Thank you Jeszy! That was the error in my configuration. I am able to authenticate and query now. :)
I appreciate everyone's assistance, -Jason- ---------- Forwarded message ---------- From: Jeszy <jes...@gmail.com> To: user@impala.apache.org Cc: Bcc: Date: Fri, 2 Feb 2018 21:07:54 +0100 Subject: Re: Question about using LDAP Is the difference in ending (dc=ldapserver,dc=*com* versus dc=ldapserver,dc= *local*) intentional? On Fri, Feb 2, 2018 at 1:48 PM, Jason Mcswain <jmcsw...@cloudera.com> wrote: > Sunil, > Just in case you meant "ldap_tls", that property is disabled. > > -Jason- > > On Fri, Feb 2, 2018 at 1:43 PM, Jason Mcswain <jmcsw...@cloudera.com> > wrote: > >> Hello Sunil, >> >> Thank you for the quick response. Yes, this deployment is not secure, >> i'm just trying to get the env working, and then later i will consider >> using TLS. The property you mentioned "ldap_ls", is that an ldap property >> or an impala property? Do you have an example of how i might disable this? >> >> Thank you, >> -Jason McSwain- >> >> ---------- Forwarded message ---------- >> From: Sunil Parmar <sunilosu...@gmail.com> >> To: user@impala.apache.org >> Cc: >> Bcc: >> Date: Fri, 2 Feb 2018 10:57:23 -0800 >> Subject: Re: Question about using LDAP >> I'm assuming you're not using tls because you're sending password in >> clear text. Can you try disabling the property ldap_ls , unless you already >> did? >> >> Sunil Parmar >> >> On Fri, Feb 2, 2018 at 11:55 AM, Jason Mcswain <jmcsw...@cloudera.com> >> wrote: >> >>> Hello Impala User Group, >>> >>> I am trying to configure Impala to use existing LDAP service, but i'm >>> running into some kind of error. I am able to do an ldapsearch from the >>> same node that is running impalad, but when i run impala-shell i get an >>> erorr that looks like auth failed. >>> >>> --------------------------------------------------------------- >>> impala-shell query request - failed with related impalad.INFO log file. >>> --------------------------------------------------------------- >>> >>> [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000 >>> --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts" >>> Starting Impala Shell using LDAP-based authentication >>> LDAP password for bob: >>> Error connecting: TTransportException, TSocket read 0 bytes >>> Not connected to Impala, could not execute queries. >>> [root@mycdhcluster-2 ~]# >>> [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO >>> I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP >>> bind for: uid=bob,ou=users,dc=ldapserver,dc=com >>> W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication >>> failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials >>> E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP): >>> Password verification failed >>> I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer: >>> Caught TException: SASL(-13): user not found: Password verification failed >>> [root@mycdhcluster-2 ~]# >>> [root@mycdhcluster-2 ~]# >>> >>> --------------------------------------------------------------- >>> ldap search on impala cluster node. - Success. >>> --------------------------------------------------------------- >>> [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com >>> -D "uid=bob,ou=users,dc=ldapserver,dc=local" -b >>> "dc=ldapserver,dc=local" "uid=bob" >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <dc=ldapserver,dc=local> with scope subtree >>> # filter: uid=bob >>> # requesting: ALL >>> # >>> >>> # bob, users, ldapserver.local >>> dn: uid=bob,ou=users,dc=ldapserver,dc=local >>> uid: bob >>> cn: bob >>> objectClass: account >>> objectClass: posixAccount >>> objectClass: top >>> uidNumber: 504 >>> gidNumber: 502 >>> loginShell: /bin/bash >>> homeDirectory: /home/bob >>> userPassword:: Ymx1ZXRhbG9u >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 2 >>> # numEntries: 1 >>> [root@mycdhcluster-2 ~]# echo $? >>> 0 >>> >>> ------------------------------------------------------------- >>> Here is the configuration that i have done via CDH: >>> ------------------------------------------------------------- >>> >>> [image: Inline image 4] >>> [image: Inline image 1] >>> [image: Inline image 5] >>> [image: Inline image 6] >>> >>> Based on this configuration and the output, does anyone know what i'm >>> doing wrong here? I feel like i'm really close to getting impala working >>> with ldap, but i'm missing something. >>> >>> BTW my environment: >>> >>> - i'm on CDH5.12.1 >>> - statestored version 2.9.0-cdh5.12.1 RELEASE (build >>> 5131a031f4aa38c1e50c430373c55ca53e0517b9) >>> - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24 >>> 09:27:32 PDT 2017) >>> >>> Any assistance you can provide will be greatly appreciated, >>> >>> Warm Regards, >>> -Jason McSwain- >>> >> >> >
