[jira] [Updated] (SPARK-32570) Thriftserver LDAP failed

Sat, 08 Aug 2020 13:19:53 -0700 


     [ 
https://issues.apache.org/jira/browse/SPARK-32570?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rohit Mishra updated SPARK-32570:
---------------------------------
    Priority: Major  (was: Critical)

> Thriftserver LDAP failed
> ------------------------
>
>                 Key: SPARK-32570
>                 URL: https://issues.apache.org/jira/browse/SPARK-32570
>             Project: Spark
>          Issue Type: Question
>          Components: SQL
>    Affects Versions: 2.4.6
>            Reporter: Jie Zhang
>            Priority: Major
>
> I downloaded spark-2.4.6-bin-hadoop2.7.tgz, added a new file to 
> conf/hive-site.xml, put the following parameters into it, ran 
> sbin/start-thriftserver.sh, then bin/beeline worked, able to query tables in 
> our hive-metastore. 
> {code:java}
> <property>
>     <name>hive.metastore.uris</name>
>     <value>thrift://hive-metastore-service.company.com:9083</value>
> </property>
> <property>
>     <name>hive.metastore.schema.verification</name>
>     <value>false</value>
> </property>
> <property>
>     <name>javax.jdo.option.ConnectionURL</name>
>     
> <value>jdbc:mysql://hive-metastore-db.company.com:3306/hive?createDatabaseIfNotExist=false</value>
> </property>
> <property>
>     <name>javax.jdo.option.ConnectionDriverName</name>
>     <value>org.mariadb.jdbc.Driver</value>
> </property>
> <property>
>     <name>javax.jdo.option.ConnectionUserName</name>
>     <value>xxxxxxxxx</value>
> </property>  
> <property>
>     <name>javax.jdo.option.ConnectionPassword</name>
>     <value>xxxxxxxxx</value>
> </property>  
> <property>
>     <name>hive.metastore.connect.retries</name>
>     <value>15</value>
> </property>
> {code}
> In order to enable LDAP, I added these parameters into conf/hive-site.xml, 
> stopped and started thriftserver, then bin/beeline complained invalid 
> credentials.
> I know my credentials works because I enabled LDAP on Hive-Server2 and it 
> worked. 
> {code:java}
> <property>
>     <name>hive.server2.authentication</name>
>     <value>LDAP</value>
> </property>  
> <property>
>     <name>hive.server2.authentication.ldap.url</name>
>     <value>ldaps://ldap-server.company.com:636</value>
> </property>  
> <property>
>     <name>hive.server2.authentication.ldap.baseDN</name>
>     <value>ou=People,dc=company,dc=com</value>
> </property>  
> <property>
>     <name>hive.server2.authentication.ldap.userDNPattern</name>
>     <value>cn=%s,ou=People,dc=company,dc=com</value>
> </property>
> {code}
> The error message:
> {code:java}
> 20/08/07 21:05:39 ERROR TSaslTransport: SASL negotiation failure20/08/07 
> 21:05:39 ERROR TSaslTransport: SASL negotiation 
> failurejavax.security.sasl.SaslException: Error validating the login [Caused 
> by javax.security.sasl.AuthenticationException: Error validating LDAP user 
> [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 
> Invalid Credentials]]] at 
> org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)
>  at 
> org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
>  at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283) 
> at 
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
>  at 
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
>  at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748)Caused by: 
> javax.security.sasl.AuthenticationException: Error validating LDAP user 
> [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 
> Invalid Credentials]] at 
> org.apache.hive.service.auth.LdapAuthenticationProviderImpl.Authenticate(LdapAuthenticationProviderImpl.java:77)
>  at 
> org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler.handle(PlainSaslHelper.java:106)
>  at 
> org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:102)
>  ... 8 more
> {code}
> Anything else I need to do in order to enable LDAP on Spark Thriftserver? 
> Thanks for your help. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to