Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ambari User Sync Failing

Highlighted

Ambari User Sync Failing

Labels:
bkandalkar
Contributor

Created ‎10-15-2018 12:54 PM

Hi All,

We are using FreeIPA as an Identity management system. We have used below steps to setup ldap:

[root@ip-172-10-3-5 ~]# ambari-server setup-ldap
Using python  /usr/bin/python
Setting up LDAP properties...
Primary URL* {host:port} (ip-172-10-21-121.us-west-2.compute.internal:389):
Secondary URL {host:port} :
Use SSL* [true/false] (false):
User object class* (posixAccount):
User name attribute* (uid):
Group object class* (posixGroup):
Group name attribute* (cn):
Group member attribute* (memberUid):
Distinguished name attribute* (dn):
Base DN* (dc=test,dc=freeipas,dc=com):
Referral method [follow/ignore] :
Bind anonymously* [true/false] (false):
Handling behavior for username collisions [convert/skip] for LDAP sync* (convert):
Manager DN* (uid=admin,cn=users,cn=accounts,dc=test,dc=freeipas,dc=com):
Enter Manager Password* :
Re-enter password:
====================
Review Settings
====================
authentication.ldap.managerDn: uid=admin,cn=users,cn=accounts,dc=test,dc=freeipas,dc=com
authentication.ldap.managerPassword: *****
Save settings [y/n] (y)? y
Saving...done
Ambari Server 'setup-ldap' completed successfully.
[root@ip-172-10-3-5 ~]#

While syncing user/groups from FreeIPA to Ambari we are getting following error:

[root@ip-172-10-3-5 ~]# ambari-server sync-ldap  --all
Using python  /usr/bin/python
Syncing with LDAP...
Enter Ambari Admin login: admin
Enter Ambari Admin password:
Syncing all.ERROR: Exiting with exit code 1.
REASON: Sync event creation failed. Error details: HTTP Error 403: Login Failed: More than one user with that username found, please work with your Ambari Administrator to adjust your LDAP configuration
[root@ip-172-10-3-5 ~]#

Also, at Ambari web ui login we are getting below error:

Login Failed: More than one user with that username found, please work with your Ambari Administrator to adjust your LDAP configuration

Attached screenshot freeipa-admin.png

How should we resolve this error?

Please suggest.

Thanks in advance.

Thanks,

Bhushan

Reply
172 Views
0 Kudos
1 REPLY 1

Re: Ambari User Sync Failing

jsensharma
Super Mentor

Created ‎10-15-2018 10:24 PM

@Bhushan Kandalkar

The error indicates that you might have multiple users with the same username we should see the message as 

HTTP Error 403: Login Failed: More than one user with that username found, please work with your Ambari Administrator to adjust your LDAP configuration

Can you please check if you ahve the following property present inside your "/etc/ambari-server/conf/amabri.properties" ?

An alternate LDAP user search filter which can be used if 'authentication.ldap.alternateUserSearchEnabled' is enabled and the primary filter fails to find a user.

By default the value of this property should be true. Can you try with alternate values and then see if it works for you?

# cat /etc/ambari-server/conf/amabri.properties | grep alternateUserSearchEnabled
authentication.ldap.alternateUserSearchEnabled=false

.

Followed by Ambari Server restart.

# ambari-server restart

.

Reply
21 Views
0 Kudos
Don't have an account?
Register
Coming from Hortonworks? Activate your account here