Hi, We upgraded to 2.1.0, but we still cannot get it working: we get "LDAP: error code 34 - invalid DN". We double-checked the DN configuration, and the ldap team agrees is ok. We then configured SSL parameters as well (hive.server2.use.SSL, hive.server2.keystore.path, hive.server2.keystore.password), so that Hive would know where the truststore is located and its password, but in that case we get the following error: "SSLException: Unrecognized SSL message, plaintext connection". Our LDAP server does not expose the ssl certificate on the default port (443), but in the one LDAPS is configured. May that cause some trouble?
We would value any insight or guidance from those who already worked on this. Thanks! Joze. 2016-06-13 9:45 GMT-03:00 Jose Rozanec <jose.roza...@mercadolibre.com>: > Thank you for the quick response. Will try upgrading to version 2.1.0 > > Thanks! > > 2016-06-13 4:34 GMT-03:00 Oleksiy S <osayankin.superu...@gmail.com>: > >> Hello, >>> >>> We are working on a Hive 2.0.0 cluster, to configure LDAPS >>> authentication, but I get some errors preventing a successful >>> authentication. >>> Does anyone have some insight on how to solve this? >>> >>> *The problem* >>> The errors we get are (first is most frequent): >>> - sun.security.provider.certpath.SunCertPathBuilderException: unable to >>> find valid certification path to requested target >>> - javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN] >>> >>> *Our config* >>> We configure the certificate obtaining a jssecacerts file and overriding >>> Java's default at master, as specified in this post >>> <http://nodsw.com/blog/leeland/2006/12/06-no-more-unable-find-valid-certification-path-requested-target> >>> . >>> >>> *hive-site.xml* has the following properties: >>> <property> >>> <name>hive.server2.authentication</name> >>> <value>LDAP</value> >>> </property> >>> <property> >>> <name>hive.server2.authentication.ldap.url</name> >>> <value>ldaps://ip:port</value> >>> </property> >>> <property> >>> <name>hive.server2.authentication.ldap.baseDN</name> >>> <value>dc=net,dc=com</value> >>> </property> >>> >>> Thanks! >>> >>> Joze. >>> >> >> >> This issue is fixed here https://issues.apache.org/jira/browse/HIVE-12885 >> >> On Fri, Jun 10, 2016 at 10:41 PM, Jose Rozanec < >> jose.roza...@mercadolibre.com> wrote: >> >>> Hello, >>> >>> We are working on a Hive 2.0.0 cluster, to configure LDAPS >>> authentication, but I get some errors preventing a successful >>> authentication. >>> Does anyone have some insight on how to solve this? >>> >>> *The problem* >>> The errors we get are (first is most frequent): >>> - sun.security.provider.certpath.SunCertPathBuilderException: unable to >>> find valid certification path to requested target >>> - javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN] >>> >>> *Our config* >>> We configure the certificate obtaining a jssecacerts file and overriding >>> Java's default at master, as specified in this post >>> <http://nodsw.com/blog/leeland/2006/12/06-no-more-unable-find-valid-certification-path-requested-target> >>> . >>> >>> *hive-site.xml* has the following properties: >>> <property> >>> <name>hive.server2.authentication</name> >>> <value>LDAP</value> >>> </property> >>> <property> >>> <name>hive.server2.authentication.ldap.url</name> >>> <value>ldaps://ip:port</value> >>> </property> >>> <property> >>> <name>hive.server2.authentication.ldap.baseDN</name> >>> <value>dc=net,dc=com</value> >>> </property> >>> >>> Thanks! >>> >>> Joze. >>> >> >> >> >> -- >> Oleksiy >> > >
