As of Impala 1.2.3, client connections with Impala can be authenticated against LDAP servers. You can configure LDAP authentication for client connections with Impala on a non-secure MapR cluster. When you configure LDAP authentication, you must configure SSL between the client and Impala, and between Impala and the LDAP server to avoid sending credentials over the wire in clear text. Configuration requirements apply to the server side when configuring and starting Impala.
If the Hive metastore has MapR-SASL enabled, copy $HIVE_HOME/conf/
$IMPALA_HOME/conf/. Repeat this step any time the
hive-site.xml file is modified.
/opt/mapr/impala/impala-<version>/conf/env.sh and include the following options to configure Impala server LDAP authentication:
|--enable_ldap_auth||Set this option to "|
|--ldap_uri||Sets the URI of the LDAP server to use. Typically, the URI is prefixed with|
|--ldap_manual_config extend col||Bypasses all of the automatic configuration if you need to provide a custom SASL.|
|--ldap_tls||Tells Impala to start a TLS connection to the LDAP server and to fail authentication if Impala cannot start the TLS connection.|
After you restart the Impala server, Impala statestore, and Impala catalog, you can connect to Impala using LDAP authentication. To connect to Impala, launch the impala-shell from a client node and issue the following commands:
Enables LDAP authentication.
Sets the user. The impala-shell prompts you for the password. Per Active Directory, the user is the short username, not the full LDAP distinguished name.