Sunil, Just in case you meant "ldap_tls", that property is disabled.
-Jason- On Fri, Feb 2, 2018 at 1:43 PM, Jason Mcswain <[email protected]> wrote: > Hello Sunil, > > Thank you for the quick response. Yes, this deployment is not secure, i'm > just trying to get the env working, and then later i will consider using > TLS. The property you mentioned "ldap_ls", is that an ldap property or an > impala property? Do you have an example of how i might disable this? > > Thank you, > -Jason McSwain- > > ---------- Forwarded message ---------- > From: Sunil Parmar <[email protected]> > To: [email protected] > Cc: > Bcc: > Date: Fri, 2 Feb 2018 10:57:23 -0800 > Subject: Re: Question about using LDAP > I'm assuming you're not using tls because you're sending password in clear > text. Can you try disabling the property ldap_ls , unless you already did? > > Sunil Parmar > > On Fri, Feb 2, 2018 at 11:55 AM, Jason Mcswain <[email protected]> > wrote: > >> Hello Impala User Group, >> >> I am trying to configure Impala to use existing LDAP service, but i'm >> running into some kind of error. I am able to do an ldapsearch from the >> same node that is running impalad, but when i run impala-shell i get an >> erorr that looks like auth failed. >> >> --------------------------------------------------------------- >> impala-shell query request - failed with related impalad.INFO log file. >> --------------------------------------------------------------- >> >> [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000 >> --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts" >> Starting Impala Shell using LDAP-based authentication >> LDAP password for bob: >> Error connecting: TTransportException, TSocket read 0 bytes >> Not connected to Impala, could not execute queries. >> [root@mycdhcluster-2 ~]# >> [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO >> I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP >> bind for: uid=bob,ou=users,dc=ldapserver,dc=com >> W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication >> failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials >> E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP): >> Password verification failed >> I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer: Caught >> TException: SASL(-13): user not found: Password verification failed >> [root@mycdhcluster-2 ~]# >> [root@mycdhcluster-2 ~]# >> >> --------------------------------------------------------------- >> ldap search on impala cluster node. - Success. >> --------------------------------------------------------------- >> [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com -D >> "uid=bob,ou=users,dc=ldapserver,dc=local" -b "dc=ldapserver,dc=local" >> "uid=bob" >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base <dc=ldapserver,dc=local> with scope subtree >> # filter: uid=bob >> # requesting: ALL >> # >> >> # bob, users, ldapserver.local >> dn: uid=bob,ou=users,dc=ldapserver,dc=local >> uid: bob >> cn: bob >> objectClass: account >> objectClass: posixAccount >> objectClass: top >> uidNumber: 504 >> gidNumber: 502 >> loginShell: /bin/bash >> homeDirectory: /home/bob >> userPassword:: Ymx1ZXRhbG9u >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 2 >> # numEntries: 1 >> [root@mycdhcluster-2 ~]# echo $? >> 0 >> >> ------------------------------------------------------------- >> Here is the configuration that i have done via CDH: >> ------------------------------------------------------------- >> >> [image: Inline image 4] >> [image: Inline image 1] >> [image: Inline image 5] >> [image: Inline image 6] >> >> Based on this configuration and the output, does anyone know what i'm >> doing wrong here? I feel like i'm really close to getting impala working >> with ldap, but i'm missing something. >> >> BTW my environment: >> >> - i'm on CDH5.12.1 >> - statestored version 2.9.0-cdh5.12.1 RELEASE (build >> 5131a031f4aa38c1e50c430373c55ca53e0517b9) >> - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24 >> 09:27:32 PDT 2017) >> >> Any assistance you can provide will be greatly appreciated, >> >> Warm Regards, >> -Jason McSwain- >> > >
