Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

Ambari LDAP authentication from multiple sub domains

Ambari LDAP authentication from multiple sub domains

Labels:
sajesh_purayil
Explorer

Created ‎11-27-2018 02:56 PM

We have Ambari LDAP configured with one of the sub domain and all users from that domain is available in ambari after the ldap sync.

Now users from another sub domain need access to Ambari console.

How do we enable the LDAP with other sub domains.

Below are the current LDAP configuration in /etc/ambari-server/conf/ambari.properties

------------------------

ambari.ldap.isConfigured=true

authentication.ldap.baseDn=DC=sub1,DC=ad,DC=abc,DC=com

authentication.ldap.bindAnonymously=false

authentication.ldap.dnAttribute=dn

authentication.ldap.groupMembershipAttr=member

authentication.ldap.groupNamingAttr=cn

authentication.ldap.groupObjectClass=group

authentication.ldap.managerDn=Hadoop-AD-Admin-devl@sub1.ad.abc.com authentication.ldap.managerPassword=${alias=ambari.ldap.manager.password} authentication.ldap.primaryUrl=sub1.ad.abc.com:389

authentication.ldap.referral=follow

authentication.ldap.useSSL=false

authentication.ldap.userObjectClass=user

authentication.ldap.usernameAttribute=sAMAccountName

client.security=ldap

------------------------

All users from "sub1.ad.abc.com" are available in Amabri.

Need access for users from "sub2.ad.abc.com" to Amabri

Ambari server Version: 2.4.0.1

Reply
480 Views
0 Kudos
2 REPLIES 2
Highlighted

Re: Ambari LDAP authentication from multiple sub domains

akhilsnaik
Guru

Created ‎11-27-2018 03:12 PM

Hi @Sajesh PP ,

ambari supports a Feature of adding secondaryURL when you are configuring the LDAP . are you speaking about the same ?

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/_configure_ambari_to_us...

https://ambari.apache.org/1.2.5/installing-hadoop-using-ambari/content/ambari-add-LDAP.html

Reply
341 Views
0 Kudos
Highlighted

Re: Ambari LDAP authentication from multiple sub domains

sajesh_purayil
Explorer

Created ‎12-01-2018 07:19 AM

I tried configuring authentication.ldap.secondaryUrl and did ldap sync --all.

Ambari Server 'sync-ldap' completed successfully.

But i could not find any users/groups from secondary domain and there were no logs about the sync (like failed/success/ if any errors)

Any way we can validate LDAP sync ?

Reply
341 Views
0 Kudos
Don't have an account?
Register
Announcements
Product Announcements
[ANNOUNCE] New Cloudera JDBC 2.6.20 Driver for Apache Impala Released
Product Announcements
Transition to private repositories for CDH, HDP and HDF
Product Announcements
[ANNOUNCE] New Applied ML Research from Cloudera Fast Forward: Few-Shot Text Classification
Product Announcements
[ANNOUNCE] New JDBC 2.6.13 Driver for Apache Hive Released
Product Announcements
[ANNOUNCE] Refreshed Research from Cloudera Fast Forward: Semantic Image Search and Federated Learning
View More Announcements