Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Ambari for LDAP or Active Directory Authentication

avatar
Rising Star

Few questions on Ambari for LDAP or Active Directory Authentication:

1. When users are synced into Ambari , are the passwords also stored in the Ambari's local DB along with the usernames

2. When a user logs into Ambari , is there a way for the user to change his password ?

3. When we create a user in AD , we set the property that "user must change password at next logon" , however after the ldpa-sync, the user cannot login into ambari . what could be the problem ? Also, when we go back to AD and untick this option (" user must change password at next logon") , the user is now able to login into ambari ?

Any pointers would help

Thanks

1 ACCEPTED SOLUTION

avatar
Expert Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
2 REPLIES 2

avatar
Expert Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar

@Krishna Pandey is mostly correct, however:

For #1, though Ambari does store the manager DN and password, it does not store the synced users passwords. Because of this, Ambari relies on the LDAP server to validate authentication for these users.

For #2 and #3, Ambari has no ability to manage passwords in the LDAP server. Therefore if a user wants to change their password or is required to change their password, they need to use some other facility. With this, if the user must change their password before authenticating, then authenticate will fail until the password is changed using some other facility. I assume that if the user is no longer required to change their password, authentication should work again.