Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

LDAP: error code 49 when setting LDAP auth for HiveServer2

Labels:
avatar
author-rank Adija1
Super Collaborator

Created on ‎02-09-2016 04:20 PM - edited ‎08-19-2019 02:05 AM

Hello Gurus :) HDP 2.3.2 Ambari 2.1.2.1

I'm trying to setup HiveServer2 with LDAP authentication. It seems pretty straightforward: I performed the following: Changed HiveServer2 Authentication to LDAP

1954-1.png Then i setup my LDAP server url (as the Ambari requested): 1955-2.png Restarted the Hive but hiveserver2.log shows the following during it's startup: ERROR [HiveServer2-Handler-Pool: Thread-56]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]]]

According to the error LDAP 49 - 52e the problem is with the credentials that were passed to the LDAP server. I don't find any field \ parameter in which i set the LDAP user & password for authentication... Needless to say that the authentication acts as if it is set to NONE (which is a major problem....)

Any ideas ? Thanks in advance Adi J.

39,002 Views
2 ACCEPTED SOLUTIONS

avatar
author-rank amcbarnett
Guru

Created ‎02-10-2016 09:02 PM

@Adi Jabkowsky

Is this happening when HS2 is started ONLY or when you connect via Beeline or both?

Try the following:

  1. Your hive.server2.authentication.ldap.baseDN has a blank space. Remove the blank space and restart HS2 from Hosts in Ambari 
    #From
<property>
<name>hive.server2.authentication.ldap.baseDN</name>
<value> </value>
</property>

#To
<property>
<name>hive.server2.authentication.ldap.baseDN</name>
<value></value>
</property>
  2. Remove hive.server2.authentication.ldap.Domain or set to Blank. Then log into HS2 using beeline and set your user to myuser@corp.cellcom.co.il as your login and see if it authenticates
  3. Set hive.server2.enable.doAs to False so that Hive user executes the query,
  4. If you are using a Hive AD user, Double check that the hive AD UID is the same in /etc/passwd file. Make an archive of HS2 Logs, change /etc/passwd to have the same UUID as the AD hive user, and restart HS2.

View solution in original post

37,466 Views

avatar
author-rank florianc
Explorer

Created ‎06-29-2020 01:59 AM

Hi  @Adija1 .

 

Have you hever managed to find out where to indicate username and password for hiveserver2 to be able to auth against Ad LDAP ?

 

I currently have this error:

 

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]
 
But I have nowhere in Hive config (Ambari 3.1) to say what user and password to use, and even though this question has been asked at least twice on this post, no one answered...

View solution in original post

32,807 Views
0 Kudos
41 REPLIES 41

avatar
author-rank Adija1
Super Collaborator

Created ‎02-09-2016 04:22 PM

@Neeraj Sabharwal

26,300 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-09-2016 04:23 PM

@Adi Jabkowsky Looking into it 😉

26,300 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-09-2016 04:24 PM

@Adi Jabkowsky

Please see this guide https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_dataintegration/content/enabling_hs2_for...

26,301 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-09-2016 04:50 PM

@Adi Jabkowsky

You should use beeline and provide ldap username and password during the authentication.

26,300 Views
0 Kudos

avatar
author-rank Adija1
Super Collaborator

Created ‎02-09-2016 05:08 PM

@Neeraj Sabharwal The beeline in the documentation is just an example for how to test the configuration.

My problem is when i use third party querying tools such as SQLdeveloper (or even IBM cognos) - i'm able to connect to the hive, see tables and query - without providing any password or with providing wrong password (As if the Security is set to NONE).

26,300 Views

avatar
author-rank Adija1
Super Collaborator

Created ‎02-09-2016 05:08 PM

The HiveServer2 acts the same if the security is set to LDAP or NONE, and it shouldn't. When set to NONE - as long as my user has authorization for a specific table - i can query it without authentication against LDAP. (hence - NONE. no Authentication needed). When set to LDAP, if setup is correct, i won't be able to query anything without connecting using my credentials.

26,300 Views

avatar
author-rank Adija1
Super Collaborator

Created ‎02-09-2016 05:08 PM

During the HiveServer2 startup i see that error in the log (52e) - so HiveServer2 has some sort of configuration problem regarding LDAP. There must be a property in which i setup a user & password for HS2 to check authentication against LDAP but i can't find any...

(I've managed to configure Ambari to use LDAP, and HUE to use LDAP, and even Ranger's user sync - all of them use a manager DN or a bind DN. But where is this value in HS2 config ??

26,300 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-09-2016 07:30 PM

@Adi Jabkowsky

adldap.txt

See if you can set this up

Preview file
1 KB
26,297 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-09-2016 05:57 PM

@Adi Jabkowsky

Can you send me your hive-site.xml?

26,301 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements