Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

HUE with IMPALA with LDAP, SENTRY enabled

avatar
author-rank sunilosunil
Contributor

Created on ‎08-16-2017 02:39 PM - edited ‎09-16-2022 05:06 AM

Environment CDH 5.12, OPEN LDAP

We've enabled LDAP auth on Impala and it's working fine except in HUE. When I try to launch HUE/Impala Editor it fails with this error in GUI.

 

We have configured safety valve in HUE with this.

 

[desktop]
ldap_username=ldaptest
ldap_password=ldaptest

 

I'm logging into HUE as user cloudera ( FYI ; we don't have LDAP enabled on HUE ; cloudera is just a user managed within HUE )

 

User 'ldaptest' is not authorized to delegate to 'cloudera'.
 
 
Bad status for request TOpenSessionReq(username='hue', password=None, client_protocol=6, configuration={'idle_s
ession_timeout': '3600', 'impala.doas.user': u'cloudera'}): TOpenSessionResp(status=TStatus(errorCode=None, errorMessage="User 'ldaptest' is not authorized to delegate to 'cloudera'.\n", sqlState='HY000', infoMessages=None, statusCode=3), sessionHandle=TSessionHandle(sessionId=THandleIdentifier(secret='\x06\xd1\xc8\xe5\xd2\xc1Ck\xbd\xc7\xc5\xdb\xc5\x12\xdb\x8b', guid='*QiZ\xb0\xc7H\x0f\x8c5\xec\x14\xdf*7H')), configuration=None, serverProtocolVersion=5)
 
How can I enable user ldaptest to be able to delegate to cloudera ?
4,560 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank sunilosunil
Contributor

Created ‎08-17-2017 08:57 AM

Actualy I figured out. I had to configure Impala to allow user ldaptest to impersonate as user cloudera ( hue login).

 

I appended this to the cloudera manager property Proxy User Configuration ( authorized_proxy_user_config )

hue=*;ldaptest=cloudera

 

So user hue can impersonate anyone and user 'ldaptest' can impersonate as 'cloudera'.

View solution in original post

4,531 Views
0 Kudos
4 REPLIES 4

avatar
author-rank Fawze
Master Collaborator

Created ‎08-17-2017 01:35 AM

@sunilosunil Are you using cloudera manager:

 

Authentication Backend desktop.auth.backend.LdapBackend
LDAP URL ldap://your_ldap_url
LDAP Search Base
LDAP Bind User
LDAP Bind Password
LDAP User Filter
LDAP Username Attribute
LDAP Group Filter
LDAP Group Name Attribute
LDAP Group Membership Attribute
Active Directory Domain

 

You need your system admin to create you a user in the LDAP and provide you with this parameters.

 

Then you can just restart Hue service

4,543 Views
0 Kudos

avatar
author-rank sunilosunil
Contributor

Created ‎08-17-2017 08:57 AM

Actualy I figured out. I had to configure Impala to allow user ldaptest to impersonate as user cloudera ( hue login).

 

I appended this to the cloudera manager property Proxy User Configuration ( authorized_proxy_user_config )

hue=*;ldaptest=cloudera

 

So user hue can impersonate anyone and user 'ldaptest' can impersonate as 'cloudera'.

4,532 Views
0 Kudos

avatar
author-rank Telematics
New Contributor

Created ‎09-07-2017 10:26 AM

Where exactly was this entry made?I am facing the same issue even after making the entry Proxy User Configuration authorized_proxy_user_config under Impala service wide.

4,407 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎09-07-2017 12:03 PM

@Telematics,

 

 

In Cloudera Manager, edit Proxy User Configuration 

What did you enter in the field?

It should look like this, for example:

joe=alice,bob;hue=*;admin=*

 

See the Description of Proxy User Configuration in Cloudera Manager (click the question mark next to the property)

 

-Ben

4,400 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements