We found this, which is a direct hit for the issue... https://issues.apache.org/jira/browse/AMBARI-12997
We will work this with HortonWorks. Thanks, Steve On Thu, Sep 17, 2015 at 11:18 AM, Steve Howard <[email protected]> wrote: > Ambari 2.1.0 requires a value for the > hive.server2.authentication.ldap.baseDN property. This breaks AD > authentication in hive, as "uid=whatever,OU=Users,DC=domain,DC=com" is not > a usable string for authentication in AD. > > The code path in > org.apache.hive.service.auth.LdapAuthenticationProviderImpl hardcodes > "uid=$username" + baseDN. This does not work in AD. We want to simply > authenticate using the LDAP plugin with username@domain. We ended up > changing the org.apache.hive.service.auth.LdapAuthenticationProviderImpl to > allow this to happen. The real fix is to not require the property to have a > value in Ambari, as hive even has an if property is null conditional check. > As such, by definition the hive software doesn't require it so we are > curious as to why Ambari does? > > We are currently working with the fix below to > org.apache.hive.service.auth.LdapAuthenticationProviderImpl... > > String bindDN; > if (this.baseDN == null) { > bindDN = user; > } else { > //bindDN = "uid=" + user + "," + this.baseDN; > bindDN = user; > } > > ...but think Ambari should remove the requirement so we can use the out of > the box hive class. > > Are we missing something? >
