Support Questions
Find answers, ask questions, and share your expertise

Demo LDAP with SSSD


Demo LDAP with SSSD


Has anyone configured the demo Knox ldap with sssd on the linux boxes of the cluster. I am new to this area, and I am not sure if it is even possible to setup sssd without ssl on RHEL 7.


Re: Demo LDAP with SSSD

Hi @Raffi Abberbock

SSSD will sync AD users on the local OS - where the LDAP/AD users will look like they are local users on the OS -> SSSD is recommended when Kerberizing your cluster (found in documentation) necessary for LDAP/AD users can have secured YARN containers

Knox can be used to authenticate against LDAP/AD -> so your end-user won't need to go directly to something like HiveServer2, instead they can be given a Knox URL, where Knox will know the location of the HiveServer2 and also authenticate against LDAP/AD.


Re: Demo LDAP with SSSD


Hello @Raffi Abberbock and @Ryan Cicak,

If I understood the question correctly, Raffi wants to make use of Knox demo LDAP server as the id & auth provider for SSSD configuration.

With that in mind, you can use Knox demo LDAP as ID provider for sure. To use it as auth provider will not be possible currently as the sssd-ldap does not support authentication over unsecured channel and Knox demo LDAP server does not support SSL.

For now, you will need to use other LDAP/AD server as SSSD auth provider.

Hope this helps.

Don't have an account?