Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-6182

LDAP Authentication errors need to be more informative

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.13.0
    • Fix Version/s: 0.13.0
    • Component/s: Authentication
    • Labels:
      None

      Description

      There are a host of errors that can happen when logging into an LDAP-enabled Hive-server2 from beeline. But for any error there is only a generic log message:

      SASL negotiation failure
      javax.security.sasl.SaslException: PLAIN auth failed: Error validating LDAP user
      	at org.apache.hadoop.security.SaslPlainServer.evaluateResponse(SaslPlainServer.java:108)
      	at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrRespons
      

      And on Beeline side there is only an even more unhelpful message:

      Error: Invalid URL: jdbc:hive2://localhost:10000/default (state=08S01,code=0)
      

      It would be good to print out the underlying error message at least in the log, if not beeline. But today they are swallowed. This is bad because the underlying message is the most important, having the error codes as shown here : LDAP error code

      The beeline seems to throw that exception for any error during connection, authetication or otherwise.

        Attachments

        1. HIVE-6182.patch
          0.7 kB
          Szehon Ho

          Activity

            People

            • Assignee:
              szehon Szehon Ho
              Reporter:
              szehon Szehon Ho
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: