hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anurag Tangri <tangri.anu...@gmail.com>
Subject Re: LDAPS (Secure LDAP) Hive configuration
Date Thu, 16 Jun 2016 02:20:24 GMT

Hey Joze,
Ldaps is a different port like 636 or something. Default port does not work as far as I remember.


Could you check if something on these lines ?

Thanks,
Anurag Tangri

Sent from my iPhone

> On Jun 15, 2016, at 3:01 PM, Jose Rozanec <jose.rozanec@mercadolibre.com> wrote:
> 
> Hi, 
> 
> We upgraded to 2.1.0, but we still cannot get it working: we get "LDAP: error code 34
- invalid DN". We double-checked the DN configuration, and the ldap team agrees is ok. 
> We then configured SSL parameters as well (hive.server2.use.SSL, hive.server2.keystore.path,
hive.server2.keystore.password), so that Hive would know where the truststore is located and
its password, but in that case we get the following error: "SSLException: Unrecognized SSL
message, plaintext connection". Our LDAP server does not expose the ssl certificate on the
default port (443), but in the one LDAPS is configured. May that cause some trouble?
> 
> We would value any insight or guidance from those who already worked on this.
> 
> Thanks!
> 
> Joze.
> 
> 
> 
>  
> 
> 2016-06-13 9:45 GMT-03:00 Jose Rozanec <jose.rozanec@mercadolibre.com>:
>> Thank you for the quick response. Will try upgrading to version 2.1.0
>> 
>> Thanks!
>> 
>> 2016-06-13 4:34 GMT-03:00 Oleksiy S <osayankin.superuser@gmail.com>:
>>>> Hello, 
>>>> 
>>>> We are working on a Hive 2.0.0 cluster, to configure LDAPS authentication,
but I get some errors preventing a successful authentication.
>>>> Does anyone have some insight on how to solve this?
>>>> 
>>>> The problem
>>>> The errors we get are (first is most frequent):
>>>> - sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
>>>> - javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
>>>> 
>>>> Our config
>>>> We configure the certificate obtaining a jssecacerts file and overriding
Java's default at master, as specified in this post.
>>>> 
>>>> hive-site.xml has the following properties:
>>>>   <property>
>>>>      <name>hive.server2.authentication</name>
>>>>      <value>LDAP</value>
>>>>   </property>
>>>>   <property>
>>>>     <name>hive.server2.authentication.ldap.url</name>
>>>>     <value>ldaps://ip:port</value>
>>>>   </property>
>>>>   <property>
>>>>     <name>hive.server2.authentication.ldap.baseDN</name>
>>>>     <value>dc=net,dc=com</value>
>>>>   </property>
>>>> 
>>>> Thanks!
>>>> 
>>>> Joze.
>>> 
>>> 
>>> This issue is fixed here https://issues.apache.org/jira/browse/HIVE-12885 
>>> 
>>>> On Fri, Jun 10, 2016 at 10:41 PM, Jose Rozanec <jose.rozanec@mercadolibre.com>
wrote:
>>>> Hello, 
>>>> 
>>>> We are working on a Hive 2.0.0 cluster, to configure LDAPS authentication,
but I get some errors preventing a successful authentication.
>>>> Does anyone have some insight on how to solve this?
>>>> 
>>>> The problem
>>>> The errors we get are (first is most frequent):
>>>> - sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
>>>> - javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
>>>> 
>>>> Our config
>>>> We configure the certificate obtaining a jssecacerts file and overriding
Java's default at master, as specified in this post.
>>>> 
>>>> hive-site.xml has the following properties:
>>>>   <property>
>>>>      <name>hive.server2.authentication</name>
>>>>      <value>LDAP</value>
>>>>   </property>
>>>>   <property>
>>>>     <name>hive.server2.authentication.ldap.url</name>
>>>>     <value>ldaps://ip:port</value>
>>>>   </property>
>>>>   <property>
>>>>     <name>hive.server2.authentication.ldap.baseDN</name>
>>>>     <value>dc=net,dc=com</value>
>>>>   </property>
>>>> 
>>>> Thanks!
>>>> 
>>>> Joze.
>>> 
>>> 
>>> 
>>> -- 
>>> Oleksiy
>> 
> 

Mime
View raw message