ThriftServer LDAP doesn't work

Fri, 14 Aug 2020 18:24:47 -0700 

Hi Team,

My env is as follows:

Hive:3.1.2
Spark: 2.2.0
Apache Hadoop: 3.1.2

I have Hive enabled with LDAP and by connecting to hive server 10000 port
from Beeline, I can query hive tables with right LDAP credentials. I want to
make use of Spark capabilities to query hive. So, I copied hive-site.xml,
hdfs-site.xml, core-site.xml to Spark's conf directory and launched
spark-thriftserver. The server comes up fine with no issues. I see the GUI
as well. However, now when I try to access beeline pointing to Spark's
thriftserver instance on default port 10000, LDAP no longer works.

Following is the error in log. Please let me know if there is something in
addition I need to do or if there is an active bug to use this feature. I am
confident that making use of Spark SQL engine would solve some of our use
cases but this remains a blocker.

TIA,
Ravi

*Exception log:*
2020-08-15 01:08:38,693 ERROR transport.TSaslTransport: SASL negotiation
failure
javax.security.sasl.SaslException: Error validating the login [Caused by
javax.security.sasl.AuthenticationException: Error validating LDAP user
[Caused by javax.naming.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials]]]
        at
org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)
        at
org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
        at
org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
        at
org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at
org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        at
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: javax.security.sasl.AuthenticationException: Error validating
LDAP user [Caused by javax.naming.AuthenticationException: [LDAP: error code
49 - Invalid Credentials]]
        at
org.apache.hive.service.auth.LdapAuthenticationProviderImpl.Authenticate(LdapAuthenticationProviderImpl.java:77)
        at
org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler.handle(PlainSaslHelper.java:106)
        at
org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:102)
        ... 8 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
        at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
        at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
        at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
        at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
        at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
        at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
        at javax.naming.InitialContext.init(InitialContext.java:244)
        at javax.naming.InitialContext.<init>(InitialContext.java:216)
        at
javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
        at
org.apache.hive.service.auth.LdapAuthenticationProviderImpl.Authenticate(LdapAuthenticationProviderImpl.java:74)
        ... 10 more
2020-08-15 01:08:38,697 ERROR server.TThreadPoolServer: Error occurred
during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException:
Error validating the login
        at
org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
        at
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.thrift.transport.TTransportException: Error validating
the login
        at
org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
        at
org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316)
        at
org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at
org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)



--
Sent from: http://apache-spark-user-list.1001560.n3.nabble.com/

---------------------------------------------------------------------
To unsubscribe e-mail: user-unsubscr...@spark.apache.org

Reply via email to