Created 10-15-2018 12:54 PM
Hi All,
We are using FreeIPA as an Identity management system. We have used below steps to setup ldap:
[root@ip-172-10-3-5 ~]# ambari-server setup-ldap Using python /usr/bin/python Setting up LDAP properties... Primary URL* {host:port} (ip-172-10-21-121.us-west-2.compute.internal:389): Secondary URL {host:port} : Use SSL* [true/false] (false): User object class* (posixAccount): User name attribute* (uid): Group object class* (posixGroup): Group name attribute* (cn): Group member attribute* (memberUid): Distinguished name attribute* (dn): Base DN* (dc=test,dc=freeipas,dc=com): Referral method [follow/ignore] : Bind anonymously* [true/false] (false): Handling behavior for username collisions [convert/skip] for LDAP sync* (convert): Manager DN* (uid=admin,cn=users,cn=accounts,dc=test,dc=freeipas,dc=com): Enter Manager Password* : Re-enter password: ==================== Review Settings ==================== authentication.ldap.managerDn: uid=admin,cn=users,cn=accounts,dc=test,dc=freeipas,dc=com authentication.ldap.managerPassword: ***** Save settings [y/n] (y)? y Saving...done Ambari Server 'setup-ldap' completed successfully. [root@ip-172-10-3-5 ~]#
While syncing user/groups from FreeIPA to Ambari we are getting following error:
[root@ip-172-10-3-5 ~]# ambari-server sync-ldap --all Using python /usr/bin/python Syncing with LDAP... Enter Ambari Admin login: admin Enter Ambari Admin password: Syncing all.ERROR: Exiting with exit code 1. REASON: Sync event creation failed. Error details: HTTP Error 403: Login Failed: More than one user with that username found, please work with your Ambari Administrator to adjust your LDAP configuration [root@ip-172-10-3-5 ~]#
Also, at Ambari web ui login we are getting below error:
Login Failed: More than one user with that username found, please work with your Ambari Administrator to adjust your LDAP configuration
Attached screenshot freeipa-admin.png
How should we resolve this error?
Please suggest.
Thanks in advance.
Thanks,
Bhushan
Created 10-15-2018 10:24 PM
The error indicates that you might have multiple users with the same username we should see the message as
HTTP Error 403: Login Failed: More than one user with that username found, please work with your Ambari Administrator to adjust your LDAP configuration
Can you please check if you ahve the following property present inside your "/etc/ambari-server/conf/amabri.properties" ?
An alternate LDAP user search filter which can be used if 'authentication.ldap.alternateUserSearchEnabled' is enabled and the primary filter fails to find a user.
By default the value of this property should be true. Can you try with alternate values and then see if it works for you?
# cat /etc/ambari-server/conf/amabri.properties | grep alternateUserSearchEnabled authentication.ldap.alternateUserSearchEnabled=false
.
Followed by Ambari Server restart.
# ambari-server restart
.