Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Active Directory Group to Role Mapping CDP 7.1.6

avatar
author-rank CaptainJa
Explorer

Created ‎08-10-2021 01:39 AM

Hello,

 

I am facing a challenge with authentication and authorizing Active Directory users on Cloudera CDP 7.1.6. I followed the steps here to make the necessary configurations (https://docs.cloudera.com/cdp-private-cloud-base/7.1.6/security-kerberos-authentication/topics/cm-se...).

The challenge is that I am able to login with AD users but there is no group to role mapping, which results in a blank page for the user.

I checked this other page (https://docs.cloudera.com/cdp-private-cloud-base/7.1.6/managing-clusters/topics/cm-security-authoriz... which handles mapping external authentication to roles. However, it skips Active Directory instructions and mentions only that of external programs and SAML scripts.

 

Does anyone have an idea of how to map groups from an Active Directory source to Cloudera Roles? or is there some other documentation I should refer to?

 

Thanks in advance for the support.
 

1,059 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank CaptainJa
Explorer

Created ‎08-10-2021 02:51 AM

With some help from a colleague, we figured out that all I needed to do was go into Administration > Users & Roles > LDAP/PAM Groups.

There, I clicked on the "Add LDAP/PAM Group Mapping" and added the group I expected to be synced from Active Directory, along with a role assignment. 

CaptainJa_0-1628589033903.png

This was enough to make sure that the user after being authenticated, was able to login in with the right role privileges.

View solution in original post

1,047 Views
0 Kudos
1 REPLY 1

avatar
author-rank CaptainJa
Explorer

Created ‎08-10-2021 02:51 AM

With some help from a colleague, we figured out that all I needed to do was go into Administration > Users & Roles > LDAP/PAM Groups.

There, I clicked on the "Add LDAP/PAM Group Mapping" and added the group I expected to be synced from Active Directory, along with a role assignment. 

CaptainJa_0-1628589033903.png

This was enough to make sure that the user after being authenticated, was able to login in with the right role privileges.

1,048 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements