Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-22152

LDAP authentication failed when using username with @, example toto@mycompany.com

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.1
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Environment:

      Description

      Hi,

      I activated the LDAP authentication on Hive. I am using Hive 1.2.1 with Hortonworks Data Platform 2.6.4

      Hive 1.2.1000.2.6.4.0-91
      Subversion git://ctr-e134-1499953498516-209689-01-000004.hwx.site/grid/0/jenkins/workspace/HDP-parallel-centos7/SOURCES/hive -r 87f2bc04724e559819902a574e78b2beeaf9f541
      Compiled by jenkins on Thu Jan 4 10:47:01 UTC 2018
      From source with checksum 73af1d20b2f8a15f36ac132297e70386

       

      I have created a user on my ldap called: f.guiet

      The LDAP DN is : uid=f.guiet,ou=Agents XXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr

       

      Everything is working great, I can use beeline with the following command. The connection is OK.

      beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n f.guiet -p xxxx

       

      Here is the LDAP trace on the LDAP server when I am connecting:

      Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 fd=32 TLS established tls_ssf=256 ssf=256

      Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=0 BIND dn="uid=f.guiet,ou=Agents XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr" method=128

      Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=0 BIND dn="uid=f.guiet,ou=Agents XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr" mech=SIMPLE ssf=0

      Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=0 RESULT tag=97 err=0 text=

      Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=1 SRCH base="ou=Agents XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr" scope=2 deref=3 filter="(uid=f.guiet)"

       

      I have created another user on my ldap called : f.guiet@xxxx.fr

      But when I launched the following beeline command:

      beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n f.guiet@xxxx.fr -p xxxx

       

      Here is the LDAP trace:

      Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 fd=32 ACCEPT from IP=192.168.7.50:51814 (IP=0.0.0.0:636)

      Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 fd=32 TLS established tls_ssf=256 ssf=256

      Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 op=0 do_bind: invalid dn (f.guiet@xxxx.fr)

      Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 op=0 RESULT tag=97 err=34 text=invalid DN

      Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 fd=32 closed (connection lost)

       

      As you can see, the DN is not valid...

      The valid DN should be:

      uid=f.guiet@xxxx.fr,ou=Agents XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr

       

      I tried a lot of things....like:

      beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n f.guiet@xxxx.fr -p xxxx

      beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n "f.guiet@xxxx.fr" -p xxxx

      beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n 'f.guiet@xxxx.fr' -p xxxx

       

      The problem is linked with the @ character....

      Can you tell me how can I use a username with a @ to connect to hive with beeline?

      Thank you very much!

      Fred

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              fguiet Frédéric Guiet
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: