[jira] [Updated] (HIVE-6182) LDAP Authentication errors need to be more informative

Fri, 10 Jan 2014 18:58:50 -0800 

     [ 
https://issues.apache.org/jira/browse/HIVE-6182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Szehon Ho updated HIVE-6182:
----------------------------

    Attachment: HIVE-6182.patch

Submitting a fix.

The log now shows more information:

{code}
2014-01-10 18:53:09,609 ERROR transport.TSaslTransport 
(TSaslTransport.java:open(296)) - SASL negotiation failure
javax.security.sasl.SaslException: Error validating the login [Caused by 
javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused 
by javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]]]
        at 
org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:134)
        at 
org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:509)
{code}

> LDAP Authentication errors need to be more informative
> ------------------------------------------------------
>
>                 Key: HIVE-6182
>                 URL: https://issues.apache.org/jira/browse/HIVE-6182
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authentication
>    Affects Versions: 0.13.0
>            Reporter: Szehon Ho
>            Assignee: Szehon Ho
>         Attachments: HIVE-6182.patch
>
>
> There are a host of errors that can happen when logging into an LDAP-enabled 
> Hive-server2 from beeline.  But for any error there is only a generic log 
> message:
> {code}
> SASL negotiation failure
> javax.security.sasl.SaslException: PLAIN auth failed: Error validating LDAP 
> user
>       at 
> org.apache.hadoop.security.SaslPlainServer.evaluateResponse(SaslPlainServer.java:108)
>       at 
> org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrRespons
> {code}
> And on Beeline side there is only an even more unhelpful message:
> {code}
> Error: Invalid URL: jdbc:hive2://localhost:10000/default (state=08S01,code=0)
> {code}
> It would be good to print out the underlying error message at least in the 
> log, if not beeline.   But today they are swallowed.  This is bad because the 
> underlying message is the most important, having the error codes as shown 
> here : [LDAP error 
> code|https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes]
> The beeline seems to throw that exception for any error during connection, 
> authetication or otherwise.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to