We are trying to configure HUE to talk to Hive which is configured to use LDAPS authentication.
We have configured Hive LDAP authentication. Below are the properties that we have configured for HIVE LDAP authentication. Successfully authenticated to HIVE using LDAP. we are able to login to hiveserver from hive query tools using LDAP authentication. For example Beeline.
<property>
<name>hive.server2.authentication</name>
<value>LDAP</value>
</property>
<property>
<name>hive.server2.authentication.ldap.url</name>
<value>ldaps://hostname</value>
</property>
<property>
<name>hive.server2.authentication.ldap.Domain</name>
<value>domain_name</value>
</property>
We have configured hue LDAP authentication following below link. Below are the properties that we have configured in HUE. We are able to authenticate successfully to HUE using LDAP.
LDAP configuration in hue.ini
base_dn="DC=mycompany,DC=com"
ldap_url=ldap://auth.mycompany.com
ldap_cert=/etc/hue/conf/ca.cer
bind_dn="CN=ServiceAccount,DC=mycompany,DC=com"
nt_domain="domain_name"
bind_password="password"
ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"
create_users_on_login=true
search_bind_authentication=true
user_filter="objectclass=*"
user_name_attr=sAMAccountName
ldap_username=user
ldap_password=password
Beeswax configuration in hue.ini
hive_server_host=hostname
hive_server_port=10000
hive_conf_dir=/etc/hive/conf
use_get_log_api=false
browse_partitioned_table_limit=250
Scenario 1:
When I login to HUE using LDAP authentication. I am able to access job browser and file browser. While trying to access the hive query editor the list of database is not appearing on my Assist tab. When I execute a query in HIVE query editor it errors out with “Bad status: 3 (Error validating the login)”. Below is the error trace in HUE error.log.
Traceback (most recent call last):
File "/usr/lib/hue/apps/beeswax/src/beeswax/api.py", line 52, in decorator
return view_fn(request, *args, **kwargs)
File "/usr/lib/hue/apps/beeswax/src/beeswax/api.py", line 273, in execute
query_form = get_query_form(request)
File "/usr/lib/hue/apps/beeswax/src/beeswax/api.py", line 621, in get_query_form
databases = [(database, database) for database in db.get_databases()]
File "/usr/lib/hue/apps/beeswax/src/beeswax/server/dbms.py", line 138, in get_databases
return self.client.get_databases()
File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 926, in get_databases
return [table[col] for table in self._client.get_databases()]
File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 581, in get_databases
res = self.call(self._client.GetSchemas, req)
File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 544, in call
session = self.open_session(self.user)
File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 518, in open_session
res = self._client.OpenSession(req)
File "/usr/lib/hue/desktop/core/src/desktop/lib/thrift_util.py", line 369, in wrapper
raise StructuredThriftTransportException(e, error_code=502)
StructuredThriftTransportException: Bad status: 3 (Error validating the login) (code THRIFTTRANSPORT): TTransportException('Bad status: 3 (Error validating the login)',)
Scenario 2
Which login name should be used in
ldap_username=user
ldap_password=password
If we hard code it to use name of person who is logging in to hue.ini then we are able to execute queries in hive editor successfully.
But how this will work for production implementation ?
Which user it should be configured ?
Attached the screenshot of Hive editor from HUE UI