Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ambari-server sync-ldap works fine but users are not mapped to groups

Solved Go to solution

Ambari-server sync-ldap works fine but users are not mapped to groups

Explorer

I have synced Users and groups in Ambari UI using,

ambari-server sync-ldap --users /home/centos/users.txt --groups /tmp/groups.txt 
Using python /usr/bin/python Syncing with LDAP... 
Enter Ambari Admin login: admin 
Enter Ambari Admin password: 
Syncing specified users and groups... 
Completed LDAP Sync. 
Summary: 
memberships: 
removed = 0 
created = 0 
users: 
skipped = 0 
removed = 0 
updated = 0 
created = 4 
groups: 
updated = 0 
removed = 0 
created = 0 

But users are not mapped to any group, but it does not add users to the group.

Which parameters should I check in ambari.properties.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

@arjun more

Could you please check the properties,

User object class* : try changing it from person to user.
Group member attribute* : try changing it from memberof to memberid

Distinguished name attribute* : try changing it from dn to distinguishedName

These parameters are depends on your environment LDAP. Please check the values of these once again and try to sync up.

View solution in original post

5 REPLIES 5
Highlighted

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

@arjun more

Are you able to sync groups similar like users? If not, please check below parameter with your LDAP team and add them as per their request:

authentication.ldap.groupObjectClass[LDAP Object Class]The object class that is used for groups. Example: groupOfUniqueNames
authentication.ldap.groupMembershipAttr[LDAP attribute]The attribute for group membership. Example: uniqueMember
authentication.ldap.groupNamingAttr[LDAP attribute]The attribute for group name.

Checking the ambari-server logs would help you in getting the error message. Hope this helps you.

Highlighted

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

Mentor

What are the first 30 entries in your

/etc/ambari-server/conf/ambari-properties

Highlighted

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

Explorer

I have below set of properties,

authentication.ldap.groupMembershipAttr=memberOf

authentication.ldap.groupNamingAttr=cn
authentication.ldap.groupObjectClass=group
authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=sAMAccountName

authentication.ldap.dnAttribute=dn

Highlighted

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

@arjun more

Could you please check the properties,

User object class* : try changing it from person to user.
Group member attribute* : try changing it from memberof to memberid

Distinguished name attribute* : try changing it from dn to distinguishedName

These parameters are depends on your environment LDAP. Please check the values of these once again and try to sync up.

View solution in original post

Highlighted

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

Explorer

Hey Nitin,

Changed the configs like,

object class=user

Distinguished name attribute=distinguishedName

Group member attribute=member

And re-synced users. It is working now.

Thanks for help.

Don't have an account?
Coming from Hortonworks? Activate your account here