All Products
Search
Document Center

E-MapReduce:Manage LDAP authentication

Last Updated:Sep 15, 2023

After LDAP authentication is enabled for a service, you must provide your LDAP username and password when you access the service. This improves the security of the service. You can enable LDAP authentication for a service in the EMR console by performing simple operations. This frees you from the complex configuration of LDAP authentication.

Prerequisites

A DataLake cluster is created. The Spark and OpenLDAP services are selected when you create the cluster. For more information, see Create a cluster.

Note

In this example, Spark 3 is used.

Procedure

  1. Add an EMR user. For more information, see Add a user.

  2. Go to the Services tab.

    1. Log on to the EMR console.

    2. In the left-side navigation pane, click EMR on ECS.

    3. In the top navigation bar, select the region in which your cluster resides and select a resource group based on your business requirements.

    4. On the EMR on ECS page, find the desired cluster and click Services in the Actions column.

  3. Enable LDAP authentication.

    1. On the Services tab, find the Spark 3 service and click Status.

    2. Enable LDAP authentication.

      • For a cluster of EMR V5.11.1 or a later minor version or EMR V3.45.1 or a later minor version

        1. In the Service Overview section of the Status tab, turn on enableLDAP.

        2. In the message that appears, click OK.

      • For a cluster of EMR V5.11.0 or an earlier minor version or EMR V3.45.0 or an earlier minor version

        Important

        If your EMR cluster is of an earlier version in which no switch is available to enable LDAP authentication, you need to manually configure settings to enable LADP authentication by referring to the documentation of open source Spark in the community.

        1. In the Components section, find the SparkThriftServer component, move the pointer over the more icon in the Actions column, and then select enableLDAP.

        2. In the dialog box that appears, configure the Execution Reason parameter and click OK.

        3. In the Confirm message, click OK.

    3. Restart SparkThriftServer.

      1. In the Components section, find the SparkThriftServer component and click Restart in the Actions column.

      2. In the dialog box that appears, configure the Execution Reason parameter and click OK.

      3. In the Confirm message, click OK.

  4. Connect to SparkThriftServer.

    After LDAP authentication is enabled, you must provide LDAP authentication credentials when you access the SparkThriftServer component in the cluster.

    1. Log on to your cluster in SSH mode. For more information, see Log on to a cluster.

    2. Run the following command to access the SparkThriftServer component.

      • If you use the Beeline client, run the following command:

        spark-beeline -u jdbc:hive2://master-1-1:10001 -n <user> -p <password>
      • If you use Java Database Connectivity (JDBC), run the following command:

        jdbc:hive2://master-1-1:10001/default;user=<user>;password=<password>
      Note

      In the preceding commands, replace <user> and <password> with the username and the password that you specify for the user in Step 1.

  5. Optional. Disable LDAP authentication.

    1. On the Services tab, find the Spark 3 service and click Status.

    2. Disable LDAP authentication.

      • For a cluster of EMR V5.11.1 or a later minor version or EMR V3.45.1 or a later minor version

        1. In the Service Overview section of the Status tab, turn off enableLDAP.

        2. In the message that appears, click OK.

      • For a cluster of EMR V5.11.0 or an earlier minor version or EMR V3.45.0 or an earlier minor version

        1. In the Components section, find the SparkThriftServer component, move the pointer over the more icon in the Actions column, and then select disableLDAP.

        2. In the dialog box that appears, configure the Execution Reason parameter and click OK.

        3. In the Confirm message, click OK.

    3. Restart SparkThriftServer.

      1. In the Components section, find the SparkThriftServer component and click Restart in the Actions column.

      2. In the dialog box that appears, configure the Execution Reason parameter and click OK.

      3. In the Confirm message, click OK.