[jira] [Resolved] (SPARK-39395) Spark Thriftserver enabled LDAP,Error using beeline connection: error code 49 - invalid credentials

Tue, 07 Jun 2022 03:11:07 -0700 


     [ 
https://issues.apache.org/jira/browse/SPARK-39395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yuming Wang resolved SPARK-39395.
---------------------------------
    Resolution: Duplicate

> Spark Thriftserver enabled LDAP,Error using beeline connection: error code 49 
> - invalid credentials
> ---------------------------------------------------------------------------------------------------
>
>                 Key: SPARK-39395
>                 URL: https://issues.apache.org/jira/browse/SPARK-39395
>             Project: Spark
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 2.4.8
>            Reporter: weiliang hao
>            Priority: Major
>
> Spark Thriftserver enabled LDAP,and report an error when logging in with LDAP 
> user through beeline connection:
> {code:java}
> 22/06/06 17:45:29 ERROR transport.TSaslTransport: SASL negotiation failure
> javax.security.sasl.SaslException: Error validating the login [Caused by 
> javax.security.sasl.AuthenticationException: Error validating LDAP user 
> [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 
> Invalid Credentials]]]
>       at 
> org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)
>       at 
> org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
>       at 
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
>       at 
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
>       at 
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
>       at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>       at java.lang.Thread.run(Thread.java:748)
> Caused by: javax.security.sasl.AuthenticationException: Error validating LDAP 
> user [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 
> Invalid Credentials]]
>       at 
> org.apache.hive.service.auth.LdapAuthenticationProviderImpl.Authenticate(LdapAuthenticationProviderImpl.java:77)
>       at 
> org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler.handle(PlainSaslHelper.java:106)
>       at 
> org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:102)
>       ... 8 more
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 
> Invalid Credentials]
>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
>       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
>       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
>       at 
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
>       at 
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
>       at 
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
>       at 
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
>       at 
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
>       at javax.naming.InitialContext.init(InitialContext.java:244)
>       at javax.naming.InitialContext.<init>(InitialContext.java:216)
>       at 
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
>       at 
> org.apache.hive.service.auth.LdapAuthenticationProviderImpl.Authenticate(LdapAuthenticationProviderImpl.java:74)
>       ... 10 more
> 22/06/06 17:45:29 ERROR server.TThreadPoolServer: Error occurred during 
> processing of message.
> java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: 
> Error validating the login
>       at 
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
>       at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>       at java.lang.Thread.run(Thread.java:748)
> Caused by: org.apache.thrift.transport.TTransportException: Error validating 
> the login
>       at 
> org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
>       at 
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316)
>       at 
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
>       at 
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
>       ... 4 more {code}
> hive-site.xml:
> {code:java}
> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
> <configuration>
>     <property>
>         <name>hive.metastore.uris</name>
>         <value>thrift://metastore_uri:9083</value>
>         <description>Thrift URI for the remote metastore. Used by metastore 
> client to connect to remote metastore.</description>
>     </property>
>     <property>
>         <name>hive.cluster.delegation.token.store.class</name>
>         <value>org.apache.hadoop.hive.thrift.MemoryTokenStore</value>
>         <description>Hive defaults to MemoryTokenStore, or 
> ZooKeeperTokenStore</description>
>     </property>
>     <property>
>         <name>hive.metastore.warehouse.dir</name>
>         <value>/dtInsight/hive/warehouse</value>
>     </property>
>     <property>
>         <name>hive.exec.scratchdir</name>
>         <value>/dtInsight/hive/warehouse</value>
>     </property>
>     <property>
>         <name>hive.server2.thrift.port</name>
>         <value>10008</value>
>     </property>
>     <!-- hive enabled ldap -->
>     <property>
>         <name>hive.server2.authentication</name>
>         <value>LDAP</value>
>     </property>
>     <property>
>         <name>hive.server2.authentication.ldap.baseDN</name>
>         <value>ou=People,dc=dtstack,dc=com</value>
>     </property>
>     <property>
>         <name>hive.server2.authentication.ldap.url</name>
>         <value>ldap://ldap_ip:389</value>
>     </property>
>     <property>
>         <name>hive.server2.authentication.ldap.userDNPattern</name>
>         
> <value>uid=%s,ou=People,dc=dtstack,dc=com:cn=%s,ou=People,dc=dtstack,dc=com</value>
>     </property>
> </configuration> {code}
>  



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to