Community Articles

hpasumarthi · ‎10-31-2022

This article focuses on demonstrating how to post external user/group mappings in to CM UI using CM API call.

Target state on Cloudera Manger

LDAP Group	CM Role
CMGroup1	ROLE_ADMIN
CMGroup2	ROLE_CONFIGURATOR
CMGroup3	ROLE_AUDITOR, ROLE_LIMITED

Step 1: Get the current authRoles GET /authRoles

curl -g -X GET -u admin:admin -H "Content-Type: application/json" "http://cmhost:7180/api/v43/authRoles" > cm_authroles.json

Download the existing authroles from the CM UI and validate if the CM roles are mentioned in target state available in the file cm_authroles.json

Step 2: Create the user mapping template example shown below cm_user_mapping.json

{
  "items": [
    {
      "name": "CMGroup1",
      "type": "LDAP",
      "authRoles": [
        { "name": "ROLE_ADMIN" }
      ]
    },
    {
	"name": "CMGroup2",	
      "type": "LDAP",
      "authRoles": [
        { "name": "ROLE_CONFIGURATOR" }
      ]
    },
    {
	"name": "CMGroup3",
      "type": "LDAP",
      "authRoles": [
        { "name": "ROLE_AUDITOR" },
        { "name": "ROLE_LIMITED" }
      ]
    }
  ]
}

Step 3: Post the cm_user_mapping.json to the CM via externalUserMappings api

curl -g -X POST -u admin:admin -H "Content-Type: application/json" -d _user_mapping.json "http://cmhost:7180/api/v43/externalUserMappings"

More details about the mapping and authroles and user mapping can be found in official documentation

https://archive.cloudera.com/cm7/7.2.4/generic/jar/cm_api/apidocs/index.html

Cloudera Community

Community Articles

Cloudera Manager UI - External User Mappings API

Cloudera Manager