impala-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Mcswain <jmcsw...@cloudera.com>
Subject Re: Question about using LDAP
Date Fri, 02 Feb 2018 20:39:05 GMT
Thank you Jeszy!  That was the error in my configuration.  I am able to
authenticate and query now.  :)

I appreciate everyone's assistance,

-Jason-

---------- Forwarded message ----------
From: Jeszy <jeszyb@gmail.com>
To: user@impala.apache.org
Cc:
Bcc:
Date: Fri, 2 Feb 2018 21:07:54 +0100
Subject: Re: Question about using LDAP
Is the difference in ending (dc=ldapserver,dc=*com* versus dc=ldapserver,dc=
*local*) intentional?

On Fri, Feb 2, 2018 at 1:48 PM, Jason Mcswain <jmcswain@cloudera.com> wrote:

> Sunil,
> Just in case you meant "ldap_tls", that property is disabled.
>
> -Jason-
>
> On Fri, Feb 2, 2018 at 1:43 PM, Jason Mcswain <jmcswain@cloudera.com>
> wrote:
>
>> Hello Sunil,
>>
>> Thank you for the quick response.  Yes, this deployment is not secure,
>> i'm just trying to get the env working, and then later i will consider
>> using TLS.  The property you mentioned "ldap_ls",  is that an ldap property
>> or an impala property?  Do you have an example of how i might disable this?
>>
>> Thank you,
>> -Jason McSwain-
>>
>> ---------- Forwarded message ----------
>> From: Sunil Parmar <sunilosunil@gmail.com>
>> To: user@impala.apache.org
>> Cc:
>> Bcc:
>> Date: Fri, 2 Feb 2018 10:57:23 -0800
>> Subject: Re: Question about using LDAP
>> I'm assuming you're not using tls because you're sending password in
>> clear text. Can you try disabling the property ldap_ls , unless you already
>> did?
>>
>> Sunil Parmar
>>
>> On Fri, Feb 2, 2018 at 11:55 AM, Jason Mcswain <jmcswain@cloudera.com>
>> wrote:
>>
>>> Hello Impala User Group,
>>>
>>> I am trying to configure Impala to use existing LDAP service, but i'm
>>> running into some kind of error.  I am able to do an ldapsearch from the
>>> same node that is running impalad, but when i run impala-shell i get an
>>> erorr that looks like auth failed.
>>>
>>> ---------------------------------------------------------------
>>> impala-shell query request - failed with related impalad.INFO log file.
>>> ---------------------------------------------------------------
>>>
>>> [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000
>>> --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts"
>>> Starting Impala Shell using LDAP-based authentication
>>> LDAP password for bob:
>>> Error connecting: TTransportException, TSocket read 0 bytes
>>> Not connected to Impala, could not execute queries.
>>> [root@mycdhcluster-2 ~]#
>>> [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO
>>> I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP
>>> bind for: uid=bob,ou=users,dc=ldapserver,dc=com
>>> W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication
>>> failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials
>>> E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP):
>>> Password verification failed
>>> I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer:
>>> Caught TException: SASL(-13): user not found: Password verification failed
>>> [root@mycdhcluster-2 ~]#
>>> [root@mycdhcluster-2 ~]#
>>>
>>> ---------------------------------------------------------------
>>> ldap search on impala cluster node. - Success.
>>> ---------------------------------------------------------------
>>> [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com
>>> -D "uid=bob,ou=users,dc=ldapserver,dc=local" -b
>>> "dc=ldapserver,dc=local" "uid=bob"
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <dc=ldapserver,dc=local> with scope subtree
>>> # filter: uid=bob
>>> # requesting: ALL
>>> #
>>>
>>> # bob, users, ldapserver.local
>>> dn: uid=bob,ou=users,dc=ldapserver,dc=local
>>> uid: bob
>>> cn: bob
>>> objectClass: account
>>> objectClass: posixAccount
>>> objectClass: top
>>> uidNumber: 504
>>> gidNumber: 502
>>> loginShell: /bin/bash
>>> homeDirectory: /home/bob
>>> userPassword:: Ymx1ZXRhbG9u
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>> [root@mycdhcluster-2 ~]# echo $?
>>> 0
>>>
>>> -------------------------------------------------------------
>>> Here is the configuration that i have done via CDH:
>>> -------------------------------------------------------------
>>>
>>> [image: Inline image 4]
>>> [image: Inline image 1]
>>> [image: Inline image 5]
>>> [image: Inline image 6]
>>>
>>> Based on this configuration and the output, does anyone know what i'm
>>> doing wrong here?  I feel like i'm really close to getting impala working
>>> with ldap, but i'm missing something.
>>>
>>> BTW my environment:
>>>
>>>    - i'm on CDH5.12.1
>>>    - statestored version 2.9.0-cdh5.12.1 RELEASE (build
>>>    5131a031f4aa38c1e50c430373c55ca53e0517b9)
>>>    - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24
>>>    09:27:32 PDT 2017)
>>>
>>> Any assistance you can provide will be greatly appreciated,
>>>
>>> Warm Regards,
>>> -Jason McSwain-
>>>
>>
>>
>

Mime
View raw message