Created 11-27-2018 02:56 PM
We have Ambari LDAP configured with one of the sub domain and all users from that domain is available in ambari after the ldap sync.
Now users from another sub domain need access to Ambari console.
How do we enable the LDAP with other sub domains.
Below are the current LDAP configuration in /etc/ambari-server/conf/ambari.properties
------------------------
ambari.ldap.isConfigured=true
authentication.ldap.baseDn=DC=sub1,DC=ad,DC=abc,DC=com
authentication.ldap.bindAnonymously=false
authentication.ldap.dnAttribute=dn
authentication.ldap.groupMembershipAttr=member
authentication.ldap.groupNamingAttr=cn
authentication.ldap.groupObjectClass=group
authentication.ldap.managerDn=Hadoop-AD-Admin-devl@sub1.ad.abc.com authentication.ldap.managerPassword=${alias=ambari.ldap.manager.password} authentication.ldap.primaryUrl=sub1.ad.abc.com:389
authentication.ldap.referral=follow
authentication.ldap.useSSL=false
authentication.ldap.userObjectClass=user
authentication.ldap.usernameAttribute=sAMAccountName
client.security=ldap
------------------------
All users from "sub1.ad.abc.com" are available in Amabri.
Need access for users from "sub2.ad.abc.com" to Amabri
Ambari server Version: 2.4.0.1
Created 11-27-2018 03:12 PM
Hi @Sajesh PP ,
ambari supports a Feature of adding secondaryURL when you are configuring the LDAP . are you speaking about the same ?
https://ambari.apache.org/1.2.5/installing-hadoop-using-ambari/content/ambari-add-LDAP.html
Created 12-01-2018 07:19 AM
I tried configuring authentication.ldap.secondaryUrl and did ldap sync --all.
Ambari Server 'sync-ldap' completed successfully.
But i could not find any users/groups from secondary domain and there were no logs about the sync (like failed/success/ if any errors)
Any way we can validate LDAP sync ?