hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose Rozanec <jose.roza...@mercadolibre.com>
Subject Re: LDAPS (Secure LDAP) Hive configuration
Date Thu, 16 Jun 2016 13:31:12 GMT
Hi,

Yes, that is correct. We have LDAPS configured on 636, and certificate
available only at that port. 443 is not enabled in our case, and should not
bother, since communication is performed just on 636.



2016-06-15 23:20 GMT-03:00 Anurag Tangri <tangri.anurag@gmail.com>:

>
> Hey Joze,
> Ldaps is a different port like 636 or something. Default port does not
> work as far as I remember.
>
> Could you check if something on these lines ?
>
> Thanks,
> Anurag Tangri
>
> Sent from my iPhone
>
> On Jun 15, 2016, at 3:01 PM, Jose Rozanec <jose.rozanec@mercadolibre.com>
> wrote:
>
> Hi,
>
> We upgraded to 2.1.0, but we still cannot get it working: we get "LDAP:
> error code 34 - invalid DN". We double-checked the DN configuration, and
> the ldap team agrees is ok.
> We then configured SSL parameters as well (hive.server2.use.SSL,
> hive.server2.keystore.path, hive.server2.keystore.password), so that Hive
> would know where the truststore is located and its password, but in that
> case we get the following error: "SSLException: Unrecognized SSL message,
> plaintext connection". Our LDAP server does not expose the ssl
> certificate on the default port (443), but in the one LDAPS is configured.
> May that cause some trouble?
>
> We would value any insight or guidance from those who already worked on
> this.
>
> Thanks!
>
> Joze.
>
>
>
>
>
> 2016-06-13 9:45 GMT-03:00 Jose Rozanec <jose.rozanec@mercadolibre.com>:
>
>> Thank you for the quick response. Will try upgrading to version 2.1.0
>>
>> Thanks!
>>
>> 2016-06-13 4:34 GMT-03:00 Oleksiy S <osayankin.superuser@gmail.com>:
>>
>>> Hello,
>>>>
>>>> We are working on a Hive 2.0.0 cluster, to configure LDAPS
>>>> authentication, but I get some errors preventing a successful
>>>> authentication.
>>>> Does anyone have some insight on how to solve this?
>>>>
>>>> *The problem*
>>>> The errors we get are (first is most frequent):
>>>> - sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>> find valid certification path to requested target
>>>> - javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
>>>>
>>>> *Our config*
>>>> We configure the certificate obtaining a jssecacerts file and
>>>> overriding Java's default at master, as specified in this post
>>>> <http://nodsw.com/blog/leeland/2006/12/06-no-more-unable-find-valid-certification-path-requested-target>
>>>> .
>>>>
>>>> *hive-site.xml* has the following properties:
>>>>   <property>
>>>>      <name>hive.server2.authentication</name>
>>>>      <value>LDAP</value>
>>>>   </property>
>>>>   <property>
>>>>     <name>hive.server2.authentication.ldap.url</name>
>>>>     <value>ldaps://ip:port</value>
>>>>   </property>
>>>>   <property>
>>>>     <name>hive.server2.authentication.ldap.baseDN</name>
>>>>     <value>dc=net,dc=com</value>
>>>>   </property>
>>>>
>>>> Thanks!
>>>>
>>>> Joze.
>>>>
>>>
>>>
>>> This issue is fixed here
>>> https://issues.apache.org/jira/browse/HIVE-12885
>>>
>>> On Fri, Jun 10, 2016 at 10:41 PM, Jose Rozanec <
>>> jose.rozanec@mercadolibre.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> We are working on a Hive 2.0.0 cluster, to configure LDAPS
>>>> authentication, but I get some errors preventing a successful
>>>> authentication.
>>>> Does anyone have some insight on how to solve this?
>>>>
>>>> *The problem*
>>>> The errors we get are (first is most frequent):
>>>> - sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>> find valid certification path to requested target
>>>> - javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
>>>>
>>>> *Our config*
>>>> We configure the certificate obtaining a jssecacerts file and
>>>> overriding Java's default at master, as specified in this post
>>>> <http://nodsw.com/blog/leeland/2006/12/06-no-more-unable-find-valid-certification-path-requested-target>
>>>> .
>>>>
>>>> *hive-site.xml* has the following properties:
>>>>   <property>
>>>>      <name>hive.server2.authentication</name>
>>>>      <value>LDAP</value>
>>>>   </property>
>>>>   <property>
>>>>     <name>hive.server2.authentication.ldap.url</name>
>>>>     <value>ldaps://ip:port</value>
>>>>   </property>
>>>>   <property>
>>>>     <name>hive.server2.authentication.ldap.baseDN</name>
>>>>     <value>dc=net,dc=com</value>
>>>>   </property>
>>>>
>>>> Thanks!
>>>>
>>>> Joze.
>>>>
>>>
>>>
>>>
>>> --
>>> Oleksiy
>>>
>>
>>
>

Mime
View raw message