[jira] [Commented] (HIVE-22152) LDAP authentication failed when using username with @, example toto@mycompany.com

Wed, 28 Aug 2019 05:21:39 -0700 


    [ 
https://issues.apache.org/jira/browse/HIVE-22152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16917728#comment-16917728
 ] 

Laszlo Pinter commented on HIVE-22152:
--------------------------------------

[~fguiet] you could try changing the jdbc url to contain the credentials as 
well. Something like this:

beeline -u 
"jdbc:hive2://srv210.xxxx.fr:100000?tez.queue.name=DEV;user=_f.gu...@xxxx.fr;password=xxxx"_

> LDAP authentication failed when using username with @, example 
> t...@mycompany.com
> ---------------------------------------------------------------------------------
>
>                 Key: HIVE-22152
>                 URL: https://issues.apache.org/jira/browse/HIVE-22152
>             Project: Hive
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: 1.2.1
>         Environment: Hortonworkworks Data Platform 2.6.4
>  
> beeline --version
> Hive 1.2.1000.2.6.4.0-91
> Subversion 
> git://ctr-e134-1499953498516-209689-01-000004.hwx.site/grid/0/jenkins/workspace/HDP-parallel-centos7/SOURCES/hive
>  -r 87f2bc04724e559819902a574e78b2beeaf9f541
> Compiled by jenkins on Thu Jan 4 10:47:01 UTC 2018
> From source with checksum 73af1d20b2f8a15f36ac132297e70386
>            Reporter: Frédéric Guiet
>            Priority: Major
>
> Hi,
> I activated the LDAP authentication on Hive. I am using Hive 1.2.1 with 
> Hortonworks Data Platform 2.6.4
> Hive 1.2.1000.2.6.4.0-91
> Subversion 
> git://ctr-e134-1499953498516-209689-01-000004.hwx.site/grid/0/jenkins/workspace/HDP-parallel-centos7/SOURCES/hive
>  -r 87f2bc04724e559819902a574e78b2beeaf9f541
> Compiled by jenkins on Thu Jan 4 10:47:01 UTC 2018
> From source with checksum 73af1d20b2f8a15f36ac132297e70386
>  
> I have created a user on my ldap called: _f.guiet_
> The LDAP DN is : _uid=f.guiet,ou=Agents 
> XXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr_
>  
> Everything is working great, I can use beeline with the following command. 
> The connection is OK.
> _beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n f.guiet 
> -p xxxx_
>  
> Here is the LDAP trace on the LDAP server when I am connecting:
> Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 fd=32 TLS established 
> tls_ssf=256 ssf=256
> Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=0 BIND 
> dn="uid=f.guiet,ou=Agents 
> XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr" method=128
> Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=0 BIND 
> dn="uid=f.guiet,ou=Agents 
> XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr" mech=SIMPLE ssf=0
> Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=0 RESULT tag=97 err=0 text=
> Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=1 SRCH base="ou=Agents 
> XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr" scope=2 deref=3 
> filter="(uid=f.guiet)"
>  
> I have created another user on my ldap called : 
> [f.gu...@xxxx.fr|mailto:f.gu...@xxxx.fr]
> But when I launched the following beeline command:
> _beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n 
> f.gu...@xxxx.fr -p xxxx_
>  
> Here is the LDAP trace:
> Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 fd=32 ACCEPT from 
> IP=192.168.7.50:51814 (IP=0.0.0.0:636)
> Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 fd=32 TLS established 
> tls_ssf=256 ssf=256
> *Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 op=0 do_bind: invalid dn 
> ([f.gu...@xxxx.fr|mailto:f.gu...@brgm.fr])*
> Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 op=0 RESULT tag=97 err=34 
> text=invalid DN
> Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 fd=32 closed (connection lost)
>  
> As you can see, the DN is not valid...
> The valid DN should be:
> uid=f.gu...@xxxx.fr,ou=Agents 
> XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr
>  
> I tried a lot of things....like:
> _beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n 
> f.guiet\@xxxx.fr -p xxxx_
> _beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n 
> "f.gu...@xxxx.fr" -p xxxx_
> _beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n 
> 'f.gu...@xxxx.fr' -p xxxx_
>  
> The problem is linked with the @ character....
> Can you tell me how can I use a username with a @ to connect to hive with 
> beeline?
> Thank you very much!
> Fred
>  



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Reply via email to