Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

HiveServer2 authentication with LDAP : Error validating the login

Labels:
avatar
author-rank ts_venu
Explorer

Created ‎04-22-2016 12:51 AM

I configured HiveServer2 to use LDAP by adding the below properties to the hive-site.xml through Ambari as given here. And restarted HiveServer2 and all the depended services through Ambari.

<property> <name>hive.server2.authentication</name> <value>LDAP</value> </property>

<property> <name>hive.server2.authentication.ldap.url</name> <value>ldap://ldaphostserver.com:389</value> </property>

<property> <name>hive.server2.authentication.ldap.baseDN</name> <value>dc=domain, dc=com</value> </property>

After completing the above changes, and I try to connect to Hive through JDBC with the ldap userid/password or use Hive view in Ambari, I get the error:

"Could not establish connecton to <HiveServer2Host>:10000: org.apache.thrift.transport.TTransportException: Peer indicated failure: Error validating the login: org.apache.thrift.transport.TTransportException: Peer indicated failure: Error validating the login"

Java jdbc connection string used for connect: DriverManager.getConnection("jdbc:hive2://<HiveServer2Host>:10000/<dbname>", "ldapuid", "ldappwd");

18,980 Views
0
4 REPLIES 4

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎04-22-2016 06:11 AM

@Venu Shanmukappa

Can you please try to add username and password in jdbc string and let me know how it goes.

open beeline using "beeline" command, use below string to connect to hiveserver2

!connect jdbc:hive2://<hiveserver2>:10000/default;user=LDAP_Userid;password=LDAP_Password
11,572 Views

avatar
author-rank ts_venu
Explorer

Created ‎04-22-2016 01:28 PM

In beeline, I get the below error,

Error: Could not open client transport with JDBC Uri: jdbc:hive2://<hiveserver2>:10000/default;user=LDAP_Userid;password=LDAP_Password: Peer indicated failure: Error validating the login (state=08S01,code=0) 0: jdbc:hive2://<hiveserver2>:100 (closed)>

11,572 Views
0 Kudos

avatar
author-rank bleonhardi
Master Guru

Created ‎04-22-2016 01:47 PM

I think you need to look into the Hiveserver2 log and see if he gives any additional information. It sounds more like your LDAP configuration is not correct. Perhaps some changes to the basedn, searchmask, requirement for SSL etc. You could try ldapsearch to see if you can theoretically connect.

11,572 Views

avatar
author-rank ts_venu
Explorer

Created ‎04-28-2016 03:04 AM

Finally, I was able to authenticate with LDAP from HiveServer2, the issue was with the LDAP Directory Server I was using, after changing it to the Virtual Directory Server it started working....

Now, I have another issue to use multiple organizational units to authenticate against. One being the user accounts from the OU=PEOPLE and other being the service accounts from OU=NONPEOPLE. With Hive 1.2.1 version, I am not able set the hive.server2.authentication.ldap.baseDN with both the OU's, but works if I set one at a time. I tried with hive.server2.authentication.ldap.customLDAPQuery but did not work.

11,572 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements