Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ambari-server sync-ldap works fine but users are not mapped to groups

Labels:
avatar
author-rank Rarjun
Rising Star

Created ‎08-14-2017 05:55 PM

I have synced Users and groups in Ambari UI using,

ambari-server sync-ldap --users /home/centos/users.txt --groups /tmp/groups.txt 
Using python /usr/bin/python Syncing with LDAP... 
Enter Ambari Admin login: admin 
Enter Ambari Admin password: 
Syncing specified users and groups... 
Completed LDAP Sync. 
Summary: 
memberships: 
removed = 0 
created = 0 
users: 
skipped = 0 
removed = 0 
updated = 0 
created = 4 
groups: 
updated = 0 
removed = 0 
created = 0

But users are not mapped to any group, but it does not add users to the group.

Which parameters should I check in ambari.properties.

3,093 Views
1 ACCEPTED SOLUTION

avatar
author-rank nshelke author-rank
Guru

Created ‎08-17-2017 06:20 PM

@arjun more

Could you please check the properties,

User object class* : try changing it from person to user.
Group member attribute* : try changing it from memberof to memberid

Distinguished name attribute* : try changing it from dn to distinguishedName

These parameters are depends on your environment LDAP. Please check the values of these once again and try to sync up.

View solution in original post

2,625 Views
5 REPLIES 5

avatar
author-rank bandarusridhar1
Guru

Created ‎08-15-2017 01:50 AM

@arjun more

Are you able to sync groups similar like users? If not, please check below parameter with your LDAP team and add them as per their request:

authentication.ldap.groupObjectClass[LDAP Object Class]The object class that is used for groups. Example: groupOfUniqueNames
authentication.ldap.groupMembershipAttr[LDAP attribute]The attribute for group membership. Example: uniqueMember
authentication.ldap.groupNamingAttr[LDAP attribute]The attribute for group name.

Checking the ambari-server logs would help you in getting the error message. Hope this helps you.

2,625 Views

avatar
author-rank Shelton
Master Mentor

Created ‎08-15-2017 05:22 AM

What are the first 30 entries in your

/etc/ambari-server/conf/ambari-properties

2,625 Views

avatar
author-rank Rarjun
Rising Star

Created ‎08-17-2017 06:08 PM

I have below set of properties,

authentication.ldap.groupMembershipAttr=memberOf

authentication.ldap.groupNamingAttr=cn
authentication.ldap.groupObjectClass=group
authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=sAMAccountName

authentication.ldap.dnAttribute=dn

2,625 Views
0 Kudos

avatar
author-rank nshelke author-rank
Guru

Created ‎08-17-2017 06:20 PM

@arjun more

Could you please check the properties,

User object class* : try changing it from person to user.
Group member attribute* : try changing it from memberof to memberid

Distinguished name attribute* : try changing it from dn to distinguishedName

These parameters are depends on your environment LDAP. Please check the values of these once again and try to sync up.

2,626 Views

avatar
author-rank Rarjun
Rising Star

Created ‎08-17-2017 06:25 PM

Hey Nitin,

Changed the configs like,

object class=user

Distinguished name attribute=distinguishedName

Group member attribute=member

And re-synced users. It is working now.

Thanks for help.

2,625 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements