Hello Impala User Group,

I am trying to configure Impala to use existing LDAP service, but i'm
running into some kind of error.  I am able to do an ldapsearch from the
same node that is running impalad, but when i run impala-shell i get an
erorr that looks like auth failed.

---------------------------------------------------------------
impala-shell query request - failed with related impalad.INFO log file.
---------------------------------------------------------------

[root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000
--auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts"
Starting Impala Shell using LDAP-based authentication
LDAP password for bob:
Error connecting: TTransportException, TSocket read 0 bytes
Not connected to Impala, could not execute queries.
[root@mycdhcluster-2 ~]#
[root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO
I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP bind
for: uid=bob,ou=users,dc=ldapserver,dc=com
W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication
failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials
E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP):
Password verification failed
I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer: Caught
TException: SASL(-13): user not found: Password verification failed
[root@mycdhcluster-2 ~]#
[root@mycdhcluster-2 ~]#

---------------------------------------------------------------
ldap search on impala cluster node. - Success.
---------------------------------------------------------------
[root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com -D
"uid=bob,ou=users,dc=ldapserver,dc=local" -b "dc=ldapserver,dc=local"
"uid=bob"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=ldapserver,dc=local> with scope subtree
# filter: uid=bob
# requesting: ALL
#

# bob, users, ldapserver.local
dn: uid=bob,ou=users,dc=ldapserver,dc=local
uid: bob
cn: bob
objectClass: account
objectClass: posixAccount
objectClass: top
uidNumber: 504
gidNumber: 502
loginShell: /bin/bash
homeDirectory: /home/bob
userPassword:: Ymx1ZXRhbG9u

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@mycdhcluster-2 ~]# echo $?
0

-------------------------------------------------------------
Here is the configuration that i have done via CDH:
-------------------------------------------------------------

[image: Inline image 4]
[image: Inline image 1]
[image: Inline image 5]
[image: Inline image 6]

Based on this configuration and the output, does anyone know what i'm doing
wrong here?  I feel like i'm really close to getting impala working with
ldap, but i'm missing something.

BTW my environment:

   - i'm on CDH5.12.1
   - statestored version 2.9.0-cdh5.12.1 RELEASE (build
   5131a031f4aa38c1e50c430373c55ca53e0517b9)
   - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24 09:27:32
   PDT 2017)

Any assistance you can provide will be greatly appreciated,

Warm Regards,
-Jason McSwain-

Reply via email to