I'm assuming you're not using tls because you're sending password in clear text. Can you try disabling the property ldap_ls , unless you already did?
Sunil Parmar On Fri, Feb 2, 2018 at 9:55 AM, Jason Mcswain <jmcsw...@cloudera.com> wrote: > Hello Impala User Group, > > I am trying to configure Impala to use existing LDAP service, but i'm > running into some kind of error. I am able to do an ldapsearch from the > same node that is running impalad, but when i run impala-shell i get an > erorr that looks like auth failed. > > --------------------------------------------------------------- > impala-shell query request - failed with related impalad.INFO log file. > --------------------------------------------------------------- > > [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000 > --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts" > Starting Impala Shell using LDAP-based authentication > LDAP password for bob: > Error connecting: TTransportException, TSocket read 0 bytes > Not connected to Impala, could not execute queries. > [root@mycdhcluster-2 ~]# > [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO > I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP bind > for: uid=bob,ou=users,dc=ldapserver,dc=com > W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication > failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials > E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP): > Password verification failed > I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer: Caught > TException: SASL(-13): user not found: Password verification failed > [root@mycdhcluster-2 ~]# > [root@mycdhcluster-2 ~]# > > --------------------------------------------------------------- > ldap search on impala cluster node. - Success. > --------------------------------------------------------------- > [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com -D > "uid=bob,ou=users,dc=ldapserver,dc=local" -b "dc=ldapserver,dc=local" > "uid=bob" > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <dc=ldapserver,dc=local> with scope subtree > # filter: uid=bob > # requesting: ALL > # > > # bob, users, ldapserver.local > dn: uid=bob,ou=users,dc=ldapserver,dc=local > uid: bob > cn: bob > objectClass: account > objectClass: posixAccount > objectClass: top > uidNumber: 504 > gidNumber: 502 > loginShell: /bin/bash > homeDirectory: /home/bob > userPassword:: Ymx1ZXRhbG9u > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > [root@mycdhcluster-2 ~]# echo $? > 0 > > ------------------------------------------------------------- > Here is the configuration that i have done via CDH: > ------------------------------------------------------------- > > [image: Inline image 4] > [image: Inline image 1] > [image: Inline image 5] > [image: Inline image 6] > > Based on this configuration and the output, does anyone know what i'm > doing wrong here? I feel like i'm really close to getting impala working > with ldap, but i'm missing something. > > BTW my environment: > > - i'm on CDH5.12.1 > - statestored version 2.9.0-cdh5.12.1 RELEASE (build > 5131a031f4aa38c1e50c430373c55ca53e0517b9) > - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24 > 09:27:32 PDT 2017) > > Any assistance you can provide will be greatly appreciated, > > Warm Regards, > -Jason McSwain- >