Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Enable LDAP Authentication on Hive caused HUE to not load a databases

avatar
author-rank jirapong
Explorer

Created on ‎02-25-2018 07:09 AM - edited ‎09-16-2022 05:54 AM

Hi,

 

   I'm using CDH 5.12 with 16 nodes. Our setup is LDAP for HUE via Sentry. Everything works as expected. We can create user on LDAP and grant a permisson with Sentry. However, I'm also want to apply same login to the beeline. But when "Enable LDAP Authentication" on Hive Configuration, It caused error on HUE with message "Bad status: 3 (Error validating the login)" and no databases list loading.

 

   Thank you very much for any clue or help.

6,469 Views
0 Kudos
2
1 ACCEPTED SOLUTION

avatar
author-rank jirapong
Explorer

Created ‎03-05-2018 01:04 AM

Yes. I've end-up using impersonate user following this article http://gethue.com/ldap-or-pam-pass-through-authentication-with-hive-or-impala/ 

 

and plus

 

<property>
<name>hadoop.proxyuser.hue_hive.groups</name>
<value>*</value>
</property>

 

on core-site.xml by this answer http://community.cloudera.com/t5/Web-UI-Hue-Beeswax/Failed-to-validate-proxy-privilege-of-hue-hive-f...

View solution in original post

6,186 Views
0 Kudos
4 REPLIES 4

avatar
author-rank GeKas
Super Collaborator

Created ‎02-28-2018 01:25 AM

I suppose you have also configured Kerberos on your cluster.

From Cloudera Manager, go to HUE configuration.

Search the "Hue Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml" and add the following property.

Name: hive.server2.authentication

Value: kerberos

 

or if you use xml view:

<property>
  <name>hive.server2.authentication</name>
  <value>kerberos</value>
  <final>true</final>
</property>
6,247 Views
0 Kudos

avatar
author-rank GeKas
Super Collaborator

Created ‎02-28-2018 01:39 AM

Just to give some more info.

When you enable LDAP authentication for Hive, HUE gets confused and tries also to connect to Hive via LDAP, instead of Kerberos authentication. By setting this configuration, you force HUE to go with Kerberos authentication while your Hive can still accept both.

6,244 Views

avatar
author-rank GeKas
Super Collaborator

Created ‎03-02-2018 01:45 AM

Have you tried this configuration?

6,223 Views
0 Kudos

avatar
author-rank jirapong
Explorer

Created ‎03-05-2018 01:04 AM

Yes. I've end-up using impersonate user following this article http://gethue.com/ldap-or-pam-pass-through-authentication-with-hive-or-impala/ 

 

and plus

 

<property>
<name>hadoop.proxyuser.hue_hive.groups</name>
<value>*</value>
</property>

 

on core-site.xml by this answer http://community.cloudera.com/t5/Web-UI-Hue-Beeswax/Failed-to-validate-proxy-privilege-of-hue-hive-f...

6,187 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements