Hello Gurus :) HDP 2.3.2 Ambari 184.108.40.206
I'm trying to setup HiveServer2 with LDAP authentication. It seems pretty straightforward: I performed the following: Changed HiveServer2 Authentication to LDAP
Then i setup my LDAP server url (as the Ambari requested): Restarted the Hive but hiveserver2.log shows the following during it's startup: ERROR [HiveServer2-Handler-Pool: Thread-56]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]]]
According to the error LDAP 49 - 52e the problem is with the credentials that were passed to the LDAP server. I don't find any field \ parameter in which i set the LDAP user & password for authentication... Needless to say that the authentication acts as if it is set to NONE (which is a major problem....)
Any ideas ? Thanks in advance Adi J.
Is this happening when HS2 is started ONLY or when you connect via Beeline or both?
Try the following:
#From <property> <name>hive.server2.authentication.ldap.baseDN</name> <value> </value> </property> #To <property> <name>hive.server2.authentication.ldap.baseDN</name> <value></value> </property>
My problem is when i use third party querying tools such as SQLdeveloper (or even IBM cognos) - i'm able to connect to the hive, see tables and query - without providing any password or with providing wrong password (As if the Security is set to NONE).
The HiveServer2 acts the same if the security is set to LDAP or NONE, and it shouldn't. When set to NONE - as long as my user has authorization for a specific table - i can query it without authentication against LDAP. (hence - NONE. no Authentication needed). When set to LDAP, if setup is correct, i won't be able to query anything without connecting using my credentials.
During the HiveServer2 startup i see that error in the log (52e) - so HiveServer2 has some sort of configuration problem regarding LDAP. There must be a property in which i setup a user & password for HS2 to check authentication against LDAP but i can't find any...
(I've managed to configure Ambari to use LDAP, and HUE to use LDAP, and even Ranger's user sync - all of them use a manager DN or a bind DN. But where is this value in HS2 config ??