Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to configure Ambari Hive View Instance with a LDAP user credentials ?

How to configure Ambari Hive View Instance with a LDAP user credentials ?

Contributor

I have recently turned on LDAP Hive Authentication and now I want to connect to it through the Ambari Hive View interface.

I've looked at the configuration settings for my Hive view instance but it isn't obvious where I specify a password for a LDAP user account for example?

My cluster is not kerberized and I use an external openLDAP server.

Do I have to integrate Ambari Server with the LDAP server in order to make this work?

Any help much appreciated,

Mike

4 REPLIES 4

Re: How to configure Ambari Hive View Instance with a LDAP user credentials ?

Re: How to configure Ambari Hive View Instance with a LDAP user credentials ?

Yes, run "ambari-server setup-ldap", restart your Ambari server, and then run for example "ambari-server sync-ldap --users userfile" where userfile contains IDs of users you want to import, comma separated, like

user1,
user2,
...

You can also use "--all" instead of "--users" to sync all users in your baseDN LDAP container. If sync-ldap doesn't work rigth away, instead of running setup-ldap again you can edit "auth" entries in /etc/ambari-server/conf/ambari.properties and restart Ambari server.

Re: How to configure Ambari Hive View Instance with a LDAP user credentials ?

Contributor

thanks - I have now done these steps and can login to ambari with an LDAP account. But while I can login to Hive through the beeline command tool successfully, when I try and access the Hive View through Ambari I get the following error:

H020 Could not establish connecton to <mydomain>:10000: org.apache.thrift.transport.TTransportException: Peer indicated failure: Error validating the login: org.apache.thrift.transport.TTransportException: Peer indicated failure: Error validating the login

Is there some other configuration that needs to be set for the Hive View to accept my login?

Highlighted

Re: How to configure Ambari Hive View Instance with a LDAP user credentials ?

Rising Star

@mike harding

You are hitting this error because Ambari doesn't currently pass through a user's LDAP password into the Hive view, even with Ambari server configured to LDAP users.

That being said, you can still configure the Ambari Hive view for LDAP auth by requesting the user's LDAP password from within the Hive view.

To make this configuration, update the 'Hive Authentication' setting within Ambari Views to:

auth=NONE;password=${ask_password}

With this configuration, when a user accesses the Hive view they will be prompted to enter their LDAP password:

4882-hiveviewldapprompt.png

Some additional notes:

  • You don't actually need Ambari-server configured with LDAP to have this working. You can use an Ambari local user, and request for the LDAP password within the view (assuming it is the same username that exists within your openldap server)
  • I've tested this on Ambari 2.2.x - not sure if it will work on earlier versions
  • There is a bug in Ambari 2.2.1 where after entering the LDAP password you need to manually refresh the page as it claims you've entered the wrong credentials (https://issues.apache.org/jira/browse/AMBARI-15424) - Note, after refreshing the page the view will work as expected
Don't have an account?
Coming from Hortonworks? Activate your account here