Member since
01-21-2021
7
Posts
0
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
3158 | 02-19-2021 01:21 PM |
08-16-2021
08:30 AM
Hi All, So i'm on the latest CDP public cloud trial with AWS, i've successfullly registered an environment and datalake on AWS, I've also added my old CDH 6.3.2 cluster to the CDP platform successfully. I went through replication manager creating policy process, it validated successfully, but when i actually ran the policy, it gave me the error " bad request (policydefinition.hive.externaltable.basedirectory:must be a valid cloud storage path) , can someone help me on this? I'm all at lost
... View more
Labels:
03-08-2021
06:55 AM
Hi all,
I've recently set up HDFS with LDAP group mapping, I'm doing it through the cloudera manager, CDH6.3. Everything looks like it was working, i can see the hdfs does recognize my ldap users and the groups, but it doesn't show all the groups my ldap user belongs to, it only shows the primary group. As you can see from below, my ldap user "jchiang" is in primary group testgroup and secondary group red, but the hdfs only shows testgroup. I'm using openldap as my ldap directory. Is there a way to get all the ldap groups show up? I've included my hdfs ldap config below, I assume maybe there's something in the group filter i need to change? thanks
[jchiang@ip-172-0-0-203 ~]$ hdfs groups jchiang : testgroup
[jchiang@ip-172-0-0-203 ~]$ groups testgroup red
Hadoop User Group Mapping Implementation
hadoop.security.group.mapping : org.apache.hadoop.security.LdapGroupsMapping
Hadoop User Group Mapping LDAP User Search Filter
hadoop.security.group.mapping.ldap.search.filter.user: (&(objectClass=posixAccount)(uid={0}))
Hadoop User Group Mapping LDAP Group Search Filter
hadoop.security.group.mapping.ldap.search.filter.group: (objectclass=posixGroup)
Hadoop User Group Mapping LDAP Group Membership Attribute
hadoop.security.group.mapping.ldap.search.attr.member: memberUid
Hadoop User Group Mapping LDAP Group Name Attribute
hadoop.security.group.mapping.ldap.search.attr.group.name: cn
... View more
Labels:
02-19-2021
01:21 PM
Hi tmater, sorry for the delay, yea the user does exist in the directory in that OU. I actually do have an update on this, so originally the cloudera cluster(on AWS network) authenticates against my ldap server(on premise office network) via the WAN traffic. I did open port 389 and 636 both UDP and TCP on my ldap server and firewall. That didn't work. I just finished setting up a VPN tunnel between AWS and on premise network, I use the LAN ip for ldap settings on impala, and now it works. So i'm not sure if there's any additional ports needed to be open for the impala LDAP authentication or I did something wrong. But everything works now through the ldap and VPN tunnel.
... View more
02-11-2021
02:07 PM
Hi,
I've pretty much read through all the articles and questions about this, but i'm still having issues. the ldap user is definitely there and i can query through ldap port:389.
I've set up the HUE ldap to authenticate against my openldap server, it works great. But i couldn't get the impala ldap setup to work. I'm using CDH 6.3.
I configured impala ldap settings through CM gui, services restarted okay after the config
Advanced Configuratoin snippet(safety valve) :--ldap_passwords_in_clear_ok=true
Enable LDAP Authentication: checked
LDAP URL: ldap://myldapFQDN:389
LDAP BaseDN: ou=users,dc=ldap,dc=xxx,dc=com
Error when using cloudera impala jdbc driver to connect, it worked with AuthMech=0 before I enabled LDAP
drv <- RJDBC::JDBC("com.cloudera.impala.jdbc4.Driver", "/opt/jars/ImpalaJDBC4.jar") con <- dbConnect(drv, "jdbc:impala://impalaDaemonIP:21050;AuthMech=3;UID=myuser;PWD=mypassword") Error in .jcall(drv@jdrv, "Ljava/sql/Connection;", "connect", as.character(url)[1], : java.sql.SQLException: [Cloudera][ImpalaJDBCDriver](500176) Error connecting to HiveServer2, please verify connection settings.
Error when using the impala-shell
impala-shell -i impalaDaemonIP -d default -l -u myuser --auth_creds_ok_in_clear
prompted password and entered
Socket error None: timed out *********************************************************************************** Welcome to the Impala shell. (Impala Shell v3.2.0-cdh6.3.2 (1bb9836) built on Fri Nov 8 07:22:06 PST 2019)
Press TAB twice to see a list of available commands. ***********************************************************************************
LDAP authentication is enabled, but the connection to Impala is not secured by TLS. ALL PASSWORDS WILL BE SENT IN THE CLEAR TO IMPALA. [Not connected] >
/var/log/impalad/impalad.INFO log info
I0211 21:51:14.585675 63449 thrift-util.cc:123] TAcceptQueueServer: Caught TException: invalid sasl status I0211 22:00:26.182997 63450 authentication.cc:254] Trying simple LDAP bind for: uid=myuser,ou=users,dc=ldap,dc=xxx,dc=com W0211 22:02:33.461439 63450 authentication.cc:261] LDAP authentication failure for uid=myuser,ou=users,dc=ldap,dc=xxx,dc=com : Can't contact LDAP server E0211 22:02:33.461570 63450 authentication.cc:164] SASL message (LDAP): Password verification failed
... View more
Labels:
01-29-2021
06:59 AM
Hi Guys, need some help here, has anyone done a reset on cloudera director password before?
... View more
01-23-2021
02:50 PM
Is there anyway i can reset the director admin password?
... View more
01-21-2021
07:43 AM
I know this is a stupid mistake, I've recently changed my default admin credential for director, and i can't seem to log in with the credentials anymore, i've seen a lot of topics regarding cloudera manager, but nothing for the director admin password reset yet, any help is appreicated, thanks
... View more
Labels:
- Labels:
-
Cloudera Manager