LDAP authentication in Kyuubi
Kyuubi can be configured to enable frontend LDAP authentication for clients (e.g. BeeLine shell) or JDBC/ODBC drivers.
NOTE
If you enable Kerberos on your cluster, the LDAP authentication for Kyuubi will be automatically turned on.
|
Enable LDAP
To enable LDAP authentication, follow the steps below:
-
On the Clusters page, select your ADH cluster and proceed to the Services tab in the cluster menu.
-
Select the Kyuubi service and head to the Components tab.
-
In the Kyuubi Server component configuration, activate the LDAP Security parameter group.
-
Fill in the LDAP parameters for Active Directory or FreeIPA and restart Kyuubi.
Check
To check if the LDAP authentication works, run a BeeLine shell command like the one below:
$ beeline -u 'jdbc:hive2://stikhomirov-adh-1.ru-central1.internal:2181,stikhomirov-adh-2.ru-central1.internal:2181,stikhomirov-adh-3.ru-central1.internal:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=arenadata/cluster/67/kyuubi?kyuubi.engine.type=HIVE_SQL' -n <name> -p <password>
where:
-
<name>
is an LDAP username. -
<password>
is a password for the username.
The correct output of the command should be:
Connecting to jdbc:hive2://stikhomirov-adh-1.ru-central1.internal:2181,stikhomirov-adh-2.ru-central1.internal:2181,stikhomirov-adh-3.ru-central1.internal:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=arenadata/cluster/67/kyuubi?kyuubi.engine.type=HIVE_SQL 24/03/06 14:21:03 [main]: INFO jdbc.HiveConnection: Connected to stikhomirov-adh-1.ru-central1.internal:10009 Connected to: Apache Hive (version 3.1.3) Driver: Hive JDBC (version 3.1.3) Transaction isolation: TRANSACTION_REPEATABLE_READ Beeline version 3.1.3 by Apache Hive