Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Connecting knox and ldap in production evironment

Labels:
avatar
author-rank reyaan26
Contributor

Created ‎10-05-2016 10:46 AM

  1. Need some guindance using knox and authenticate users using LDAP in actual environment, but before moving there i want to have same setup on my PC.Installed sandbox 2.3.2 , and knox is running using using demo ldap and ran couple of curl commands as well .Installed openldap , phpldapadmin on another VM (supposing it will be the case in prod environment). Both VMs are having brdiged connection and is able to ping each other.Now as per the documention , i need to create a topology file . Based on my understanding it will be like below:-
  2. Now after starting knox gateway again, how it will communicate with ldap??
  3. ldap.jar is for demo ldap , which jar will be used in this case.??
  4. does i need to install openldap clients ??

Any pointers or tutorial will be great help!!

	<provider>
    <role>authentication</role>
    <name>ShiroProvider</name>
    <enabled>true</enabled>
    <param>
        <name>main.ldapRealm</name>
        <value>org.apache.shiro.realm.ldap.JndiLdapRealm</value>
    <param>
    <param>
        <name>main.ldapRealm.userDnTemplate</name>
        <value>uid={0},ou=hadoopdev,dc=my-ldap,dc=com</value>
    </param>
    <param>
        <name>main.ldapRealm.contextFactory.url</name>
        <value>ldap://192.XX.XX.XX:389</value>
    </param>
    <param>
        <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
        <value>simple</value>
    </param>
    <param>
        <name>urls./**</name>
        <value>$auth_type</value>
    </param>
    <param>
        <name>sessionTimeout</name>
        <value>$minutes</value>
    </param>
</provider>
1,735 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank reyaan26
Contributor

Created ‎10-06-2016 03:26 PM

@Krishna Pandey

@Sagar Shimpi

Its working now as my 389 port was blocked on my VM having LDAP running..Thanks.!!

View solution in original post

1,502 Views
0 Kudos
3 REPLIES 3

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎10-05-2016 11:21 AM

Apache Knox uses Shiro for LDAP authentication. You can put the details of your LDAP server and port in topology file. Knox will use the LDAP Server IP Address and Port to communicate. If you are using OpenLDAP to authenticate, you can safely stop Demo LDAP service in Knox. Yes you need to install openldap, openldap-clients, and openldap-servers package.

1,502 Views

avatar
author-rank sshimpi
Super Guru

Created ‎10-05-2016 11:24 AM

@Anwaar Siddiqui

1. Knox gateway will check for the respective topology file which has the ldap settings configured[if you have integrated knox with ldap]

2. For demo ldap - you can use "ps -aef |grep ldap" command to check which is the jar being picked up.

3. You will need to have openldap clients on all nodes to make sure the user exist on all nodes.

Below link will have more details - http://knox.apache.org/books/knox-0-8-0/user-guide.html#Introduction

1,502 Views

avatar
author-rank reyaan26
Contributor

Created ‎10-06-2016 03:26 PM

@Krishna Pandey

@Sagar Shimpi

Its working now as my 389 port was blocked on my VM having LDAP running..Thanks.!!

1,503 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements