Trino LDAP setup fails with HTTP ERROR 403 Forbidden
See original GitHub issueHi, We are trying to set up Trino server 359 with LDAP authentication. We are using a proxy server (load balancer) and the Trino coordinator is running with HTTP configuration on the default port, 8080.
Added http-server.process-forwarded=true to the config.properties file.
We are able to connect to trino using the proxy server HTTPS URL and query data.
Now, to configure LDAP authentication added http-server.authentication.type=PASSWORD to config.properties file.
And password-authenticator.properties with below content:
password-authenticator.name=ldap
ldap.allow-insecure=true
ldap.url=ldap://ldap.example.com:389
ldap.user-bind-pattern=${USER}@example.com
When we try to connect to Trino CLI using the below command:
./trino --server https://trino-dev.example.com --catalog hive --schema db --user nnandula --password
it fails with the below error:
trino:db> Aug 02, 2021 2:18:39 AM com.google.common.cache.LocalCache$Segment$1 run
WARNING: Exception thrown during refresh
java.util.concurrent.ExecutionException: java.lang.RuntimeException: Error starting query at https://trino-dev.example.com/v1/statement returned an invalid response: JsonResponse{statusCode=403, statusMessage=Forbidden, headers={cache-control=[must-revalidate,no-cache,no-store], content-length=[417], content-type=[text/html;charset=iso-8859-1]}, hasValue=false} [Error: <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 Forbidden</title>
</head>
<body><h2>HTTP ERROR 403 Forbidden</h2>
<table>
<tr><th>URI:</th><td>/v1/statement</td></tr>
<tr><th>STATUS:</th><td>403</td></tr>
<tr><th>MESSAGE:</th><td>Forbidden</td></tr>
<tr><th>SERVLET:</th><td>org.glassfish.jersey.servlet.ServletContainer-49de1505</td></tr>
</table>
</body>
</html>
Please advise.
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
LDAP authentication — Trino 403 Documentation
This error is seen when the Trino coordinator's certificate is invalid, and does not have the IP you provide in the --server argument...
Read more >Problem accessing /v1/statement #12894 - prestodb/presto
I am trying to query presto using presto-cli over https. But somehow i am getting the below error: `update handshake state: finished[20]
Read more >Ambari server LDAP Setup 403 - Cloudera Community - 310476
ERROR: Exiting with exit code 1. REASON: Error while fetching LDAP configuration. Error details: HTTP Error 403: Forbidden.
Read more >LDAP auth,using admin account to login,return http error 403
Gitlab uses ldap authentication, and suddenly logs in with the administrator account configured by ldap, the web page prompts that the request ...
Read more >Trino returns error when trying the LDAP authentication
I've been trying to enable the LDAP authentication for Trino in EMR (Trino version 359, EMR version 6.4.0).
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@nnandula Can you briefly describe what was wrong so that other people who run into this issue have an idea of what to correct?
@hashhar - Thanks, we are able to solve the issue after correcting the
Forwardedheader issue from the proxy server. We are able to authenticate via LDAP