Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Automate the Ambari LDAP sync

Labels (1)
Labels:
avatar
author-rank bandarusridhar1
Guru

Created on ‎05-22-2017 08:12 PM

Today we are using below command to sync all the AD users to get access to Ambari Views/Operation server.

ambari-server sync-ldap --groups groups.txt

We can't schedule cron tab because we need to pass admin credentials at the time of sync. It's hard to run daily as the users get added to the group and deleted which are managed in AD.

By using below curl command we can automate the Ambari LDAP sync. We can add this command to bash script and schedule it using confab. Whenever new users get added/deleted to the LDAP group, it will get automatically synced the same with Ambari Views. We need to run below command as Ambari user.

This can avoid running ‘ambari-server sync-ldap’command. Here even no need to run any unset proxy commands.

curl -k -u admin:<password> -H
'X-Requested-By: ambari' -X POST -d '[{"Event": {"specs":
[{"principal_type": "users", "sync_type":
"specific", "names":
"sredd66,sreddyuw"},{"principal_type":"groups","sync_type":"specific",
"names": "hadoopadmin,hadoopusers"}]}}]' https://ambarihostname:8080/api/v1/ldap_sync_events

Steps to remove an LDAP group from Ambari and still have the group in LDAP:

Command to GET/DELETE groups from Ambari by not touching AD.

GET:
curl --insecure -u admin:<password> -H
'X-Requested-By: ambari' -X GET https://ambarihostname:8080/api/v1/groups/

DELETE:
curl --insecure -u admin:<password> -H
'X-Requested-By: ambari' -X DELETE https://ambarihostname:8080/api/v1/groups/<group
name you wanted to delete>

Let me know if you have any questions.

6,441 Views
Comments

Re: Automate the Ambari LDAP sync

avatar
author-rank abhishek_c
Explorer

Created on ‎07-17-2018 05:48 PM

Hi Sridhar Reddy,

How are you doing ?

Thank you for your detailed explanation on automating the Ambari LDAP sync process. I tried to use the curl command you provided above by tweaking little bit and tested. I am running into issues and the logs doesn't have enough info. Below is the command I am using

curl -v -k -u userid -H 'X-Requested-By: ambari' -X POST -d '[{"Event": {"specs": [{"principal_type":"groups","sync_type":"specific", "names": "i listed the AD groups we have"}]}}]' http://ambarihostname:8080/api/v1/ldap_sync_events

I get a result like this

Enter host password for user 'userid': * About to connect() to ambarihost port 8080 (#0) * Trying IP address... * Connected to ambarihost (IP address) port 8080 (#0) * Server auth using Basic with user 'userid' > POST /api/v1/ldap_sync_events HTTP/1.1 > Authorization: Basic YWJoaXNoZWsuY2hhbWFrdXJhOkBCc2IwMzIwMThxMg== > User-Agent: curl/7.29.0 > Host: ambarihost:8080 > Accept: */* > X-Requested-By: ambari > Content-Length: 133 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 133 out of 133 bytes < HTTP/1.1 201 Created < X-Frame-Options: DENY < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Cache-Control: no-store < Pragma: no-cache < Set-Cookie: AMBARISESSIONID=13ps7b9q98ekhwweh8qlct0ir;Path=/;HttpOnly < Expires: Thu, 01 Jan 1970 00:00:00 GMT < User: userid < Content-Type: text/plain < Vary: Accept-Encoding, User-Agent < Content-Length: 166 < { "resources" : [ { "href" : "http://ambarihost:8080/api/v1/ldap_sync_events/15", "Event" : { "id" : 15 } } ] * Connection #0 to host ambarihost left intact }

Any help is much appreciated.

Thanks,
Abhishek

Re: Automate the Ambari LDAP sync

avatar
author-rank bharath_ramesh0
New Contributor

Created on ‎03-19-2019 07:01 PM

Hi Sridhar,


In the same way how can we use curl statement to provide access to HDFS files and HIVE views for any LDAP users/groups.

And How can we sync the LDAP users/groups to Ranger and create the polices to provide required database access?

Re: Automate the Ambari LDAP sync

avatar
author-rank AM47
New Contributor

Created on ‎04-04-2020 07:51 AM

Hi ,

DELETE:
curl --insecure -u admin:<password> -H
'X-Requested-By: ambari' -X DELETE https://ambarihostname:8080/api/v1/groups/<group
name you wanted to delete>

how can we delete the groups which has space in the name?

ex:curl --insecure -u admin:<password> -H 'X-Requested-By: ambari' -X DELETE https://ambarihostname:8080/api/v1/groups/ABCD    working fine

But 

curl --insecure -u admin:<password> -H 'X-Requested-By: ambari' -X DELETE https://ambarihostname:8080/api/v1/groups/AB CD   Is not working due to space

 

How can we resolve it.

Thanks in advance

Re: Automate the Ambari LDAP sync

avatar
author-rank BernaB
New Contributor

Created on ‎08-11-2020 04:50 PM

Hello AM47,

 

To handle space in user/group name, HTML encode it: %20 for space.

 

curl --insecure -u admin:<password> -H 'X-Requested-By: ambari' -X DELETE 'https://ambarihostname:8080/api/v1/groups/AB%20CD '

 

Regards.

Rafa B.

Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements
Version history
Last update:
‎05-22-2017 08:12 PM
Updated by:
Guru
Contributors