Ldap || issue while enabling ldap

2021-04-28T11:22:25,800 WARN [main] org.apache.druid.java.util.common.RetryUtils - Retrying (4 of 9) in 10,265ms.
com.fasterxml.jackson.core.JsonParseException: Input does not start with Smile format header (first byte = 0x3c) and parser has REQUIRE_HEADER enabled: can not parse
at [Source: (byte)"

Error 401 Unauthorized

HTTP ERROR 401 Unauthorized

URI: /druid-ext/basic-security/authentication/db/ldap/cachedSerializedUserMap
STATUS: 401
MESSAGE: Unauthorized
SERVLET: default
"; line: -1, column: 0] at com.fasterxml.jackson.dataformat.smile.SmileParserBootstrapper.constructParser(SmileParserBootstrapper.java:133) ~[jackson-dataformat-smile-2.10.2.jar:2.10.2] at com.fasterxml.jackson.dataformat.smile.SmileFactory._createParser(SmileFactory.java:460) ~[jackson-dataformat-smile-2.10.2.jar:2.10.2] at com.fasterxml.jackson.dataformat.smile.SmileFactory.createParser(SmileFactory.java:366) ~[jackson-dataformat-smile-2.10.2.jar:2.10.2] at com.fasterxml.jackson.dataformat.smile.SmileFactory.createParser(SmileFactory.java:353) ~[jackson-dataformat-smile-2.10.2.jar:2.10.2] at com.fasterxml.jackson.dataformat.smile.SmileFactory.createParser(SmileFactory.java:29) ~[jackson-dataformat-smile-2.10.2.jar:2.10.2] at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3292) ~[jackson-databind-2.10.5.1.jar:2.10.5.1] at org.apache.druid.security.basic.authentication.db.cache.CoordinatorPollingBasicAuthenticatorCacheManager.tryFetchUserMapFromCoordinator(CoordinatorPollingBasicAuthenticatorCacheManager.java:262) ~[?:?] at org.apache.druid.security.basic.authentication.db.cache.CoordinatorPollingBasicAuthenticatorCacheManager.lambda$fetchUserMapFromCoordinator$1(CoordinatorPollingBasicAuthenticatorCacheManager.java:192) ~[?:?] at org.apache.druid.java.util.common.RetryUtils.retry(RetryUtils.java:87) [druid-core-0.20.1.jar:0.20.1] at org.apache.druid.java.util.common.RetryUtils.retry(RetryUtils.java:115) [druid-core-0.20.1.jar:0.20.1] at org.apache.druid.java.util.common.RetryUtils.retry(RetryUtils.java:105) [druid-core-0.20.1.jar:0.20.1] at org.apache.druid.security.basic.authentication.db.cache.CoordinatorPollingBasicAuthenticatorCacheManager.fetchUserMapFromCoordinator(CoordinatorPollingBasicAuthenticatorCacheManager.java:190) [druid-basic-security-0.20.1.jar:0.20.1] at org.apache.druid.security.basic.authentication.db.cache.CoordinatorPollingBasicAuthenticatorCacheManager.initUserMaps(CoordinatorPollingBasicAuthenticatorCacheManager.java:289) [druid-basic-security-0.20.1.jar:0.20.1] at org.apache.druid.security.basic.authentication.db.cache.CoordinatorPollingBasicAuthenticatorCacheManager.start(CoordinatorPollingBasicAuthenticatorCacheManager.java:108) [druid-basic-security-0.20.1.jar:0.20.1] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_232] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_232] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_232] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_232] at org.apache.druid.java.util.common.lifecycle.Lifecycle$AnnotationBasedHandler.start(Lifecycle.java:446) [druid-core-0.20.1.jar:0.20.1] at org.apache.druid.java.util.common.lifecycle.Lifecycle.start(Lifecycle.java:341) [druid-core-0.20.1.jar:0.20.1] at org.apache.druid.guice.LifecycleModule$2.start(LifecycleModule.java:143) [druid-core-0.20.1.jar:0.20.1] at org.apache.druid.cli.GuiceRunnable.initLifecycle(GuiceRunnable.java:115) [druid-services-0.20.1.jar:0.20.1] at org.apache.druid.cli.ServerRunnable.run(ServerRunnable.java:63) [druid-services-0.20.1.jar:0.20.1] at org.apache.druid.cli.Main.main(Main.java:113) [druid-services-0.20.1.jar:0.20.1]

Can you give us a little more information on what you are trying to do and where this error is happening?

Hi Rachel,

Thanks alot for looking into the issue.

i’m trying to enable Kerbores for the druid cluster, i’m getting below error when i tried to access the query server.

HTTP ERROR 403 org.apache.hadoop.security.authentication.util.SignerException: Invalid signed text:

URI: /unified-console.html
STATUS: 403
MESSAGE: org.apache.hadoop.security.authentication.util.SignerException: Invalid signed text:
SERVLET: org.eclipse.jetty.servlet.DefaultServlet-7ceb6c45

common properties file.

#authentication
druid.auth.authenticatorChain=[“kerberos”]
druid.auth.authenticator.kerberos.type=kerberos
druid.auth.authenticator.kerberos.serverPrincipal=HTTP/_HOST@********
druid.auth.authenticator.kerberos.serverKeytab=/etc/security/keytabs/spnego.service.keytab
druid.auth.authenticator.kerberos.authToLocal=RULE:1:$1@$0s/./root/
RULE:1:$1@$0s/@.
/ambari-qa//L
DEFAULT
druid.escalator.type=kerberos
druid.escalator.internalClientPrincipal=druid-test02@******
druid.escalator.internalClientKeytab=/etc/security/keytabs/druid.headless.keytab
druid.escalator.authorizerName=allowAll
MyBasicAuthorizer

in broker logs i’m unable to see any error messages.

Thanks
Hassain K