Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ambari-server sync-ldap works fine but users are not mapped to groups

SOLVED Go to solution
Highlighted

Ambari-server sync-ldap works fine but users are not mapped to groups

New Contributor

I have synced Users and groups in Ambari UI using,

ambari-server sync-ldap --users /home/centos/users.txt --groups /tmp/groups.txt 
Using python /usr/bin/python Syncing with LDAP... 
Enter Ambari Admin login: admin 
Enter Ambari Admin password: 
Syncing specified users and groups... 
Completed LDAP Sync. 
Summary: 
memberships: 
removed = 0 
created = 0 
users: 
skipped = 0 
removed = 0 
updated = 0 
created = 4 
groups: 
updated = 0 
removed = 0 
created = 0 

But users are not mapped to any group, but it does not add users to the group.

Which parameters should I check in ambari.properties.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

@arjun more

Could you please check the properties,

User object class* : try changing it from person to user.
Group member attribute* : try changing it from memberof to memberid

Distinguished name attribute* : try changing it from dn to distinguishedName

These parameters are depends on your environment LDAP. Please check the values of these once again and try to sync up.

5 REPLIES 5

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

@arjun more

Are you able to sync groups similar like users? If not, please check below parameter with your LDAP team and add them as per their request:

authentication.ldap.groupObjectClass[LDAP Object Class]The object class that is used for groups. Example: groupOfUniqueNames
authentication.ldap.groupMembershipAttr[LDAP attribute]The attribute for group membership. Example: uniqueMember
authentication.ldap.groupNamingAttr[LDAP attribute]The attribute for group name.

Checking the ambari-server logs would help you in getting the error message. Hope this helps you.

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

Mentor

What are the first 30 entries in your

/etc/ambari-server/conf/ambari-properties

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

New Contributor

I have below set of properties,

authentication.ldap.groupMembershipAttr=memberOf

authentication.ldap.groupNamingAttr=cn
authentication.ldap.groupObjectClass=group
authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=sAMAccountName

authentication.ldap.dnAttribute=dn

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

@arjun more

Could you please check the properties,

User object class* : try changing it from person to user.
Group member attribute* : try changing it from memberof to memberid

Distinguished name attribute* : try changing it from dn to distinguishedName

These parameters are depends on your environment LDAP. Please check the values of these once again and try to sync up.

Re: Ambari-server sync-ldap works fine but users are not mapped to groups

New Contributor

Hey Nitin,

Changed the configs like,

object class=user

Distinguished name attribute=distinguishedName

Group member attribute=member

And re-synced users. It is working now.

Thanks for help.