After LDAP authentication is enabled for a service, you must provide your LDAP username
and password when you access the service. This improves the security of the service.
The OpenLDAP service that is deployed in your EMR cluster is used to support LDAP
authentication. You can enable LDAP authentication for a service in the EMR console
by performing simple operations. This frees you from the complex configuration of
LDAP authentication.
Prerequisites
A Hadoop cluster is created. For more information, see Create a cluster.
Enable LDAP authentication
- Go to the Impala service page.
- Log on to the Alibaba Cloud EMR console.
- In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
- Click the Cluster Management tab.
- On the Cluster Management page, find your cluster and click Details in the Actions column.
- In the left-side navigation pane, choose .
- Enable LDAP authentication.
- On the Impala service page, choose in the upper-right corner.
- In the Cluster Activities dialog box, click OK.
- Click History in the upper-right corner.
After Successful appears in the Status column, the operation is successful.
- Restart Impala.
- On the Impala service page, choose in the upper-right corner.
- In the Cluster Activities dialog box, specify Description and click OK.
- In the Confirm message, click OK.
Access Impala
After LDAP authentication is enabled, you must provide LDAP authentication credentials
when you access Impala.
- Log on to your cluster in SSH mode. For more information, see Connect to the master node of an EMR cluster in SSH mode.
- Use one of the following methods to access Impala:
- If you use the Impala shell tool, run the following command:
impala-shell -l -u <user> --auth_creds_ok_in_clear
Note user indicates your LDAP username. After LDAP authentication is enabled, you must provide
your LDAP password when you access Impala. For information about how to obtain the
LDAP password, see
Manage user accounts.
- If you use Java Database Connectivity (JDBC), run the following command:
After LDAP authentication is enabled, you must provide LDAP authentication credentials
when you access Impala by using JDBC. In addition, you must download the Impala JDBC
driver from the official website of Cloudera and add the driver to the /usr/lib/hive-current/lib/ directory.
To download the Impala JDBC driver, visit Impala JDBC Connector.
!connect jdbc:impala://emr-header-1:21050/default;AuthMech=3;UID=<user>;PWD=<password>;
Disable LDAP authentication
- Go to the Impala service page.
- Log on to the Alibaba Cloud EMR console.
- In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
- Click the Cluster Management tab.
- On the Cluster Management page, find your cluster and click Details in the Actions column.
- In the left-side navigation pane, choose .
- Disable LDAP authentication.
- On the Impala service page, choose in the upper-right corner.
- In the Cluster Activities dialog box, click OK.
- Click History in the upper-right corner.
After Successful appears in the Status column, the operation is successful.
- Restart Impala.
- On the Impala service page, choose in the upper-right corner.
- In the Cluster Activities dialog box, specify Description and click OK.
- In the Confirm message, click OK.