After LDAP authentication is enabled for a service, you must provide your LDAP username and password when you access the service. This improves the security of the service. The OpenLDAP service that is deployed in your EMR cluster is used to support LDAP authentication. You can enable LDAP authentication for a service in the EMR console by performing simple operations. This frees you from the complex configuration of LDAP authentication. This topic describes how to enable and disable LDAP authentication with one click.

Prerequisites

A Hadoop cluster is created. For more information, see Create a cluster.

Enable LDAP authentication

Notice If you want to use Hue to access Spark for which LDAP authentication is enabled, additional configurations on Hue are required. For more information, see Configure Hue to connect to the execution engines for which LDAP authentication is enabled.
  1. Go to the Spark service page.
    1. Log on to the Alibaba Cloud EMR console.
    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
    3. Click the Cluster Management tab.
    4. On the Cluster Management page, find your cluster and click Details in the Actions column.
    5. In the left-side navigation pane, choose Cluster Service > Spark.
  2. Enable LDAP authentication.
    1. On the Spark service page, choose Actions > Enable LDAP Authentication in the upper-right corner.
    2. In the Cluster Activities dialog box, click OK.
  3. Click History in the upper-right corner.
    After Successful appears in the Status column, the operation is successful.
  4. Restart Spark Thrift Server.
    1. On the Spark service page, choose Actions > Restart ThriftServer in the upper-right corner.
    2. In the Cluster Activities dialog box, specify Description and click OK.
    3. In the Confirm message, click OK.

Access Spark Thrift Server

After LDAP authentication is enabled, you must provide LDAP authentication credentials when you access Spark Thrift Server.

  1. Log on to your cluster in SSH mode. For more information, see Connect to the master node of an EMR cluster in SSH mode.
  2. Use one of the following methods to access Spark Thrift Server:
    • If you use the Beeline client, run the following command:
      /usr/lib/spark-current/bin/beeline -u jdbc:hive2://emr-header-1:10001 -n <user> -p <password>
    • If you use Java Database Connectivity (JDBC), run the following command:
      jdbc:hive2://emr-header-1:10001/default;user=<user>;password=<password>
    Note user indicates your LDAP username, and password indicates your LDAP password. After LDAP authentication is enabled, you must provide your LDAP username and password when you access Spark Thrift Server. For information about how to obtain the LDAP username and password, see Manage user accounts.

Disable LDAP authentication

  1. Go to the Spark service page.
    1. Log on to the Alibaba Cloud EMR console.
    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
    3. Click the Cluster Management tab.
    4. On the Cluster Management page, find your cluster and click Details in the Actions column.
    5. In the left-side navigation pane, choose Cluster Service > Spark.
  2. Disable LDAP authentication.
    1. On the Spark service page, choose Actions > Disable LDAP Authentication in the upper-right corner.
    2. In the Cluster Activities dialog box, click OK.
  3. Click History in the upper-right corner.
    After Successful appears in the Status column, the operation is successful.
  4. Restart Spark Thrift Server.
    1. On the Spark service page, choose Actions > Restart ThriftServer in the upper-right corner.
    2. In the Cluster Activities dialog box, specify Description and click OK.
    3. In the Confirm message, click OK.