Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Ambari - Active Directory Integration,Ambari - Active Directory Integration, it is not Syncing

Labels:
avatar
author-rank deepunagesh1234
New Member

Created ‎03-11-2018 06:45 PM

Hi,

I am using Ambari 2.2 +HDP 2.4,

when i try to Sync the AD Users with amabri it not Syncing,

>> ambari-server sync-ldap --groups groups.txt

enter the ambari password: admin/admin

Syncing specified users and groups..ERROR: Exiting with exit code 1. 
REASON: Caught exception running LDAP sync. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, d
ata 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:
 AcceptSecurityContext error, data 52e, v2580]

these are the parameter i have choosen while seting up.

ambari-server setup-ldap,

primary url*(host:port): xxxx:389

use SSL*(true/false) (false):

use object class*(user)

user name attribute(sAMAccountName)

Group Object Class*(group)

Group name attribute(cn)

Group member attribut (member)

Distinguish Name Attribute*(dn): distinguishedName

Base DN* : OU=ambari_roles,DC=mylab,DC=com

Reffreal Method: default

Bind Anonymously * [true/false](false): default

Manager DN* : CN=hdpsrv,OU=service_accounts,DC=mylab,DC=com

Enter Manager Password: **

re enter the Manager Password : ****

y/n : y

-------------------------------------------

this are the logs.

-----------------------------------------------------------------------------------------------------------------------------------------------

11 Mar 2018 18:08:58,052 ERROR [pool-9-thread-2] LdapSyncEventResourceProvider:434 - Caught exception running LDAP sync. 
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext er
ror, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, co
mment: AcceptSecurityContext error, data 52e, v2580]
        at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:182)
        at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
        at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)                           
        at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)                   
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:524)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:473)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:493)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:513)                                                         
        at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getFilteredLdapGroups(AmbariLdapDataPopulator.java:531)           
        at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getFilteredLdapGroups(AmbariLdapDataPopulator.java:525)           
        at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getLdapGroups(AmbariLdapDataPopulator.java:407)                   
        at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.synchronizeLdapGroups(AmbariLdapDataPopulator.java:231)           
        at org.apache.ambari.server.controller.AmbariManagementControllerImpl.synchronizeLdapUsersAndGroups(AmbariManagementControllerImpl.j
ava:4192)                                                                                                                                   
        at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider.syncLdap(LdapSyncEventResourceProvider.java:464)      
        at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider.processSyncEvents(LdapSyncEventResourceProvider.java:4
22)                                                                                                                                         
        at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider.access$000(LdapSyncEventResourceProvider.java:60)     
        at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider$1.run(LdapSyncEventResourceProvider.java:246)         
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)                                                          
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)                                                                         
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)                                                  
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)                                                  
        at java.lang.Thread.run(Thread.java:745)                                                                                            
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext err
or, data 52e, v2580]                                                                                                                        
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088)                                                                        
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)                                                                   
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836)                                                                   
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2750)                                                                             
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:317)                                                                               
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)                                                            
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)                                                           
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)                                                     
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)                                                       
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)                                                         
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)                                                           
        at javax.naming.InitialContext.init(InitialContext.java:242)                                                                        
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)                                                         
        at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)                         
        at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)                        
        ... 23 more

------------------------------------------------------------------------------------------------------------------------------------------------

4,933 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank deepunagesh1234
New Member

Created ‎04-25-2019 06:55 AM

Have pasted the blog, which helped me fix the Above


https://ephesoft.com/docs/kb00022563-javax-naming-authenticationexception-ldap-error-code-49-8009030...

View solution in original post

4,666 Views
0 Kudos
3 REPLIES 3

avatar
author-rank gcunha
Rising Star

Created ‎03-13-2018 09:16 AM

Hi @Deepu Nagesh,

Test if your details are correct via ldapsearch, for example:

ldapsearch -h <YOUR AD URL WITHOUT PROTOCOL> -p 389 -x -D 'CN=hdpsrv,OU=service_accounts,DC=mylab,DC=com' -W -b 'OU=ambari_roles,DC=mylab,DC=com'

If you connect successfully then keep testing the other parameters that you have set-up in the Ambari AD configuration, to confirm that the Ambari AD configuration was set-up properly accordingly with your AD settings.

As the error that the AD is throwing is "52e" meaning that is Invalid AD Credentials.

Hope it helps.

Gonçalo

4,666 Views
0 Kudos

avatar
author-rank deepunagesh1234
New Member

Created ‎04-24-2019 03:54 PM

I Resolved the issue, I have changed the Bind user itself....the issue with AD User.

4,666 Views
0 Kudos

avatar
author-rank deepunagesh1234
New Member

Created ‎04-25-2019 06:55 AM

Have pasted the blog, which helped me fix the Above


https://ephesoft.com/docs/kb00022563-javax-naming-authenticationexception-ldap-error-code-49-8009030...

4,667 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements