I want to implement the restrictions in the LDAP authentication, only want a specific group to have access on hive. Below are the properties I have given in the **hive-site.xml**. But the filter is not working.
Kindly check the following code and help me out with this ?
**Hive Version: Hive 2.1.1
Release label: emr-5.4.0
Hadoop distribution:Amazon 2.7.3**
下面提到的属性我尝试在hive-site.xml中添加,但它们没有工作,登录失败。没有这些,我能够使用ldap机制登录,因为只有ldap服务器URL和authnetication:提到了LDAP:
<property>
<name>hive.server2.authentication.ldap.baseDN</name>
<value>ou=Root,dc=int,dc=domain,dc=com</value>
</property>
<property>
<name>hive.server2.authentication.ldap.groupBaseDN</name>
<value>CN=Groups,OU=Root,DC=int,DC=domain,DC=com</value>
</property>
<property>
<name>hive.server2.authentication.ldap.groupFilter</name>
<value>hadoop-admins</value>
</property>
<property>
<name>hive.server2.authentication.ldap.customLDAPQuery</name>
<value><![CDATA[(&(objectClass=person)(memberOf=CN=hadoop-admins,OU=Groups,OU=Root,Dc=int,DC=domain,DC=com)))]]>
</value>
</property>
如果您遇到同样的问题,请告诉我。
错误:
2017-12-20T10:29:32,414 WARN [HiveServer2-Handler-Pool:Thread-45([])]:conf.HiveConf(HiveConf.java:initialize(3768)) - 名称 hive的HiveConf .server2.authentication.ldap.groupBaseDN不存在 2017-12-20T10:29:32,493 ERROR [HiveServer2-Handler-Pool:Thread-45([])]:transport.TSaslTransport(TSaslTransport.java:open(315)) - SASL协商失败 javax.security.sasl.SaslException:验证登录时出错
答案 0 :(得分:0)
看起来过滤器
之间存在不一致(=的memberOf CN = Hadoop的管理员,OU =组,OU =根,DC = INT,DC =域,DC = COM)
和groupeBaseDN
hive.server2.authentication.ldap.groupBaseDN CN =组,OU =根,DC = INT,DC =域,DC = COM
我很有信心,如果你纠正了groupBaseDN,事情应该会有效。