LDAP authentication in Impala
Impala allows you to authenticate in impala-shell via LDAP for the Impala Daemon (impalad) connection.
Enable LDAP
To enable LDAP authentication, follow the steps below:
-
On the Clusters page, select your ADH cluster and proceed to the Services tab in the cluster menu.
-
Select the Impala service and activate the Enable LDAP parameter group.
-
Fill in the LDAP parameters for Active Directory or FreeIPA and restart Impala.
IMPORTANTThe ldap_baseDN, ldap_domain, and ldap_bind_pattern parameters are mutually exclusive.
Check
Impala-shell requires a configuration file or runtime arguments like username and password.
For convenience, you can add the user
and ldap_password_cmd
parameters to the configuration file:
[impala]
use_ldap=true
auth_creds_ok_in_clear=true
user=<username>
ldap_password_cmd=<pwd_print_command>
where:
-
<username>
is a short username; -
<pwd_print_command>
is a command which prints a password. For example, if you want to store the password in the impalarc file, useldap_password_cmd=echo -n myPassword
. Alternatively, if you store (or plan to store) the password in a file, use theldap_password_cmd=cat /etc/impala/conf/user-pass.pwd
template with any file extension.
Instead of dealing with it manually, you can set the configuration files right in ADCM:
-
In the Impala service menu, navigate to the Components tab and click Impala Client.
-
Edit the impala-shell-env.sh and impalarc files. The former is responsible for setting the system variables, while the latter contains the configuration.
NOTE
By default, the bundle doesn’t save the user password declared in impalarc, so it’s up to you whether to store a user password and where to store it. The bundle only saves the admin password for LDAP searches and authentication in a file.
|
To apply the LDAP settings from a config file, use the command below:
$ impala-shell --config_file=<path_to_config_file>
The config file setting is not necessary as, by default, the file defined in impala-shell-env.sh is used. If you want to use a config from a custom location, edit the impala-shell-env.sh parameter in ADCM by overwriting the IMPALA_SHELL_GLOBAL_CONFIG_FILE
variable with the path to your custom config. To read about using impala-shell with custom configuration, see the Use impala-shell to connect to Impala article.