Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-6182

LDAP Authentication errors need to be more informative

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.13.0
    • 0.13.0
    • Authentication
    • None

    Description

      There are a host of errors that can happen when logging into an LDAP-enabled Hive-server2 from beeline. But for any error there is only a generic log message:

      SASL negotiation failure
javax.security.sasl.SaslException: PLAIN auth failed: Error validating LDAP user
	at org.apache.hadoop.security.SaslPlainServer.evaluateResponse(SaslPlainServer.java:108)
	at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrRespons

      And on Beeline side there is only an even more unhelpful message:

      Error: Invalid URL: jdbc:hive2://localhost:10000/default (state=08S01,code=0)

      It would be good to print out the underlying error message at least in the log, if not beeline. But today they are swallowed. This is bad because the underlying message is the most important, having the error codes as shown here : LDAP error code

      The beeline seems to throw that exception for any error during connection, authetication or otherwise.

      Attachments

        1. HIVE-6182.patch
          0.7 kB
          Szehon Ho

        Activity

          People

            szehon Szehon Ho
            szehon Szehon Ho
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: