Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

HiveServer2, is StartTLS an option for user authentication using OpenLDAP?

Labels:
avatar
author-rank Steve206
Contributor

Created on ‎03-04-2019 11:14 AM - edited ‎09-16-2022 07:12 AM

Hi all,

 

Currently using CDH 5.14.4 and looking to enable user authention on HiveServer2 using OpenLDAP. The two connection options I'm seeing are LDAP and LDAPS, but we currently don't have LDAPS configured with our OpenLDAP server. Hue supports LDAP with StartTLS so I figured Hive would too. I'm wondering if StartTLS is an option that I'm not finding documentation for or if its not supported. 

 

Thanks for your help!

 

 

2,537 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Harsh J author-rank
Mentor

Created ‎03-06-2019 04:30 PM

Currently Hive's connections to LDAP do not support the StartTLS extension [1]. This does make sense as a feature request however, could you log your request over at https://issues.apache.org/jira/projects/HIVE please?

[1] - https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/auth/ldap/LdapSe...

View solution in original post

2,494 Views
0 Kudos
4 REPLIES 4

avatar
author-rank Consult
Expert Contributor

Created ‎03-06-2019 03:04 AM

Hello @Steve206,

 

Yup, you are right mate. Most of the documentation that I came across talks about ldaps implementation support for hs2.

 

Thinking loud here.. hypothetically if there was an option and with above setup of no-ssl on ad server. starttls secure connection neg. will fail anyways and it will be a standard connection.

 

There is an option to write pluggable class and then set authentication to custom.

 

Hope that helps.

2,509 Views

avatar
author-rank Harsh J author-rank
Mentor

Created ‎03-06-2019 04:30 PM

Currently Hive's connections to LDAP do not support the StartTLS extension [1]. This does make sense as a feature request however, could you log your request over at https://issues.apache.org/jira/projects/HIVE please?

[1] - https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/auth/ldap/LdapSe...
2,495 Views
0 Kudos

avatar
author-rank Steve206
Contributor

Created ‎03-07-2019 08:21 AM

Thank you for the confirmation. Yes, I'll make a feature request.

2,483 Views
0 Kudos

avatar
author-rank Steve206
Contributor

Created ‎03-07-2019 08:19 AM

Thanks for the quick response. I'll look at enabling LDAPS before writing anything custom. I was being optimistic with only wanting to support StartTLS on OpenLDAP but we'll most likely come across another application at some point that only works with LDAPS.

2,484 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements