[HIVE-22152] LDAP authentication failed when using username with @, example toto@mycompany.com - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.2.1
Fix Version/s: None
Component/s: Authentication
Labels:
None
Environment:

Hide

Hortonworkworks Data Platform 2.6.4

beeline --version
Hive 1.2.1000.2.6.4.0-91
Subversion git://ctr-e134-1499953498516-209689-01-000004.hwx.site/grid/0/jenkins/workspace/HDP-parallel-centos7/SOURCES/hive -r 87f2bc04724e559819902a574e78b2beeaf9f541
Compiled by jenkins on Thu Jan 4 10:47:01 UTC 2018
From source with checksum 73af1d20b2f8a15f36ac132297e70386

Show
Hortonworkworks Data Platform 2.6.4 beeline --version Hive 1.2.1000.2.6.4.0-91 Subversion git://ctr-e134-1499953498516-209689-01-000004.hwx.site/grid/0/jenkins/workspace/HDP-parallel-centos7/SOURCES/hive -r 87f2bc04724e559819902a574e78b2beeaf9f541 Compiled by jenkins on Thu Jan 4 10:47:01 UTC 2018 From source with checksum 73af1d20b2f8a15f36ac132297e70386

Description

Hi,

I activated the LDAP authentication on Hive. I am using Hive 1.2.1 with Hortonworks Data Platform 2.6.4

Hive 1.2.1000.2.6.4.0-91
Subversion git://ctr-e134-1499953498516-209689-01-000004.hwx.site/grid/0/jenkins/workspace/HDP-parallel-centos7/SOURCES/hive -r 87f2bc04724e559819902a574e78b2beeaf9f541
Compiled by jenkins on Thu Jan 4 10:47:01 UTC 2018
From source with checksum 73af1d20b2f8a15f36ac132297e70386

I have created a user on my ldap called: f.guiet

The LDAP DN is : uid=f.guiet,ou=Agents XXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr

Everything is working great, I can use beeline with the following command. The connection is OK.

beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n f.guiet -p xxxx

Here is the LDAP trace on the LDAP server when I am connecting:

Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 fd=32 TLS established tls_ssf=256 ssf=256

Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=0 BIND dn="uid=f.guiet,ou=Agents XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr" method=128

Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=0 BIND dn="uid=f.guiet,ou=Agents XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr" mech=SIMPLE ssf=0

Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=0 RESULT tag=97 err=0 text=

Aug 27 14:26:09 vmrh90 slapd[13999]: conn=1352 op=1 SRCH base="ou=Agents XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr" scope=2 deref=3 filter="(uid=f.guiet)"

I have created another user on my ldap called : f.guiet@xxxx.fr

But when I launched the following beeline command:

beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n f.guiet@xxxx.fr -p xxxx

Here is the LDAP trace:

Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 fd=32 ACCEPT from IP=192.168.7.50:51814 (IP=0.0.0.0:636)

Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 fd=32 TLS established tls_ssf=256 ssf=256

Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 op=0 do_bind: invalid dn (f.guiet@xxxx.fr)

Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 op=0 RESULT tag=97 err=34 text=invalid DN

Aug 27 14:27:58 vmrh90 slapd[13999]: conn=1356 fd=32 closed (connection lost)

As you can see, the DN is not valid...

The valid DN should be:

uid=f.guiet@xxxx.fr,ou=Agents XXXX,ou=xxxx,ou=utilisateurs,dc=ldap-ext-xxxx,dc=fr

I tried a lot of things....like:

beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n f.guiet@xxxx.fr -p xxxx

beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n "f.guiet@xxxx.fr" -p xxxx

beeline -u jdbc:hive2://srv210.xxxx.fr:10000?tez.queue.name=DEV -n 'f.guiet@xxxx.fr' -p xxxx

The problem is linked with the @ character....

Can you tell me how can I use a username with a @ to connect to hive with beeline?

Thank you very much!

Fred

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Frédéric Guiet

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Aug/19 07:57

Updated:: 28/Aug/19 13:52