Hello Impala User Group, I am trying to configure Impala to use existing LDAP service, but i'm running into some kind of error. I am able to do an ldapsearch from the same node that is running impalad, but when i run impala-shell i get an erorr that looks like auth failed.
--------------------------------------------------------------- impala-shell query request - failed with related impalad.INFO log file. --------------------------------------------------------------- [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000 --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts" Starting Impala Shell using LDAP-based authentication LDAP password for bob: Error connecting: TTransportException, TSocket read 0 bytes Not connected to Impala, could not execute queries. [root@mycdhcluster-2 ~]# [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP bind for: uid=bob,ou=users,dc=ldapserver,dc=com W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP): Password verification failed I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer: Caught TException: SASL(-13): user not found: Password verification failed [root@mycdhcluster-2 ~]# [root@mycdhcluster-2 ~]# --------------------------------------------------------------- ldap search on impala cluster node. - Success. --------------------------------------------------------------- [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com -D "uid=bob,ou=users,dc=ldapserver,dc=local" -b "dc=ldapserver,dc=local" "uid=bob" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=ldapserver,dc=local> with scope subtree # filter: uid=bob # requesting: ALL # # bob, users, ldapserver.local dn: uid=bob,ou=users,dc=ldapserver,dc=local uid: bob cn: bob objectClass: account objectClass: posixAccount objectClass: top uidNumber: 504 gidNumber: 502 loginShell: /bin/bash homeDirectory: /home/bob userPassword:: Ymx1ZXRhbG9u # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@mycdhcluster-2 ~]# echo $? 0 ------------------------------------------------------------- Here is the configuration that i have done via CDH: ------------------------------------------------------------- [image: Inline image 4] [image: Inline image 1] [image: Inline image 5] [image: Inline image 6] Based on this configuration and the output, does anyone know what i'm doing wrong here? I feel like i'm really close to getting impala working with ldap, but i'm missing something. BTW my environment: - i'm on CDH5.12.1 - statestored version 2.9.0-cdh5.12.1 RELEASE (build 5131a031f4aa38c1e50c430373c55ca53e0517b9) - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24 09:27:32 PDT 2017) Any assistance you can provide will be greatly appreciated, Warm Regards, -Jason McSwain-
