https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/331427#M230891 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/22763">@daba</a>&nbsp;Can you try adding the below lines to the Knox topology files</P><LI-CODE lang="markup">authentication.param.remove=main.pamRealm authentication.param.remove=main.pamRealm.service</LI-CODE><P>Refer to the following doc for more info on how to configure LDAP/AD in knox</P><P><A href="https://docs.cloudera.com/runtime/7.2.10/knox-authentication/topics/security-knox-authe-ldap.html" target="_blank">https://docs.cloudera.com/runtime/7.2.10/knox-authentication/topics/security-knox-authe-ldap.html</A></P> Thu, 02 Dec 2021 00:49:50 GMT Scharan 2021-12-02T00:49:50Z https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/331417#M230889 <P>Hello all,</P><P>&nbsp;</P><P>I have installed Apache Knox on a CDP 7.1.6 cluster and switched Shiro from PAM to LDAP (as described here <A href="https://is.gd/FmexUD" target="_blank">https://is.gd/FmexUD</A>). The changes are also done in the providers. PAM is disabled via the authentication.param.remove switch. Nevertheless PAM (KnoxPamRealm) is used for authentication instead of LDAP (KnoxLdapRealm). Does anyone have useful hints where to look for the cause? Thanks a lot!</P><P>&nbsp;</P><P>Regards,</P><P>Daniel</P><P>&nbsp;</P> Tue, 21 Apr 2026 08:03:16 GMT https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/331417#M230889 daba 2026-04-21T08:03:16Z https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/331427#M230891 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/22763">@daba</a>&nbsp;Can you try adding the below lines to the Knox topology files</P><LI-CODE lang="markup">authentication.param.remove=main.pamRealm authentication.param.remove=main.pamRealm.service</LI-CODE><P>Refer to the following doc for more info on how to configure LDAP/AD in knox</P><P><A href="https://docs.cloudera.com/runtime/7.2.10/knox-authentication/topics/security-knox-authe-ldap.html" target="_blank">https://docs.cloudera.com/runtime/7.2.10/knox-authentication/topics/security-knox-authe-ldap.html</A></P> Thu, 02 Dec 2021 00:49:50 GMT https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/331427#M230891 Scharan 2021-12-02T00:49:50Z https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/331453#M230895 <P>Hello&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/35149">@Scharan</a>,</P><P>&nbsp;</P><P>many thanks for your answer! Both parameters you mentioned are set. In the Knox Admin UI, all relevant providers also have the LDAP configuration (KnoxLdapRealm). But KnoxPamRealm is still used. It is interesting that when Knox is started, the shiro.ini with the PAM configuration is pulled from the JAR (WEB-INF/shiro.ini). Otherwise, there is no other shiro.ini in the file system that could replace it.</P> Thu, 02 Dec 2021 08:12:41 GMT https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/331453#M230895 daba 2021-12-02T08:12:41Z https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/332936#M231304 <P>Hi&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/22763">@daba</a>,</P><P>&nbsp;</P><P>Could you check the following topology file in the Knox gateway node to validate if the authentication provider change you made in the CM UI is reflected at the host level as well?</P><P>-&nbsp;/var/lib/knox/gateway/conf/topologies/knoxsso.xml</P><P>&nbsp;</P><P>Thanks,<BR />Prashanth Vishnu</P> Tue, 28 Dec 2021 10:43:34 GMT https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/332936#M231304 pvishnu 2021-12-28T10:43:34Z https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/336199#M232186 <P>Hi <a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/63344">@pvishnu</a>,</P><P>&nbsp;</P><P>thank you for your response! The ldap configuration which I made in the Cloudera Manager will not be persist in the topology file <SPAN>/var/lib/knox/gateway/conf/topologies/knoxsso.xml. There is still the pamRealm configuration. One solution is to manually edit the topology file, but that is not&nbsp;my expectation if you use Cloudera Manager.</SPAN></P><P>&nbsp;</P><P><SPAN>Regards,</SPAN></P><P><SPAN>Daniel</SPAN></P> Mon, 14 Feb 2022 07:27:05 GMT https://community.cloudera.com/t5/Support-Questions/Apache-Knox-LDAP-configuration-is-not-used/m-p/336199#M232186 daba 2022-02-14T07:27:05Z