Sunil,
Just in case you meant "ldap_tls", that property is disabled.

-Jason-

On Fri, Feb 2, 2018 at 1:43 PM, Jason Mcswain <jmcsw...@cloudera.com> wrote:

> Hello Sunil,
>
> Thank you for the quick response.  Yes, this deployment is not secure, i'm
> just trying to get the env working, and then later i will consider using
> TLS.  The property you mentioned "ldap_ls",  is that an ldap property or an
> impala property?  Do you have an example of how i might disable this?
>
> Thank you,
> -Jason McSwain-
>
> ---------- Forwarded message ----------
> From: Sunil Parmar <sunilosu...@gmail.com>
> To: user@impala.apache.org
> Cc:
> Bcc:
> Date: Fri, 2 Feb 2018 10:57:23 -0800
> Subject: Re: Question about using LDAP
> I'm assuming you're not using tls because you're sending password in clear
> text. Can you try disabling the property ldap_ls , unless you already did?
>
> Sunil Parmar
>
> On Fri, Feb 2, 2018 at 11:55 AM, Jason Mcswain <jmcsw...@cloudera.com>
> wrote:
>
>> Hello Impala User Group,
>>
>> I am trying to configure Impala to use existing LDAP service, but i'm
>> running into some kind of error.  I am able to do an ldapsearch from the
>> same node that is running impalad, but when i run impala-shell i get an
>> erorr that looks like auth failed.
>>
>> ---------------------------------------------------------------
>> impala-shell query request - failed with related impalad.INFO log file.
>> ---------------------------------------------------------------
>>
>> [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000
>> --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts"
>> Starting Impala Shell using LDAP-based authentication
>> LDAP password for bob:
>> Error connecting: TTransportException, TSocket read 0 bytes
>> Not connected to Impala, could not execute queries.
>> [root@mycdhcluster-2 ~]#
>> [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO
>> I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP
>> bind for: uid=bob,ou=users,dc=ldapserver,dc=com
>> W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication
>> failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials
>> E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP):
>> Password verification failed
>> I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer: Caught
>> TException: SASL(-13): user not found: Password verification failed
>> [root@mycdhcluster-2 ~]#
>> [root@mycdhcluster-2 ~]#
>>
>> ---------------------------------------------------------------
>> ldap search on impala cluster node. - Success.
>> ---------------------------------------------------------------
>> [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com -D
>> "uid=bob,ou=users,dc=ldapserver,dc=local" -b "dc=ldapserver,dc=local"
>> "uid=bob"
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=ldapserver,dc=local> with scope subtree
>> # filter: uid=bob
>> # requesting: ALL
>> #
>>
>> # bob, users, ldapserver.local
>> dn: uid=bob,ou=users,dc=ldapserver,dc=local
>> uid: bob
>> cn: bob
>> objectClass: account
>> objectClass: posixAccount
>> objectClass: top
>> uidNumber: 504
>> gidNumber: 502
>> loginShell: /bin/bash
>> homeDirectory: /home/bob
>> userPassword:: Ymx1ZXRhbG9u
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>> [root@mycdhcluster-2 ~]# echo $?
>> 0
>>
>> -------------------------------------------------------------
>> Here is the configuration that i have done via CDH:
>> -------------------------------------------------------------
>>
>> [image: Inline image 4]
>> [image: Inline image 1]
>> [image: Inline image 5]
>> [image: Inline image 6]
>>
>> Based on this configuration and the output, does anyone know what i'm
>> doing wrong here?  I feel like i'm really close to getting impala working
>> with ldap, but i'm missing something.
>>
>> BTW my environment:
>>
>>    - i'm on CDH5.12.1
>>    - statestored version 2.9.0-cdh5.12.1 RELEASE (build
>>    5131a031f4aa38c1e50c430373c55ca53e0517b9)
>>    - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24
>>    09:27:32 PDT 2017)
>>
>> Any assistance you can provide will be greatly appreciated,
>>
>> Warm Regards,
>> -Jason McSwain-
>>
>
>

Reply via email to