Created on 02-09-2016 04:20 PM - edited 08-19-2019 02:05 AM
Hello Gurus :) HDP 2.3.2 Ambari 2.1.2.1
I'm trying to setup HiveServer2 with LDAP authentication. It seems pretty straightforward: I performed the following: Changed HiveServer2 Authentication to LDAP
Then i setup my LDAP server url (as the Ambari requested): Restarted the Hive but hiveserver2.log shows the following during it's startup: ERROR [HiveServer2-Handler-Pool: Thread-56]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]]]
According to the error LDAP 49 - 52e the problem is with the credentials that were passed to the LDAP server. I don't find any field \ parameter in which i set the LDAP user & password for authentication... Needless to say that the authentication acts as if it is set to NONE (which is a major problem....)
Any ideas ? Thanks in advance Adi J.
Created 02-10-2016 09:02 PM
Is this happening when HS2 is started ONLY or when you connect via Beeline or both?
Try the following:
#From <property> <name>hive.server2.authentication.ldap.baseDN</name> <value> </value> </property> #To <property> <name>hive.server2.authentication.ldap.baseDN</name> <value></value> </property>
Created 06-29-2020 01:59 AM
Hi @Adija1 .
Have you hever managed to find out where to indicate username and password for hiveserver2 to be able to auth against Ad LDAP ?
I currently have this error:
Created 05-18-2016 12:42 PM
But my question is :- Why Realm is required while Connect via Beeline
Created 10-10-2016 12:40 PM
Hi Neeraj,
I am also able to login using LDAP credentials . However i have one question , please help in clearing my doubts, :-
1. If wee enable LDAP authentication for hive server2, and it is able to authenticate , then do we need knox gateway for connecting beeline or JDBC tools like SQuirrel.
2. Can Knox need LDAP authentication on at hive-server2 to work as in my case if i switch off LDAP authentication , and enabling knox , i can still login with no or worng credentials using beeline.