Optional for AD.)

hive.server2.authentication.ldap.Domain – LDAP domain. (Hive 0.12.0 and later.)

See User and Group Filter Support with LDAP Atn Provider in HiveServer2 for other LDAP configuration parameters in Hive 1.3.0 and later.

Set following for CUSTOM mode:

hive.server2.custom.authentication.class – Custom authentication class that implements theorg.apache.hive.service.auth.PasswdAuthenticationProvider interface.

View solution in original post

6 REPLIES 6

Master Collaborator

This seems like a configuration error, basically this is the behavior you get when you have simple authentication where password doesn't matter. Can you check what is the value of "hive.server2.authentication" in hive-site.xml?

@visakh.nair@hortonworks.com

You have to setup/recheck LDAP auth for Hive. Feel free to reach out in case you face any issue.

Link

Authentication/Security Configuration

HiveServer2 supports Anonymous (no authentication) with and without SASL, Kerberos (GSSAPI), pass through LDAP, Pluggable Custom Authentication and Pluggable Authentication Modules (PAM, supported Hive 0.13 onwards).

Configuration

Authentication mode:

hive.server2.authentication – Authentication mode, default NONE. Options are NONE (uses plain SASL), NOSASL, KERBEROS, LDAP, PAM and CUSTOM.

Set following for LDAP mode:

hive.server2.authentication.ldap.url – LDAP URL (for example, ldap://hostname.com:389).

hive.server2.authentication.ldap.baseDN – LDAP base DN. (Optional for AD.)

hive.server2.authentication.ldap.Domain – LDAP domain. (Hive 0.12.0 and later.)

See User and Group Filter Support with LDAP Atn Provider in HiveServer2 for other LDAP configuration parameters in Hive 1.3.0 and later.

Set following for CUSTOM mode:

hive.server2.custom.authentication.class – Custom authentication class that implements theorg.apache.hive.service.auth.PasswdAuthenticationProvider interface.

@visakh.nair@hortonworks.com

Please see this

Mutually Exclusive Settings

These two settings are 'mutually exclusive' and should not be used together while trying to integration HS2 with AD.

hive.server2.authentication.ldap.Domain hive.server2.authentication.ldap.baseDN

If these two settings are present together, your AD integration will NOT work

Contributor

In HDP 2.3, Ambari 2.1, I did't find hive.server2.authentication.ldap.Domain

New Contributor

If i am using LDAP with hive. I am getting exception saying "Peer indicated failure: Error validating the login (state=08S01,code=0)" . In Active Directory i have added hive user and set the password as hive. But the hive user created by HDP is virtual user and doesnt have password. Please guide us how to pass the password of hive user in LDAP

@Neeraj Sabharwal , I am not able to see the parameter to set the ldap bind password for base DN for hive . Where to find this parameter.