Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

LDAP no longer supported

Labels:
avatar
author-rank cpuengr
Explorer

Created on ‎10-06-2016 03:38 PM - edited ‎09-16-2022 03:43 AM

I set up my kerberized cluster with LDAP a long time ago. I am now trying to add services after upgrading to CM 5.8.2 which require more kerberos accounts on AD, and it looks like it only supports LDAPS. Is this correct? 

I can add LDAPS to my AD server, but where do I put the certificate on CM?

 

Thank You

2,327 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank rufusayeni author-rank
Rising Star

Created ‎10-06-2016 07:34 PM

Hello,

 

The AD certificate goes in the JVM keystore on CM:

 

1. On the domain controller, export the certificate in the "Base-64 encoded X.509 (.CER) format.

 

2. Copy the file to the Cloudera Manager host using an SCP/SSH tool such as WinSCP.

 

3. Import the certificate into your JVM keystore:

 

keytool -import -alias <alias-for-cert> -file <path-to-cert> -keystore <path-to-keystore> -storepass <keystore password>

Note: The truststore is usually located at: $JAVA_HOME/jre/lib/security/cacerts.

View solution in original post

2,317 Views
1 REPLY 1

avatar
author-rank rufusayeni author-rank
Rising Star

Created ‎10-06-2016 07:34 PM

Hello,

 

The AD certificate goes in the JVM keystore on CM:

 

1. On the domain controller, export the certificate in the "Base-64 encoded X.509 (.CER) format.

 

2. Copy the file to the Cloudera Manager host using an SCP/SSH tool such as WinSCP.

 

3. Import the certificate into your JVM keystore:

 

keytool -import -alias <alias-for-cert> -file <path-to-cert> -keystore <path-to-keystore> -storepass <keystore password>

Note: The truststore is usually located at: $JAVA_HOME/jre/lib/security/cacerts.

2,318 Views
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements