Support Questions
Find answers, ask questions, and share your expertise
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

HiveServer2 authentication with LDAP : Error validating the login

New Contributor

I configured HiveServer2 to use LDAP by adding the below properties to the hive-site.xml through Ambari as given here. And restarted HiveServer2 and all the depended services through Ambari.

<property> <name>hive.server2.authentication</name> <value>LDAP</value> </property>

<property> <name>hive.server2.authentication.ldap.url</name> <value>ldap://</value> </property>

<property> <name>hive.server2.authentication.ldap.baseDN</name> <value>dc=domain, dc=com</value> </property>

After completing the above changes, and I try to connect to Hive through JDBC with the ldap userid/password or use Hive view in Ambari, I get the error:

"Could not establish connecton to <HiveServer2Host>:10000: org.apache.thrift.transport.TTransportException: Peer indicated failure: Error validating the login: org.apache.thrift.transport.TTransportException: Peer indicated failure: Error validating the login"

Java jdbc connection string used for connect: DriverManager.getConnection("jdbc:hive2://<HiveServer2Host>:10000/<dbname>", "ldapuid", "ldappwd");


Super Guru

@Venu Shanmukappa

Can you please try to add username and password in jdbc string and let me know how it goes.

open beeline using "beeline" command, use below string to connect to hiveserver2

!connect jdbc:hive2://<hiveserver2>:10000/default;user=LDAP_Userid;password=LDAP_Password

New Contributor

In beeline, I get the below error,

Error: Could not open client transport with JDBC Uri: jdbc:hive2://<hiveserver2>:10000/default;user=LDAP_Userid;password=LDAP_Password: Peer indicated failure: Error validating the login (state=08S01,code=0) 0: jdbc:hive2://<hiveserver2>:100 (closed)>

I think you need to look into the Hiveserver2 log and see if he gives any additional information. It sounds more like your LDAP configuration is not correct. Perhaps some changes to the basedn, searchmask, requirement for SSL etc. You could try ldapsearch to see if you can theoretically connect.

New Contributor

Finally, I was able to authenticate with LDAP from HiveServer2, the issue was with the LDAP Directory Server I was using, after changing it to the Virtual Directory Server it started working....

Now, I have another issue to use multiple organizational units to authenticate against. One being the user accounts from the OU=PEOPLE and other being the service accounts from OU=NONPEOPLE. With Hive 1.2.1 version, I am not able set the hive.server2.authentication.ldap.baseDN with both the OU's, but works if I set one at a time. I tried with hive.server2.authentication.ldap.customLDAPQuery but did not work.