https://community.cloudera.com/t5/Support-Questions/Altus-Director-integration-with-Active-Directory/m-p/93882#M57411 <P>Yes, your understanding is correct.</P> Fri, 09 Aug 2019 06:35:57 GMT araujo 2019-08-09T06:35:57Z https://community.cloudera.com/t5/Support-Questions/Altus-Director-integration-with-Active-Directory/m-p/93793#M57372 <P>Scenario:</P><P>I recently integrated Altus Director with&nbsp;Active Directory for role based authentication &amp; authorisation. After implementation I noticed that the default admin credential (admin/admin) was not working anymore, which was expected.</P><P>&nbsp;</P><P>My question is:</P><OL><LI>Is it possible/recommended to create another 'admin' user in Altus director (or in Active Directory) as a master credential just for back-up?</LI><LI>Do Altus Director have a&nbsp;<EM>Authentication Backend Order</EM> (eg. Database then External) like we have in Cloudera Manager?</LI><LI>Suppose, if a user is present in admin group as well as readonly group, then what role does Altus Director assumes for that user?</LI></OL><P>Thank you.</P> Fri, 16 Sep 2022 15:52:53 GMT https://community.cloudera.com/t5/Support-Questions/Altus-Director-integration-with-Active-Directory/m-p/93793#M57372 SnehasishRSC 2022-09-16T15:52:53Z https://community.cloudera.com/t5/Support-Questions/Altus-Director-integration-with-Active-Directory/m-p/93813#M57383 <BLOCKQUOTE><HR /><P>Is it possible/recommended to create another 'admin' user in Altus director (or in Active Directory) as a master credential just for back-up?</P><HR /></BLOCKQUOTE><P>Rather than granting individual users the <STRONG>Admin</STRONG> role, when you integrate Director with Active Directory, you can map an Active Directory group to the Admin role by setting the following property:</P><P>&nbsp;</P><P>lp.security.ldapConfig.activeDirectory.roleMapping.DirectorAdminGroupCn: &lt;ADMIN_GROUP_CN&gt;</P><P>&nbsp;</P><P>With this, once you start Director, all the users in that AD group will already have admin privileges.</P><P>&nbsp;</P><BLOCKQUOTE><HR /><P>Do Altus Director have a&nbsp;<EM>Authentication Backend Order</EM> (eg. Database then External) like we have in Cloudera Manager?</P><HR /></BLOCKQUOTE><P>As far as I know the&nbsp;<EM>lp</EM><SPAN>.</SPAN><EM>security</EM><SPAN>.</SPAN><EM>userSource</EM> parameter only accepts two values: <EM>LDAP</EM> and <EM>internal</EM>, and they are mutually exclusive.</P><P>&nbsp;</P><BLOCKQUOTE><HR />Suppose, if a user is present in admin group as well as readonly group, then what role does Altus Director assumes for that user?<HR /></BLOCKQUOTE><P>The union of the privileges, so the user will be an Admin.</P> Wed, 07 Aug 2019 18:09:43 GMT https://community.cloudera.com/t5/Support-Questions/Altus-Director-integration-with-Active-Directory/m-p/93813#M57383 araujo 2019-08-07T18:09:43Z https://community.cloudera.com/t5/Support-Questions/Altus-Director-integration-with-Active-Directory/m-p/93840#M57390 <BLOCKQUOTE><HR /><P>lp.security.ldapConfig.activeDirectory.roleMapping.DirectorAdminGroupCn: &lt;ADMIN_GROUP_CN&gt;</P><HR /></BLOCKQUOTE><P>As per the documentation and my understanding the proper syntax would be</P><LI-CODE lang="markup">lp.security.ldapConfig.activeDirectory.roleMapping.&lt;Active_Directory_Group_CN&gt;: &lt;ADMIN&gt; / &lt;READONLY&gt;</LI-CODE><P>&nbsp;</P><P>Please correct me if I'm wrong.</P><P>&nbsp;</P><P>Thank you.</P><P>&nbsp;</P> Thu, 08 Aug 2019 08:28:42 GMT https://community.cloudera.com/t5/Support-Questions/Altus-Director-integration-with-Active-Directory/m-p/93840#M57390 SnehasishRSC 2019-08-08T08:28:42Z https://community.cloudera.com/t5/Support-Questions/Altus-Director-integration-with-Active-Directory/m-p/93882#M57411 <P>Yes, your understanding is correct.</P> Fri, 09 Aug 2019 06:35:57 GMT https://community.cloudera.com/t5/Support-Questions/Altus-Director-integration-with-Active-Directory/m-p/93882#M57411 araujo 2019-08-09T06:35:57Z