Cloudera Community
markrittman
user rank
Explorer
My Accepted Solutions
Show All

Re: Hue - Retrieval of LDAP Group Membership when ...

by Explorer in Support Questions
‎07-17-2014 02:48 PM
‎07-17-2014 02:48 PM
For the benefit of others reading this thread, I managed to get an answer via our Oracle (Big Data Appliance) support agreement, who in-turn asked Cloudera for the answer. Here's the response (edited);   "1. Hue only gets group membership from its internal DB. Rather than manually adding users, Hue can import users & groups from LDAP. Also the LDAP group membership is updated when the sync users/groups is run. This section of the documentation describes common configurations: http://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH5/latest/CDH5-Security-Guide/cdh5sg_hue_ldap_config.html   Below are a few blogs that explain some of the details.   How-to: Make Hadoop Accessible via LDAP http://blog.cloudera.com/blog/2014/02/how-to-make-hadoop-accessible-via-ldap/   How-to: Manage Permissions in Hue http://blog.cloudera.com/blog/2012/12/managing-permissions-in-hue/   2. Currently there is no way to limit users login based on group. The sync process only brings in users already defined for Hue. You can import users from and LDAP by defining a user filter. The process is described in the blog " How-to: Make Hadoop Accessible via LDAP". Cloudera opened a feature request for you just now, to limit user logins by group membership. It is being tracked by internal JIRA CDH-20336.    3. However you can add useradmin rights to a particular group. To do this you navigate to User Admin (icon in menu bar) -> permissions (tab). In that screen you can define a group that has admin privileges."   Mark ... View more

Re: Hue - Retrieval of LDAP Group Membership when ...

by Explorer in Support Questions
‎07-13-2014 07:23 AM
‎07-13-2014 07:23 AM
Thanks, I've read that doc (and the rest of the online docs) and it doesn't really answer my questions. For example, it says "With the Hue LDAP integration, users can use their LDAP credentials to authenticate and inherit their existing groups transparently", but then later on says "If an LDAP user needs to be part of a certain group and have a particular set of permissions, then this user can be imported via the Useradmin interface" - hence my question as to whether users that come in via direct bind authentication automatically are assigned to groups within Hue - or whether I need to separately import groups, then manually add the users to the groups in Hue.   And it doesn't address my second or third questions, either.   Is there anyone from the Hue team who can answer my specific questions?   thanks in advance   Mark ... View more

Hue - Retrieval of LDAP Group Membership when User...

by Explorer in Support Questions
‎07-10-2014 12:10 AM
‎07-10-2014 12:10 AM
Could someone clarify a couple of things for me please?   1. When you have set up Hue (2.5, within CDH4.6) to use direct bind LDAP authentication, when a user logs in, should their LDAP groups automatically come through as well and be shown as groups within Hue's User Admin pages? For reference i'm trying this against OpenLDAP as the LDAP server, and whilst I can direct bind authenticate as a user, and seperately import in LDAP groups, I can't seem to automatically retrieve the users' groups when they log in even though I've set the "member" LDAP attribute etc in the LDAP settings.   2. Is there any way to configure Hue in direct bind mode to only allow users who belong to certain groups in LDAP to log in? For example, if I assign users to two groups - HUE_ADMIN and HUE_USER - can I configure Hue to only give access to those groups, and deny everyone else access (even if they've entered otherwise valid LDAP credentials in direct bind mode)?   3. Finally - is there any way to automatically assign Hue Superuser status to direct bind LDAP users based on membership of a certain LDAP group (for example, HUE_ADMIN?)   thanks   Mark ... View more
Labels:

Re: Cannot connect to Hive on CDH4.5 EC2 installat...

by Explorer in Support Questions
‎01-08-2014 11:15 AM
‎01-08-2014 11:15 AM
Thanks. One other issue I hit with Impala is that, on the EC2 install, the port isn't open (21050); this looks like it's because the maximum number of security rules in an AWS security group has been exceeded by the installer. You can add more security groups to an instance, so I'll try that route. ... View more

Re: Cannot connect to Hive on CDH4.5 EC2 installat...

by Explorer in Support Questions
‎01-08-2014 09:32 AM
‎01-08-2014 09:32 AM
Hi - thanks for the background.   One last question (promise) - if I'm also going to connect to Impala on either the Quickstart VM or an EC2 install (using Cloudera's ODBC drivers for Impala), should I also connect using port 10000, i.e. the Hiveserver2 port? Or should I use 21050?   Reason I ask is that now testing the Impala drivers, 10000 works, but I can't get a connection to work on 21050 (although I seem to remember it worked on that port before...)   Mark ... View more

Re: Cannot connect to Hive on CDH4.5 EC2 installat...

by Explorer in Support Questions
‎01-08-2014 08:27 AM
‎01-08-2014 08:27 AM
Thanks Darren. So does that mean that hiveserver1 (with thrift) is installed by default? My take is that there's no thrift server and no hiveserver2 by default, so by default there's no way you can connect via ODBC or JDBC to Hive? Is this correct? ... View more

Re: Cannot connect to Hive on CDH4.5 EC2 installat...

by Explorer in Support Questions
‎01-08-2014 01:36 AM
‎01-08-2014 01:36 AM
Hi Dave   Perfect, that was it. The Hiveserver2 service as you say, isn't installed by default, but adding it via those steps via CM enabled it, and now I can connect OK. Thanks for your help.   Is there any reason that this service isn't installed and enabled by default? As you say, looking at the instance details in CM, it looks like it should be there, and no-body would be able to connect via Hive ODBC/JDBC drivers from an external machine until this is set up.   Mark ... View more

Re: Cannot connect to Hive on CDH4.5 EC2 installat...

by Explorer in Support Questions
‎01-07-2014 01:21 PM
‎01-07-2014 01:21 PM
Hi Dave,   The error message that the Cloudera ODBC Driver for Apache Hive Data Source dialog shows, when testing out a new system DSN on Windows Server 2008 R2 64-bit, is:   " Driver Version: V2.5.5.1006 Running connectivity tests... Attempting connection Failed to establish connection SQLSTATE: HY000[Cloudera][HiveODBC] (34) Error from Hive: connect() failed: errno = 10061. TESTS COMPLETED WITH ERROR."   Going over to CDH4, even testing it against the VMWare Quickstart VM using beeline on that VM, I get the error message:   "Error: could not establish connection to jdbc:hive2://localhost:10000: Java.net.ConnectException: connection refused (state=08S01, code=0"   I don't think the Hiveserver2 service is actually installed or running on the VM (or on the EC2 installs). If I try:   sudo service hive-server2 start   I get   hive-server2: unrecognized service   and if I type in:   chkconfig --list   it's not listed there - which makes me think hiveserver2 isn't running (or thrift), and that's why nothing can connect.   Mark ... View more

Re: Cannot connect to Hive on CDH4.5 EC2 installat...

by Explorer in Support Questions
‎01-04-2014 03:52 AM
‎01-04-2014 03:52 AM
I'm getting the impression from lack of responses, and from lack of content on this on the forums etc, that Hive is effectively deprecated in favour of Impala for SQL-like access against CDH; however - it's the only way that I can access Hadoop from ETL tools such as Oracle Data Integrator, which then rules out this platform as a source for "hadoop ETL".   If I come up with a solution I'll post it here, but it's disappointing that I can't get it to work. ... View more

Re: Cannot connect to Hive on CDH4.5 EC2 installat...

by Explorer in Support Questions
‎01-03-2014 01:53 PM
‎01-03-2014 01:53 PM
The networking would have been whatever the cloudera installer set up within EC2 - I didn't specifically set anything up, the wizard that run from the initial cloud instance then sets up the hadoop instances, their keypairs, their security groups etc. So - in theory - presumably it should just work. When I run python -c "import socket; print socket.getfqdn(); print socket.gethostbyname(socket.getfqdn())" SSH'd into one of the instances, it returns the hostname, and the internal IP address (internal to EC2). I wonder - do I have to create an SSH tunnel to get access to the EC2 machines from within the AWS network, like this - http://www.toadworld.com/products/toad-for-cloud-databases/f/102/t/5773.aspx - I'm thinking not though as port 10000 is open in those instances security groups.   Another thing - the other thread I linked to had the same problem, and he was using the Quickstart VM. I've also had the same problem (with Hive, not Impala) on Quickstart too, so is it a generic issue with machines set up using this installer/CDH4?   Mark ... View more
Contact Me
Online
Offline
Last Visited
‎10-08-2014 07:12 AM
Community Statistics
Member Since ‎01-03-2014 09:42 AM
Last Visited ‎10-08-2014 07:12 AM
Posts 16