Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ambari LDAP sync does not appear to sync passwords

Ambari LDAP sync does not appear to sync passwords

Contributor

I am not hitting an LDAP server directly and am instead using an LDAP proxy that gives us HA to our LDAP servers. Due to the way this software works, I must use posix attributes. With my current configuration, the users in the group I am syncing appear to be syncing properly as I see them in Ambari when logged in as the default admin user, however I cannot login using my AD credentials and get the message "Unable to sign in. Invalid username/password combination." in the Ambari UI.

Below is my Ambari LDAP configuration.

authentication.ldap.baseDn=DC=my,DC=company,DC=com
authentication.ldap.bindAnonymously=false
authentication.ldap.dnAttribute=DC=my,DC=company,DC=com
authentication.ldap.groupMembershipAttr=memberUid
authentication.ldap.groupNamingAttr=cn
authentication.ldap.groupObjectClass=posixgroup
authentication.ldap.managerDn=CN=usernameforbind,OU=Application Accounts,DC=my,DC=company,DC=com
authentication.ldap.managerPassword=/etc/ambari-server/conf/ldap-password.dat
authentication.ldap.pagination.enabled=false
authentication.ldap.primaryUrl=myldapproxy.com:389
authentication.ldap.referral=follow
authentication.ldap.secondaryUrl=myldapproxy.com:389
authentication.ldap.useSSL=false
authentication.ldap.userObjectClass=posixaccount
authentication.ldap.usernameAttribute=sAMAccountName

I noticed the group names are lower case in Ambari whereas they are uppercase in AD. Could this cause issues? Is there any way to see how Ambari is querying LDAP so I can debug this further?

1 REPLY 1
Highlighted

Re: Ambari LDAP sync does not appear to sync passwords

Contributor

Hi @Josh Nicholson,

You can use tcpdump to see the comms between.

Gonçalo