Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Solved Go to solution
Highlighted

HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Explorer

Hi all,

 

Currently using CDH 5.14.4 and looking to enable user authention on HiveServer2 using OpenLDAP. The two connection options I'm seeing are LDAP and LDAPS, but we currently don't have LDAPS configured with our OpenLDAP server. Hue supports LDAP with StartTLS so I figured Hive would too. I'm wondering if StartTLS is an option that I'm not finding documentation for or if its not supported. 

 

Thanks for your help!

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Master Guru
Currently Hive's connections to LDAP do not support the StartTLS extension [1]. This does make sense as a feature request however, could you log your request over at https://issues.apache.org/jira/projects/HIVE please?

[1] - https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/auth/ldap/LdapSe...
4 REPLIES 4

Re: HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Expert Contributor

Hello @Steve206,

 

Yup, you are right mate. Most of the documentation that I came across talks about ldaps implementation support for hs2.

 

Thinking loud here.. hypothetically if there was an option and with above setup of no-ssl on ad server. starttls secure connection neg. will fail anyways and it will be a standard connection.

 

There is an option to write pluggable class and then set authentication to custom.

 

Hope that helps.

Re: HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Master Guru
Currently Hive's connections to LDAP do not support the StartTLS extension [1]. This does make sense as a feature request however, could you log your request over at https://issues.apache.org/jira/projects/HIVE please?

[1] - https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/auth/ldap/LdapSe...

Re: HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Explorer

Thank you for the confirmation. Yes, I'll make a feature request.

Re: HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Explorer

Thanks for the quick response. I'll look at enabling LDAPS before writing anything custom. I was being optimistic with only wanting to support StartTLS on OpenLDAP but we'll most likely come across another application at some point that only works with LDAPS.