Support Questions

Find answers, ask questions, and share your expertise

Ambari - Active Directory Integration,Ambari - Active Directory Integration, it is not Syncing

avatar

Hi,

I am using Ambari 2.2 +HDP 2.4,

when i try to Sync the AD Users with amabri it not Syncing,

>> ambari-server sync-ldap --groups groups.txt

enter the ambari password: admin/admin

Syncing specified users and groups..ERROR: Exiting with exit code 1. 
REASON: Caught exception running LDAP sync. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, d
ata 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:
 AcceptSecurityContext error, data 52e, v2580]

these are the parameter i have choosen while seting up.

ambari-server setup-ldap,

primary url*(host:port): xxxx:389

use SSL*(true/false) (false):

use object class*(user)

user name attribute(sAMAccountName)

Group Object Class*(group)

Group name attribute(cn)

Group member attribut (member)

Distinguish Name Attribute*(dn): distinguishedName

Base DN* : OU=ambari_roles,DC=mylab,DC=com

Reffreal Method: default

Bind Anonymously * [true/false](false): default

Manager DN* : CN=hdpsrv,OU=service_accounts,DC=mylab,DC=com

Enter Manager Password: **

re enter the Manager Password : ****

y/n : y

-------------------------------------------

this are the logs.

-----------------------------------------------------------------------------------------------------------------------------------------------

11 Mar 2018 18:08:58,052 ERROR [pool-9-thread-2] LdapSyncEventResourceProvider:434 - Caught exception running LDAP sync. 
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext er
ror, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, co
mment: AcceptSecurityContext error, data 52e, v2580]
        at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:182)
        at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
        at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)                           
        at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)                   
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:524)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:473)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:493)                                                         
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:513)                                                         
        at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getFilteredLdapGroups(AmbariLdapDataPopulator.java:531)           
        at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getFilteredLdapGroups(AmbariLdapDataPopulator.java:525)           
        at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getLdapGroups(AmbariLdapDataPopulator.java:407)                   
        at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.synchronizeLdapGroups(AmbariLdapDataPopulator.java:231)           
        at org.apache.ambari.server.controller.AmbariManagementControllerImpl.synchronizeLdapUsersAndGroups(AmbariManagementControllerImpl.j
ava:4192)                                                                                                                                   
        at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider.syncLdap(LdapSyncEventResourceProvider.java:464)      
        at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider.processSyncEvents(LdapSyncEventResourceProvider.java:4
22)                                                                                                                                         
        at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider.access$000(LdapSyncEventResourceProvider.java:60)     
        at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider$1.run(LdapSyncEventResourceProvider.java:246)         
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)                                                          
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)                                                                         
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)                                                  
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)                                                  
        at java.lang.Thread.run(Thread.java:745)                                                                                            
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext err
or, data 52e, v2580]                                                                                                                        
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088)                                                                        
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)                                                                   
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836)                                                                   
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2750)                                                                             
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:317)                                                                               
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)                                                            
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)                                                           
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)                                                     
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)                                                       
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)                                                         
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)                                                           
        at javax.naming.InitialContext.init(InitialContext.java:242)                                                                        
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)                                                         
        at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)                         
        at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)                        
        ... 23 more     

------------------------------------------------------------------------------------------------------------------------------------------------

1 ACCEPTED SOLUTION

avatar
3 REPLIES 3

avatar
Rising Star

Hi @Deepu Nagesh,

Test if your details are correct via ldapsearch, for example:

ldapsearch -h <YOUR AD URL WITHOUT PROTOCOL> -p 389 -x -D 'CN=hdpsrv,OU=service_accounts,DC=mylab,DC=com' -W -b 'OU=ambari_roles,DC=mylab,DC=com'

If you connect successfully then keep testing the other parameters that you have set-up in the Ambari AD configuration, to confirm that the Ambari AD configuration was set-up properly accordingly with your AD settings.

As the error that the AD is throwing is "52e" meaning that is Invalid AD Credentials.

Hope it helps.

Gonçalo

avatar

I Resolved the issue, I have changed the Bind user itself....the issue with AD User.

avatar