Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ambari User Sync Failing

Highlighted

Ambari User Sync Failing

Contributor

Hi All,

We are using FreeIPA as an Identity management system. We have used below steps to setup ldap:

[root@ip-172-10-3-5 ~]# ambari-server setup-ldap
Using python  /usr/bin/python
Setting up LDAP properties...
Primary URL* {host:port} (ip-172-10-21-121.us-west-2.compute.internal:389):
Secondary URL {host:port} :
Use SSL* [true/false] (false):
User object class* (posixAccount):
User name attribute* (uid):
Group object class* (posixGroup):
Group name attribute* (cn):
Group member attribute* (memberUid):
Distinguished name attribute* (dn):
Base DN* (dc=test,dc=freeipas,dc=com):
Referral method [follow/ignore] :
Bind anonymously* [true/false] (false):
Handling behavior for username collisions [convert/skip] for LDAP sync* (convert):
Manager DN* (uid=admin,cn=users,cn=accounts,dc=test,dc=freeipas,dc=com):
Enter Manager Password* :
Re-enter password:
====================
Review Settings
====================
authentication.ldap.managerDn: uid=admin,cn=users,cn=accounts,dc=test,dc=freeipas,dc=com
authentication.ldap.managerPassword: *****
Save settings [y/n] (y)? y
Saving...done
Ambari Server 'setup-ldap' completed successfully.
[root@ip-172-10-3-5 ~]#

While syncing user/groups from FreeIPA to Ambari we are getting following error:

[root@ip-172-10-3-5 ~]# ambari-server sync-ldap  --all
Using python  /usr/bin/python
Syncing with LDAP...
Enter Ambari Admin login: admin
Enter Ambari Admin password:
Syncing all.ERROR: Exiting with exit code 1.
REASON: Sync event creation failed. Error details: HTTP Error 403: Login Failed: More than one user with that username found, please work with your Ambari Administrator to adjust your LDAP configuration
[root@ip-172-10-3-5 ~]#

Also, at Ambari web ui login we are getting below error:

Login Failed: More than one user with that username found, please work with your Ambari Administrator to adjust your LDAP configuration

Attached screenshot freeipa-admin.png

How should we resolve this error?

Please suggest.

Thanks in advance.

Thanks,

Bhushan

1 REPLY 1

Re: Ambari User Sync Failing

Super Mentor

@Bhushan Kandalkar

The error indicates that you might have multiple users with the same username we should see the message as

HTTP Error 403: Login Failed: More than one user with that username found, please work with your Ambari Administrator to adjust your LDAP configuration

Can you please check if you ahve the following property present inside your "/etc/ambari-server/conf/amabri.properties" ?

An alternate LDAP user search filter which can be used if 'authentication.ldap.alternateUserSearchEnabled' is enabled and the primary filter fails to find a user.

By default the value of this property should be true. Can you try with alternate values and then see if it works for you?

# cat /etc/ambari-server/conf/amabri.properties | grep alternateUserSearchEnabled
authentication.ldap.alternateUserSearchEnabled=false

.

Followed by Ambari Server restart.

# ambari-server restart

.