To validate what I said, run hiveserver2 in debug mode, put breakpoint in
this class, authenticate method, and see if the exception is being thrown.
2013/8/23 Mikhail Antonov <olorinb...@gmail.com>
> I see the same behavior and here's the reason.
>
> LdapAuthenticationProviderImpl - that the one responsible for LDAP
> authentication in Hive. Look at this class. It has snippet (CDH 4.2.1, hive
> 0.10):
>
> // setup the security principal
> String bindDN;
> if (baseDN != null) {
> bindDN = "uid=" + user + "," + baseDN;
> } else {
> bindDN = user;
> }
>
> And according to Cloudera documentation, you're supposed to set baseDN
> param for OpenLDAP, but not for AD. So when this baseDN isn't present, Hive
> takes username as it is (say user1) and tries to bind to the ldap server,
> which works.
>
> When you set this baseDN, it constructs the bind string as
> uid=user1,dc=wizetest,dc=com. But most likely, your open ldap expects it to
> be rather cn=user1,dc=wizetest,dc=com, uid attribute isn't being used.
>
> I think the way to go is to provide you own LDAP authenticator, which has
> more control on how to generate LDAP bind string.
>
> Mikhail
>
>
>
>
> 2013/8/23 Sanjay Subramanian <sanjay.subraman...@wizecommerce.com>
>
>> Hi guys
>>
>> I tested hiveserver2 with Active directory - It works
>> With Open LDAP it does not
>>
>> Is there any specific syntax for specifying the LDAP url or baseDN ?
>>
>> <property>
>> <name>hive.server2.authentication.ldap.url</name>
>> <value>ldap://myserver.corp.nextag.com:389</value>
>> </property>
>> <property>
>> <name>hive.server2.authentication.ldap.baseDN</name>
>> <value>dc=wizetest,dc=com</value>
>> </property>
>>
>> Beeline keeps giving error
>>
>> jdbc:hive2://dev-thdp5:10000> !connect jdbc:hive2://dev-thdp5:10000
>> hiveuser1 ******** org.apache.hive.jdbc.HiveDriver
>> Connecting to jdbc:hive2://dev-thdp5:10000
>> Error: Could not establish connection to jdbc:hive2://dev-thdp5:10000:
>> Peer indicated failure: Error validating the login (state=08S01,code=0)
>>
>> Any clues ?
>>
>> Thanks
>>
>> sanjay
>>
>> CONFIDENTIALITY NOTICE
>> ======================
>> This email message and any attachments are for the exclusive use of the
>> intended recipient(s) and may contain confidential and privileged
>> information. Any unauthorized review, use, disclosure or distribution is
>> prohibited. If you are not the intended recipient, please contact the
>> sender by reply email and destroy all copies of the original message along
>> with any attachments, from your computer system. If you are the intended
>> recipient, please be advised that the content of this message is subject to
>> access, review and disclosure by the sender's Email System Administrator.
>>
>
>
>
> --
> Thanks,
> Michael Antonov
>
--
Thanks,
Michael Antonov
