Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

HiveServer2 authentication with LDAP : Error validating the login

Labels:
avatar
author-rank ts_venu
Explorer

Created ‎04-22-2016 12:51 AM

I configured HiveServer2 to use LDAP by adding the below properties to the hive-site.xml through Ambari as given here. And restarted HiveServer2 and all the depended services through Ambari.

<property> <name>hive.server2.authentication</name> <value>LDAP</value> </property>

<property> <name>hive.server2.authentication.ldap.url</name> <value>ldap://ldaphostserver.com:389</value> </property>

<property> <name>hive.server2.authentication.ldap.baseDN</name> <value>dc=domain, dc=com</value> </property>

After completing the above changes, and I try to connect to Hive through JDBC with the ldap userid/password or use Hive view in Ambari, I get the error:

"Could not establish connecton to <HiveServer2Host>:10000: org.apache.thrift.transport.TTransportException: Peer indicated failure: Error validating the login: org.apache.thrift.transport.TTransportException: Peer indicated failure: Error validating the login"

Java jdbc connection string used for connect: DriverManager.getConnection("jdbc:hive2://<HiveServer2Host>:10000/<dbname>", "ldapuid", "ldappwd");

18,415 Views
4 REPLIES 4

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎04-22-2016 06:11 AM

@Venu Shanmukappa

Can you please try to add username and password in jdbc string and let me know how it goes.

open beeline using "beeline" command, use below string to connect to hiveserver2

!connect jdbc:hive2://<hiveserver2>:10000/default;user=LDAP_Userid;password=LDAP_Password
11,007 Views

avatar
author-rank ts_venu
Explorer

Created ‎04-22-2016 01:28 PM

In beeline, I get the below error,

Error: Could not open client transport with JDBC Uri: jdbc:hive2://<hiveserver2>:10000/default;user=LDAP_Userid;password=LDAP_Password: Peer indicated failure: Error validating the login (state=08S01,code=0) 0: jdbc:hive2://<hiveserver2>:100 (closed)>

11,007 Views
0 Kudos

avatar
author-rank bleonhardi
Master Guru

Created ‎04-22-2016 01:47 PM

I think you need to look into the Hiveserver2 log and see if he gives any additional information. It sounds more like your LDAP configuration is not correct. Perhaps some changes to the basedn, searchmask, requirement for SSL etc. You could try ldapsearch to see if you can theoretically connect.

11,007 Views

avatar
author-rank ts_venu
Explorer

Created ‎04-28-2016 03:04 AM

Finally, I was able to authenticate with LDAP from HiveServer2, the issue was with the LDAP Directory Server I was using, after changing it to the Virtual Directory Server it started working....

Now, I have another issue to use multiple organizational units to authenticate against. One being the user accounts from the OU=PEOPLE and other being the service accounts from OU=NONPEOPLE. With Hive 1.2.1 version, I am not able set the hive.server2.authentication.ldap.baseDN with both the OU's, but works if I set one at a time. I tried with hive.server2.authentication.ldap.customLDAPQuery but did not work.

11,007 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements