Created 08-14-2017 05:55 PM
I have synced Users and groups in Ambari UI using,
ambari-server sync-ldap --users /home/centos/users.txt --groups /tmp/groups.txt Using python /usr/bin/python Syncing with LDAP... Enter Ambari Admin login: admin Enter Ambari Admin password: Syncing specified users and groups... Completed LDAP Sync. Summary: memberships: removed = 0 created = 0 users: skipped = 0 removed = 0 updated = 0 created = 4 groups: updated = 0 removed = 0 created = 0
But users are not mapped to any group, but it does not add users to the group.
Which parameters should I check in ambari.properties.
Created 08-17-2017 06:20 PM
Could you please check the properties,
User object class* : try changing it from person to user.
Group member attribute* : try changing it from memberof to memberid
Distinguished name attribute* : try changing it from dn to distinguishedName
These parameters are depends on your environment LDAP. Please check the values of these once again and try to sync up.
Created 08-15-2017 01:50 AM
Are you able to sync groups similar like users? If not, please check below parameter with your LDAP team and add them as per their request:
authentication.ldap.groupObjectClass | [LDAP Object Class] | The object class that is used for groups. Example: groupOfUniqueNames |
authentication.ldap.groupMembershipAttr | [LDAP attribute] | The attribute for group membership. Example: uniqueMember |
authentication.ldap.groupNamingAttr | [LDAP attribute] | The attribute for group name. |
Checking the ambari-server logs would help you in getting the error message. Hope this helps you.
Created 08-15-2017 05:22 AM
What are the first 30 entries in your
/etc/ambari-server/conf/ambari-properties
Created 08-17-2017 06:08 PM
I have below set of properties,
authentication.ldap.groupMembershipAttr=memberOf
authentication.ldap.groupNamingAttr=cn
authentication.ldap.groupObjectClass=group
authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=sAMAccountName
authentication.ldap.dnAttribute=dn
Created 08-17-2017 06:20 PM
Could you please check the properties,
User object class* : try changing it from person to user.
Group member attribute* : try changing it from memberof to memberid
Distinguished name attribute* : try changing it from dn to distinguishedName
These parameters are depends on your environment LDAP. Please check the values of these once again and try to sync up.
Created 08-17-2017 06:25 PM
Hey Nitin,
Changed the configs like,
object class=user
Distinguished name attribute=distinguishedName
Group member attribute=member
And re-synced users. It is working now.
Thanks for help.