Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

LDAP Authentication with HiveServer2 only accepts full distinguished name (DN)

LDAP Authentication with HiveServer2 only accepts full distinguished name (DN)

New Contributor

We have enabled LDAP authentication with HiveServer2 using Active Directory. 

 

However, with a login form

beeline> !connect jdbc:hive2://hiveserver:10000

I need to enter username the DN of my directory entry such as

 

CN=Michael Jordan,OU=Staff Accounts,OU=Users,OU=Accounts,DC=nba,DC=com

+ password to authenticate to LDAP.

 

E-mail address and sAMAccountName (for example, mjordan) + password both got "Peer indicated failure: Error validating the login (state=08S01,code=0)" error.

 

Is it supposed to be this way? Or is there a way to configure HiveServer2 to solve this DN resolution issue?

 

The steps we did on Cloudera Manager are:

  1. Check Enable LDAP Authentication.
  2. Enter the LDAP URL in the format ldaps://<host>:<port>
  3. Enter the Active Directory Domain for my environment.

We also configured LDAPS authentication with HiveServer2.

 

Thank you in advance for any help you can provide.