You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@impala.apache.org by Jason Mcswain <jm...@cloudera.com> on 2018/02/02 17:55:53 UTC
Question about using LDAP
Hello Impala User Group,
I am trying to configure Impala to use existing LDAP service, but i'm
running into some kind of error. I am able to do an ldapsearch from the
same node that is running impalad, but when i run impala-shell i get an
erorr that looks like auth failed.
---------------------------------------------------------------
impala-shell query request - failed with related impalad.INFO log file.
---------------------------------------------------------------
[root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000
--auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts"
Starting Impala Shell using LDAP-based authentication
LDAP password for bob:
Error connecting: TTransportException, TSocket read 0 bytes
Not connected to Impala, could not execute queries.
[root@mycdhcluster-2 ~]#
[root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO
I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP bind
for: uid=bob,ou=users,dc=ldapserver,dc=com
W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication
failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials
E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP):
Password verification failed
I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer: Caught
TException: SASL(-13): user not found: Password verification failed
[root@mycdhcluster-2 ~]#
[root@mycdhcluster-2 ~]#
---------------------------------------------------------------
ldap search on impala cluster node. - Success.
---------------------------------------------------------------
[root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com -D
"uid=bob,ou=users,dc=ldapserver,dc=local" -b "dc=ldapserver,dc=local"
"uid=bob"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=ldapserver,dc=local> with scope subtree
# filter: uid=bob
# requesting: ALL
#
# bob, users, ldapserver.local
dn: uid=bob,ou=users,dc=ldapserver,dc=local
uid: bob
cn: bob
objectClass: account
objectClass: posixAccount
objectClass: top
uidNumber: 504
gidNumber: 502
loginShell: /bin/bash
homeDirectory: /home/bob
userPassword:: Ymx1ZXRhbG9u
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@mycdhcluster-2 ~]# echo $?
0
-------------------------------------------------------------
Here is the configuration that i have done via CDH:
-------------------------------------------------------------
[image: Inline image 4]
[image: Inline image 1]
[image: Inline image 5]
[image: Inline image 6]
Based on this configuration and the output, does anyone know what i'm doing
wrong here? I feel like i'm really close to getting impala working with
ldap, but i'm missing something.
BTW my environment:
- i'm on CDH5.12.1
- statestored version 2.9.0-cdh5.12.1 RELEASE (build
5131a031f4aa38c1e50c430373c55ca53e0517b9)
- (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24 09:27:32
PDT 2017)
Any assistance you can provide will be greatly appreciated,
Warm Regards,
-Jason McSwain-
Re: Question about using LDAP
Posted by Jeszy <je...@gmail.com>.
Is the difference in ending (dc=ldapserver,dc=*com* versus dc=ldapserver,dc=
*local*) intentional?
On 2 February 2018 at 20:48, Jason Mcswain <jm...@cloudera.com> wrote:
> Sunil,
> Just in case you meant "ldap_tls", that property is disabled.
>
> -Jason-
>
> On Fri, Feb 2, 2018 at 1:43 PM, Jason Mcswain <jm...@cloudera.com>
> wrote:
>
>> Hello Sunil,
>>
>> Thank you for the quick response. Yes, this deployment is not secure,
>> i'm just trying to get the env working, and then later i will consider
>> using TLS. The property you mentioned "ldap_ls", is that an ldap property
>> or an impala property? Do you have an example of how i might disable this?
>>
>> Thank you,
>> -Jason McSwain-
>>
>> ---------- Forwarded message ----------
>> From: Sunil Parmar <su...@gmail.com>
>> To: user@impala.apache.org
>> Cc:
>> Bcc:
>> Date: Fri, 2 Feb 2018 10:57:23 -0800
>> Subject: Re: Question about using LDAP
>> I'm assuming you're not using tls because you're sending password in
>> clear text. Can you try disabling the property ldap_ls , unless you already
>> did?
>>
>> Sunil Parmar
>>
>> On Fri, Feb 2, 2018 at 11:55 AM, Jason Mcswain <jm...@cloudera.com>
>> wrote:
>>
>>> Hello Impala User Group,
>>>
>>> I am trying to configure Impala to use existing LDAP service, but i'm
>>> running into some kind of error. I am able to do an ldapsearch from the
>>> same node that is running impalad, but when i run impala-shell i get an
>>> erorr that looks like auth failed.
>>>
>>> ---------------------------------------------------------------
>>> impala-shell query request - failed with related impalad.INFO log file.
>>> ---------------------------------------------------------------
>>>
>>> [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000
>>> --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts"
>>> Starting Impala Shell using LDAP-based authentication
>>> LDAP password for bob:
>>> Error connecting: TTransportException, TSocket read 0 bytes
>>> Not connected to Impala, could not execute queries.
>>> [root@mycdhcluster-2 ~]#
>>> [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO
>>> I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP
>>> bind for: uid=bob,ou=users,dc=ldapserver,dc=com
>>> W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication
>>> failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials
>>> E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP):
>>> Password verification failed
>>> I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer:
>>> Caught TException: SASL(-13): user not found: Password verification failed
>>> [root@mycdhcluster-2 ~]#
>>> [root@mycdhcluster-2 ~]#
>>>
>>> ---------------------------------------------------------------
>>> ldap search on impala cluster node. - Success.
>>> ---------------------------------------------------------------
>>> [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com
>>> -D "uid=bob,ou=users,dc=ldapserver,dc=local" -b
>>> "dc=ldapserver,dc=local" "uid=bob"
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <dc=ldapserver,dc=local> with scope subtree
>>> # filter: uid=bob
>>> # requesting: ALL
>>> #
>>>
>>> # bob, users, ldapserver.local
>>> dn: uid=bob,ou=users,dc=ldapserver,dc=local
>>> uid: bob
>>> cn: bob
>>> objectClass: account
>>> objectClass: posixAccount
>>> objectClass: top
>>> uidNumber: 504
>>> gidNumber: 502
>>> loginShell: /bin/bash
>>> homeDirectory: /home/bob
>>> userPassword:: Ymx1ZXRhbG9u
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>> [root@mycdhcluster-2 ~]# echo $?
>>> 0
>>>
>>> -------------------------------------------------------------
>>> Here is the configuration that i have done via CDH:
>>> -------------------------------------------------------------
>>>
>>> [image: Inline image 4]
>>> [image: Inline image 1]
>>> [image: Inline image 5]
>>> [image: Inline image 6]
>>>
>>> Based on this configuration and the output, does anyone know what i'm
>>> doing wrong here? I feel like i'm really close to getting impala working
>>> with ldap, but i'm missing something.
>>>
>>> BTW my environment:
>>>
>>> - i'm on CDH5.12.1
>>> - statestored version 2.9.0-cdh5.12.1 RELEASE (build
>>> 5131a031f4aa38c1e50c430373c55ca53e0517b9)
>>> - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24
>>> 09:27:32 PDT 2017)
>>>
>>> Any assistance you can provide will be greatly appreciated,
>>>
>>> Warm Regards,
>>> -Jason McSwain-
>>>
>>
>>
>
Re: Question about using LDAP
Posted by Jason Mcswain <jm...@cloudera.com>.
Thank you Jeszy! That was the error in my configuration. I am able to
authenticate and query now. :)
I appreciate everyone's assistance,
-Jason-
---------- Forwarded message ----------
From: Jeszy <je...@gmail.com>
To: user@impala.apache.org
Cc:
Bcc:
Date: Fri, 2 Feb 2018 21:07:54 +0100
Subject: Re: Question about using LDAP
Is the difference in ending (dc=ldapserver,dc=*com* versus dc=ldapserver,dc=
*local*) intentional?
On Fri, Feb 2, 2018 at 1:48 PM, Jason Mcswain <jm...@cloudera.com> wrote:
> Sunil,
> Just in case you meant "ldap_tls", that property is disabled.
>
> -Jason-
>
> On Fri, Feb 2, 2018 at 1:43 PM, Jason Mcswain <jm...@cloudera.com>
> wrote:
>
>> Hello Sunil,
>>
>> Thank you for the quick response. Yes, this deployment is not secure,
>> i'm just trying to get the env working, and then later i will consider
>> using TLS. The property you mentioned "ldap_ls", is that an ldap property
>> or an impala property? Do you have an example of how i might disable this?
>>
>> Thank you,
>> -Jason McSwain-
>>
>> ---------- Forwarded message ----------
>> From: Sunil Parmar <su...@gmail.com>
>> To: user@impala.apache.org
>> Cc:
>> Bcc:
>> Date: Fri, 2 Feb 2018 10:57:23 -0800
>> Subject: Re: Question about using LDAP
>> I'm assuming you're not using tls because you're sending password in
>> clear text. Can you try disabling the property ldap_ls , unless you already
>> did?
>>
>> Sunil Parmar
>>
>> On Fri, Feb 2, 2018 at 11:55 AM, Jason Mcswain <jm...@cloudera.com>
>> wrote:
>>
>>> Hello Impala User Group,
>>>
>>> I am trying to configure Impala to use existing LDAP service, but i'm
>>> running into some kind of error. I am able to do an ldapsearch from the
>>> same node that is running impalad, but when i run impala-shell i get an
>>> erorr that looks like auth failed.
>>>
>>> ---------------------------------------------------------------
>>> impala-shell query request - failed with related impalad.INFO log file.
>>> ---------------------------------------------------------------
>>>
>>> [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000
>>> --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts"
>>> Starting Impala Shell using LDAP-based authentication
>>> LDAP password for bob:
>>> Error connecting: TTransportException, TSocket read 0 bytes
>>> Not connected to Impala, could not execute queries.
>>> [root@mycdhcluster-2 ~]#
>>> [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO
>>> I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP
>>> bind for: uid=bob,ou=users,dc=ldapserver,dc=com
>>> W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication
>>> failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials
>>> E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP):
>>> Password verification failed
>>> I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer:
>>> Caught TException: SASL(-13): user not found: Password verification failed
>>> [root@mycdhcluster-2 ~]#
>>> [root@mycdhcluster-2 ~]#
>>>
>>> ---------------------------------------------------------------
>>> ldap search on impala cluster node. - Success.
>>> ---------------------------------------------------------------
>>> [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com
>>> -D "uid=bob,ou=users,dc=ldapserver,dc=local" -b
>>> "dc=ldapserver,dc=local" "uid=bob"
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <dc=ldapserver,dc=local> with scope subtree
>>> # filter: uid=bob
>>> # requesting: ALL
>>> #
>>>
>>> # bob, users, ldapserver.local
>>> dn: uid=bob,ou=users,dc=ldapserver,dc=local
>>> uid: bob
>>> cn: bob
>>> objectClass: account
>>> objectClass: posixAccount
>>> objectClass: top
>>> uidNumber: 504
>>> gidNumber: 502
>>> loginShell: /bin/bash
>>> homeDirectory: /home/bob
>>> userPassword:: Ymx1ZXRhbG9u
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>> [root@mycdhcluster-2 ~]# echo $?
>>> 0
>>>
>>> -------------------------------------------------------------
>>> Here is the configuration that i have done via CDH:
>>> -------------------------------------------------------------
>>>
>>> [image: Inline image 4]
>>> [image: Inline image 1]
>>> [image: Inline image 5]
>>> [image: Inline image 6]
>>>
>>> Based on this configuration and the output, does anyone know what i'm
>>> doing wrong here? I feel like i'm really close to getting impala working
>>> with ldap, but i'm missing something.
>>>
>>> BTW my environment:
>>>
>>> - i'm on CDH5.12.1
>>> - statestored version 2.9.0-cdh5.12.1 RELEASE (build
>>> 5131a031f4aa38c1e50c430373c55ca53e0517b9)
>>> - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24
>>> 09:27:32 PDT 2017)
>>>
>>> Any assistance you can provide will be greatly appreciated,
>>>
>>> Warm Regards,
>>> -Jason McSwain-
>>>
>>
>>
>
Re: Question about using LDAP
Posted by Jason Mcswain <jm...@cloudera.com>.
Sunil,
Just in case you meant "ldap_tls", that property is disabled.
-Jason-
On Fri, Feb 2, 2018 at 1:43 PM, Jason Mcswain <jm...@cloudera.com> wrote:
> Hello Sunil,
>
> Thank you for the quick response. Yes, this deployment is not secure, i'm
> just trying to get the env working, and then later i will consider using
> TLS. The property you mentioned "ldap_ls", is that an ldap property or an
> impala property? Do you have an example of how i might disable this?
>
> Thank you,
> -Jason McSwain-
>
> ---------- Forwarded message ----------
> From: Sunil Parmar <su...@gmail.com>
> To: user@impala.apache.org
> Cc:
> Bcc:
> Date: Fri, 2 Feb 2018 10:57:23 -0800
> Subject: Re: Question about using LDAP
> I'm assuming you're not using tls because you're sending password in clear
> text. Can you try disabling the property ldap_ls , unless you already did?
>
> Sunil Parmar
>
> On Fri, Feb 2, 2018 at 11:55 AM, Jason Mcswain <jm...@cloudera.com>
> wrote:
>
>> Hello Impala User Group,
>>
>> I am trying to configure Impala to use existing LDAP service, but i'm
>> running into some kind of error. I am able to do an ldapsearch from the
>> same node that is running impalad, but when i run impala-shell i get an
>> erorr that looks like auth failed.
>>
>> ---------------------------------------------------------------
>> impala-shell query request - failed with related impalad.INFO log file.
>> ---------------------------------------------------------------
>>
>> [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000
>> --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts"
>> Starting Impala Shell using LDAP-based authentication
>> LDAP password for bob:
>> Error connecting: TTransportException, TSocket read 0 bytes
>> Not connected to Impala, could not execute queries.
>> [root@mycdhcluster-2 ~]#
>> [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO
>> I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP
>> bind for: uid=bob,ou=users,dc=ldapserver,dc=com
>> W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication
>> failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials
>> E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP):
>> Password verification failed
>> I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer: Caught
>> TException: SASL(-13): user not found: Password verification failed
>> [root@mycdhcluster-2 ~]#
>> [root@mycdhcluster-2 ~]#
>>
>> ---------------------------------------------------------------
>> ldap search on impala cluster node. - Success.
>> ---------------------------------------------------------------
>> [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com -D
>> "uid=bob,ou=users,dc=ldapserver,dc=local" -b "dc=ldapserver,dc=local"
>> "uid=bob"
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=ldapserver,dc=local> with scope subtree
>> # filter: uid=bob
>> # requesting: ALL
>> #
>>
>> # bob, users, ldapserver.local
>> dn: uid=bob,ou=users,dc=ldapserver,dc=local
>> uid: bob
>> cn: bob
>> objectClass: account
>> objectClass: posixAccount
>> objectClass: top
>> uidNumber: 504
>> gidNumber: 502
>> loginShell: /bin/bash
>> homeDirectory: /home/bob
>> userPassword:: Ymx1ZXRhbG9u
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>> [root@mycdhcluster-2 ~]# echo $?
>> 0
>>
>> -------------------------------------------------------------
>> Here is the configuration that i have done via CDH:
>> -------------------------------------------------------------
>>
>> [image: Inline image 4]
>> [image: Inline image 1]
>> [image: Inline image 5]
>> [image: Inline image 6]
>>
>> Based on this configuration and the output, does anyone know what i'm
>> doing wrong here? I feel like i'm really close to getting impala working
>> with ldap, but i'm missing something.
>>
>> BTW my environment:
>>
>> - i'm on CDH5.12.1
>> - statestored version 2.9.0-cdh5.12.1 RELEASE (build
>> 5131a031f4aa38c1e50c430373c55ca53e0517b9)
>> - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24
>> 09:27:32 PDT 2017)
>>
>> Any assistance you can provide will be greatly appreciated,
>>
>> Warm Regards,
>> -Jason McSwain-
>>
>
>
Re: Question about using LDAP
Posted by Jason Mcswain <jm...@cloudera.com>.
Hello Sunil,
Thank you for the quick response. Yes, this deployment is not secure, i'm
just trying to get the env working, and then later i will consider using
TLS. The property you mentioned "ldap_ls", is that an ldap property or an
impala property? Do you have an example of how i might disable this?
Thank you,
-Jason McSwain-
---------- Forwarded message ----------
From: Sunil Parmar <su...@gmail.com>
To: user@impala.apache.org
Cc:
Bcc:
Date: Fri, 2 Feb 2018 10:57:23 -0800
Subject: Re: Question about using LDAP
I'm assuming you're not using tls because you're sending password in clear
text. Can you try disabling the property ldap_ls , unless you already did?
Sunil Parmar
On Fri, Feb 2, 2018 at 11:55 AM, Jason Mcswain <jm...@cloudera.com>
wrote:
> Hello Impala User Group,
>
> I am trying to configure Impala to use existing LDAP service, but i'm
> running into some kind of error. I am able to do an ldapsearch from the
> same node that is running impalad, but when i run impala-shell i get an
> erorr that looks like auth failed.
>
> ---------------------------------------------------------------
> impala-shell query request - failed with related impalad.INFO log file.
> ---------------------------------------------------------------
>
> [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000
> --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts"
> Starting Impala Shell using LDAP-based authentication
> LDAP password for bob:
> Error connecting: TTransportException, TSocket read 0 bytes
> Not connected to Impala, could not execute queries.
> [root@mycdhcluster-2 ~]#
> [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO
> I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP bind
> for: uid=bob,ou=users,dc=ldapserver,dc=com
> W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication
> failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials
> E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP):
> Password verification failed
> I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer: Caught
> TException: SASL(-13): user not found: Password verification failed
> [root@mycdhcluster-2 ~]#
> [root@mycdhcluster-2 ~]#
>
> ---------------------------------------------------------------
> ldap search on impala cluster node. - Success.
> ---------------------------------------------------------------
> [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com -D
> "uid=bob,ou=users,dc=ldapserver,dc=local" -b "dc=ldapserver,dc=local"
> "uid=bob"
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=ldapserver,dc=local> with scope subtree
> # filter: uid=bob
> # requesting: ALL
> #
>
> # bob, users, ldapserver.local
> dn: uid=bob,ou=users,dc=ldapserver,dc=local
> uid: bob
> cn: bob
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> uidNumber: 504
> gidNumber: 502
> loginShell: /bin/bash
> homeDirectory: /home/bob
> userPassword:: Ymx1ZXRhbG9u
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> [root@mycdhcluster-2 ~]# echo $?
> 0
>
> -------------------------------------------------------------
> Here is the configuration that i have done via CDH:
> -------------------------------------------------------------
>
> [image: Inline image 4]
> [image: Inline image 1]
> [image: Inline image 5]
> [image: Inline image 6]
>
> Based on this configuration and the output, does anyone know what i'm
> doing wrong here? I feel like i'm really close to getting impala working
> with ldap, but i'm missing something.
>
> BTW my environment:
>
> - i'm on CDH5.12.1
> - statestored version 2.9.0-cdh5.12.1 RELEASE (build
> 5131a031f4aa38c1e50c430373c55ca53e0517b9)
> - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24
> 09:27:32 PDT 2017)
>
> Any assistance you can provide will be greatly appreciated,
>
> Warm Regards,
> -Jason McSwain-
>
Re: Question about using LDAP
Posted by Sunil Parmar <su...@gmail.com>.
I'm assuming you're not using tls because you're sending password in clear
text. Can you try disabling the property ldap_ls , unless you already did?
Sunil Parmar
On Fri, Feb 2, 2018 at 9:55 AM, Jason Mcswain <jm...@cloudera.com> wrote:
> Hello Impala User Group,
>
> I am trying to configure Impala to use existing LDAP service, but i'm
> running into some kind of error. I am able to do an ldapsearch from the
> same node that is running impalad, but when i run impala-shell i get an
> erorr that looks like auth failed.
>
> ---------------------------------------------------------------
> impala-shell query request - failed with related impalad.INFO log file.
> ---------------------------------------------------------------
>
> [root@mycdhcluster-2 ~]# impala-shell -i 127.0.0.1:21000
> --auth_creds_ok_in_clear -u bob -l -q "select * from testdb.accounts"
> Starting Impala Shell using LDAP-based authentication
> LDAP password for bob:
> Error connecting: TTransportException, TSocket read 0 bytes
> Not connected to Impala, could not execute queries.
> [root@mycdhcluster-2 ~]#
> [root@mycdhcluster-2 ~]# tail /var/log/impalad/impalad.INFO
> I0202 09:39:49.781989 17168 authentication.cc:249] Trying simple LDAP bind
> for: uid=bob,ou=users,dc=ldapserver,dc=com
> W0202 09:39:49.834450 17168 authentication.cc:256] LDAP authentication
> failure for uid=bob,ou=users,dc=ldapserver,dc=com : Invalid credentials
> E0202 09:39:49.835139 17168 authentication.cc:159] SASL message (LDAP):
> Password verification failed
> I0202 09:39:49.835741 17168 thrift-util.cc:123] TThreadPoolServer: Caught
> TException: SASL(-13): user not found: Password verification failed
> [root@mycdhcluster-2 ~]#
> [root@mycdhcluster-2 ~]#
>
> ---------------------------------------------------------------
> ldap search on impala cluster node. - Success.
> ---------------------------------------------------------------
> [root@mycdhcluster-2 ~]# ldapsearch -W -h ldapserver.gce.cloudera.com -D
> "uid=bob,ou=users,dc=ldapserver,dc=local" -b "dc=ldapserver,dc=local"
> "uid=bob"
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=ldapserver,dc=local> with scope subtree
> # filter: uid=bob
> # requesting: ALL
> #
>
> # bob, users, ldapserver.local
> dn: uid=bob,ou=users,dc=ldapserver,dc=local
> uid: bob
> cn: bob
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> uidNumber: 504
> gidNumber: 502
> loginShell: /bin/bash
> homeDirectory: /home/bob
> userPassword:: Ymx1ZXRhbG9u
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> [root@mycdhcluster-2 ~]# echo $?
> 0
>
> -------------------------------------------------------------
> Here is the configuration that i have done via CDH:
> -------------------------------------------------------------
>
> [image: Inline image 4]
> [image: Inline image 1]
> [image: Inline image 5]
> [image: Inline image 6]
>
> Based on this configuration and the output, does anyone know what i'm
> doing wrong here? I feel like i'm really close to getting impala working
> with ldap, but i'm missing something.
>
> BTW my environment:
>
> - i'm on CDH5.12.1
> - statestored version 2.9.0-cdh5.12.1 RELEASE (build
> 5131a031f4aa38c1e50c430373c55ca53e0517b9)
> - (Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24
> 09:27:32 PDT 2017)
>
> Any assistance you can provide will be greatly appreciated,
>
> Warm Regards,
> -Jason McSwain-
>