Securing Apache Hive
Also available as:

Secure HiveServer using LDAP

You can secure the remote client connection to Hive by configuring HiveServer to use authentication with LDAP.

  1. Add the following properties to the hive-site.xml file to set the server authentication mode to LDAP.
    LDAP_URL is the access URL for your LDAP server. For example, ldap://
  2. Add additional properties to the hive-site.xml file, depending on your LDAP service type.
    • Active Directory (AD)
    • Other LDAP service types, such as OpenLDAP

    Where AD_Domain is the domain name of the AD server. For example,

    Other LDAP service types:
    Where LDAP_BaseDN is the base LDAP distinguished name for your LDAP server. For example, ou=dev, dc=xyz, dc=com.
  3. Test the LDAP authentication by using the Beeline client.
    • If the HiveServer transport mode is binary (hive.server2.transport.mode=binary), use the following syntax:
    • If the HiveServer2 transport mode is HTTP (hive.server2.transport.mode=http) and the Thrift path is cliservice (hive.server2.thrift.http.path=cliservice), use the following syntax: