Impala配置LDAP身份认证

  |   0 评论   |   3,777 浏览

配置LDAP

准备工作

安装OpenLDAP

LDAP

-enable_ldap_auth
-ldap_uri=ldap://cxy7.com:389
-ldap_bind_pattern=uid=#UID,ou=People,dc=cxy7,dc=com

注意ldap_bind_pattern和ldap_baseDN只能配置一个

image.png

image.png

配置非SSL的LDAP

对于非SSL的LDAP,还需要配置如下项

--ldap_passwords_in_clear_ok=true

image.png


配置proxy user

在Impala Dameon的启动参数中添加

--authorized_proxy_user_config=hue=*

core-site.xml

<property>
<name>hadoop.proxyuser.hue.hosts</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.hue.groups</name>
<value>*</value>
</property>

image.png

可能出现的问题

LDAP authentication specified, but without TLS. Passwords would go over the network in the clear

晚上7点23:07.801分INFOcc:125
LDAP authentication specified, but without TLS. Passwords would go over the network in the clear. Enable TLS with --ldap_tls or use an ldaps:// URI. To override this is non-production environments, specify --ldap_passwords_in_clear_ok
    @           0x95adf9  impala::Status::Status()
    @           0xadc141  impala::AuthManager::Init()
    @           0xadc566  impala::InitAuth()
    @           0x9549c0  impala::InitCommonRuntime()
    @           0xbb4e33  ImpaladMain()
    @           0x8e1f73  main
    @     0x7f29628a4b15  __libc_start_main
    @           0x929361  (unknown)
晚上7点23:07.801分FATALcc:211
LDAP authentication specified, but without TLS. Passwords would go over the network in the clear. Enable TLS with --ldap_tls or use an ldaps:// URI. To override this is non-production environments, specify --ldap_passwords_in_clear_ok
. Impalad exiting.
Wrote minidump to /var/log/impala-minidumps/impalad/62312e7f-f0f4-495e-a1a199ba-f2a46a89.dmp

解决办法

配置ldap_passwords_in_clear_ok


User 'hue' is not authorized to delegate to 'cxy'. User delegation is disabled.

问题描述

User 'hue' is not authorized to delegate to 'cxy'. User delegation is disabled.

Bad status for request TOpenSessionReq(username='hue', password=None, client_protocol=6, configuration={'idle_session_timeout': '3600', 'impala.doas.user': u'cxy'}): TOpenSessionResp(status=TStatus(errorCode=None, errorMessage="User 'hue' is not authorized to delegate to 'cxy'. User delegation is disabled.\n", sqlState='HY000', infoMessages=None, statusCode=3), sessionHandle=TSessionHandle(sessionId=THandleIdentifier(secret='\xf4\xcc\xcd\xbc\xf4\x05@M\xa3\t|\x16\xb6g\x16p', guid='\x9a \xacKX_H$\xaa\xf3\xd9\x1e\xf08\xef\xfb')), configuration=None, serverProtocolVersion=5)

解决办法

配置proxyuser

读后有收获可以支付宝请作者喝咖啡