Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)
avatar

Today we are using below command to sync all the AD users to get access to Ambari Views/Operation server.

ambari-server sync-ldap --groups groups.txt

We can't schedule cron tab because we need to pass admin credentials at the time of sync. It's hard to run daily as the users get added to the group and deleted which are managed in AD.

By using below curl command we can automate the Ambari LDAP sync. We can add this command to bash script and schedule it using confab. Whenever new users get added/deleted to the LDAP group, it will get automatically synced the same with Ambari Views. We need to run below command as Ambari user.

This can avoid running ‘ambari-server sync-ldap’command. Here even no need to run any unset proxy commands.

curl -k -u admin:<password> -H
'X-Requested-By: ambari' -X POST -d '[{"Event": {"specs":
[{"principal_type": "users", "sync_type":
"specific", "names":
"sredd66,sreddyuw"},{"principal_type":"groups","sync_type":"specific",
"names": "hadoopadmin,hadoopusers"}]}}]' https://ambarihostname:8080/api/v1/ldap_sync_events

Steps to remove an LDAP group from Ambari and still have the group in LDAP:

Command to GET/DELETE groups from Ambari by not touching AD.

GET:
curl --insecure -u admin:<password> -H
'X-Requested-By: ambari' -X GET https://ambarihostname:8080/api/v1/groups/

DELETE:
curl --insecure -u admin:<password> -H
'X-Requested-By: ambari' -X DELETE https://ambarihostname:8080/api/v1/groups/<group
name you wanted to delete>

Let me know if you have any questions.

6,474 Views
Comments
avatar
Explorer

Hi Sridhar Reddy,

How are you doing ?

Thank you for your detailed explanation on automating the Ambari LDAP sync process. I tried to use the curl command you provided above by tweaking little bit and tested. I am running into issues and the logs doesn't have enough info. Below is the command I am using

curl -v -k -u userid -H 'X-Requested-By: ambari' -X POST -d '[{"Event": {"specs": [{"principal_type":"groups","sync_type":"specific", "names": "i listed the AD groups we have"}]}}]' http://ambarihostname:8080/api/v1/ldap_sync_events

I get a result like this

Enter host password for user 'userid': * About to connect() to ambarihost port 8080 (#0) * Trying IP address... * Connected to ambarihost (IP address) port 8080 (#0) * Server auth using Basic with user 'userid' > POST /api/v1/ldap_sync_events HTTP/1.1 > Authorization: Basic YWJoaXNoZWsuY2hhbWFrdXJhOkBCc2IwMzIwMThxMg== > User-Agent: curl/7.29.0 > Host: ambarihost:8080 > Accept: */* > X-Requested-By: ambari > Content-Length: 133 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 133 out of 133 bytes < HTTP/1.1 201 Created < X-Frame-Options: DENY < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Cache-Control: no-store < Pragma: no-cache < Set-Cookie: AMBARISESSIONID=13ps7b9q98ekhwweh8qlct0ir;Path=/;HttpOnly < Expires: Thu, 01 Jan 1970 00:00:00 GMT < User: userid < Content-Type: text/plain < Vary: Accept-Encoding, User-Agent < Content-Length: 166 < { "resources" : [ { "href" : "http://ambarihost:8080/api/v1/ldap_sync_events/15", "Event" : { "id" : 15 } } ] * Connection #0 to host ambarihost left intact }

Any help is much appreciated.

Thanks,
Abhishek

avatar
New Contributor

Hi Sridhar,


In the same way how can we use curl statement to provide access to HDFS files and HIVE views for any LDAP users/groups.

And How can we sync the LDAP users/groups to Ranger and create the polices to provide required database access?

avatar
New Contributor

Hi ,

DELETE:
curl --insecure -u admin:<password> -H
'X-Requested-By: ambari' -X DELETE https://ambarihostname:8080/api/v1/groups/<group
name you wanted to delete>

how can we delete the groups which has space in the name?

ex:curl --insecure -u admin:<password> -H 'X-Requested-By: ambari' -X DELETE https://ambarihostname:8080/api/v1/groups/ABCD    working fine

But 

curl --insecure -u admin:<password> -H 'X-Requested-By: ambari' -X DELETE https://ambarihostname:8080/api/v1/groups/AB CD   Is not working due to space

 

How can we resolve it.

Thanks in advance

avatar
New Contributor

Hello AM47,

 

To handle space in user/group name, HTML encode it: %20 for space.

 

curl --insecure -u admin:<password> -H 'X-Requested-By: ambari' -X DELETE 'https://ambarihostname:8080/api/v1/groups/AB%20CD '

 

Regards.

Rafa B.