Szehon Ho created HIVE-6182:
-------------------------------
Summary: LDAP Authentication errors need to be more informative
Key: HIVE-6182
URL: https://issues.apache.org/jira/browse/HIVE-6182
Project: Hive
Issue Type: Improvement
Components: Authentication
Affects Versions: 0.13.0
Reporter: Szehon Ho
Assignee: Szehon Ho
There are a host of errors that can happen when logging into an LDAP-enabled
Hive-server2 from beeline. But for any error there is only a generic log
message:
{code}
SASL negotiation failure
javax.security.sasl.SaslException: PLAIN auth failed: Error validating LDAP user
at
org.apache.hadoop.security.SaslPlainServer.evaluateResponse(SaslPlainServer.java:108)
at
org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrRespons
{code}
And on Beeline side there is only an even more unhelpful message:
{code}
Error: Invalid URL: jdbc:hive2://localhost:10000/default (state=08S01,code=0)
{code}
It would be good to print out the underlying error message at least in the log,
if not beeline. But today they are swallowed. This is bad because the
underlying message is the most important, having the error codes as shown here
: [LDAP error code|https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes]
The beeline seems to throw that exception for any error during connection,
authetication or otherwise.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
