Live身份验证Hive中的用户过滤器:失败

时间:2017-12-21 11:14:48

标签: hadoop hive ldap ldap-query

I want to implement the restrictions in the LDAP authentication, only want a specific group to have access on hive. Below are the properties I have given in the **hive-site.xml**. But the filter is not working.
Kindly check the following code and help me out with this ?

**Hive Version: Hive 2.1.1
Release label: emr-5.4.0
Hadoop distribution:Amazon 2.7.3**

下面提到的属性我尝试在hive-site.xml中添加,但它们没有工作,登录失败。没有这些,我能够使用ldap机制登录,因为只有ldap服务器URL和authnetication:提到了LDAP:

    <property>
         <name>hive.server2.authentication.ldap.baseDN</name>
         <value>ou=Root,dc=int,dc=domain,dc=com</value>
    </property>

    <property>
      <name>hive.server2.authentication.ldap.groupBaseDN</name>
      <value>CN=Groups,OU=Root,DC=int,DC=domain,DC=com</value>
    </property>

    <property>
      <name>hive.server2.authentication.ldap.groupFilter</name>
      <value>hadoop-admins</value>
    </property>


<property>
  <name>hive.server2.authentication.ldap.customLDAPQuery</name>
  <value><![CDATA[(&(objectClass=person)(memberOf=CN=hadoop-admins,OU=Groups,OU=Root,Dc=int,DC=domain,DC=com)))]]>
  </value>
</property>

如果您遇到同样的问题,请告诉我。

错误

2017-12-20T10:29:32,414 WARN [HiveServer2-Handler-Pool:Thread-45([])]:conf.HiveConf(HiveConf.java:initialize(3768)) - 名称 hive的HiveConf .server2.authentication.ldap.groupBaseDN不存在 2017-12-20T10:29:32,493 ERROR [HiveServer2-Handler-Pool:Thread-45([])]:transport.TSaslTransport(TSaslTransport.java:open(315)) - SASL协商失败 javax.security.sasl.SaslException:验证登录时出错

1 个答案:

答案 0 :(得分:0)

看起来过滤器

之间存在不一致
  

(=的memberOf CN = Hadoop的管理员,OU =组,OU =根,DC = INT,DC =域,DC = COM)

和groupeBaseDN

  

        hive.server2.authentication.ldap.groupBaseDN         CN =组,OU =根,DC = INT,DC =域,DC = COM       

我很有信心,如果你纠正了groupBaseDN,事情应该会有效。