To validate what I said, run hiveserver2 in debug mode, put breakpoint in this class, authenticate method, and see if the exception is being thrown.
2013/8/23 Mikhail Antonov <olorinb...@gmail.com> > I see the same behavior and here's the reason. > > LdapAuthenticationProviderImpl - that the one responsible for LDAP > authentication in Hive. Look at this class. It has snippet (CDH 4.2.1, hive > 0.10): > > // setup the security principal > String bindDN; > if (baseDN != null) { > bindDN = "uid=" + user + "," + baseDN; > } else { > bindDN = user; > } > > And according to Cloudera documentation, you're supposed to set baseDN > param for OpenLDAP, but not for AD. So when this baseDN isn't present, Hive > takes username as it is (say user1) and tries to bind to the ldap server, > which works. > > When you set this baseDN, it constructs the bind string as > uid=user1,dc=wizetest,dc=com. But most likely, your open ldap expects it to > be rather cn=user1,dc=wizetest,dc=com, uid attribute isn't being used. > > I think the way to go is to provide you own LDAP authenticator, which has > more control on how to generate LDAP bind string. > > Mikhail > > > > > 2013/8/23 Sanjay Subramanian <sanjay.subraman...@wizecommerce.com> > >> Hi guys >> >> I tested hiveserver2 with Active directory - It works >> With Open LDAP it does not >> >> Is there any specific syntax for specifying the LDAP url or baseDN ? >> >> <property> >> <name>hive.server2.authentication.ldap.url</name> >> <value>ldap://myserver.corp.nextag.com:389</value> >> </property> >> <property> >> <name>hive.server2.authentication.ldap.baseDN</name> >> <value>dc=wizetest,dc=com</value> >> </property> >> >> Beeline keeps giving error >> >> jdbc:hive2://dev-thdp5:10000> !connect jdbc:hive2://dev-thdp5:10000 >> hiveuser1 ******** org.apache.hive.jdbc.HiveDriver >> Connecting to jdbc:hive2://dev-thdp5:10000 >> Error: Could not establish connection to jdbc:hive2://dev-thdp5:10000: >> Peer indicated failure: Error validating the login (state=08S01,code=0) >> >> Any clues ? >> >> Thanks >> >> sanjay >> >> CONFIDENTIALITY NOTICE >> ====================== >> This email message and any attachments are for the exclusive use of the >> intended recipient(s) and may contain confidential and privileged >> information. Any unauthorized review, use, disclosure or distribution is >> prohibited. If you are not the intended recipient, please contact the >> sender by reply email and destroy all copies of the original message along >> with any attachments, from your computer system. If you are the intended >> recipient, please be advised that the content of this message is subject to >> access, review and disclosure by the sender's Email System Administrator. >> > > > > -- > Thanks, > Michael Antonov > -- Thanks, Michael Antonov