Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Disable admin Login in Cloudera Manager

avatar
Rising Star

Hello team,

 

Integrated Cloudera Manager with Windows AD and provided few admin users as Admin permissions. Now i want to disable admin account as admin account not present on Openldap.

 

How can i disable admin account which still does local authentication?

I can not create admin account on Openldap server?

 

- Vijay Mishra

1 ACCEPTED SOLUTION

avatar
Master Guru

@VijayM,

 

That was quite a gap in our conversation 🙂

You are almost perfectly correct in your interpretation of the options:

External Only (with emergency Administrator access) means that FULL ADMINISTRATORS and USER ADMINISTRATORS can authenticate using the CM database.

External Only (without emergency Administrator access) means that no user can authenticate to the CM database.

 

"Emergency Access" is exactly what it means.  If your LDAP database went down or something like that you would still have a way to authenticate to CM to manage the configuration or users accounts.  Any users who are not given the "full" or "user" administrator role will not have access to the CM UI.

 

The Description next to the "Authentication Backend Order" configuration option explains it:

The order in which authentication back ends are used for authenticating a user. Emergency Administrator Access allows Full and User Administrators in the local database to authenticate if external authentication is not functioning.

 

Regards,

 

Ben

View solution in original post

4 REPLIES 4

avatar
Master Guru

@VijayM,

 

You can leverage the following in Cloudera Manager's Administration --> Settings --> External Authentication configuration:

 

Authentication Backend Order

 

Choose:

External Only (with emergency Administrator access)

or

External Only (without emergency Administrator access)

 

If you still want the ability to use a local Full Administrator or User Administrator in the event your something went wrong with the LDAP host, then you could set it to "External Only (with emergency Administrator access)".

Otherwise, set it to "External Only (without emergency Administrator access)" to allow NO local authentication.

 

I am not sure what you mean by "disable" so if the above does not help, please clarify what disable means to you.

 

-Ben

avatar
Rising Star

@bgooley 

 

When i say disable admin login which means 

1. End Users login should be able to authenticate with AD and access Cm Web UI

2. No one can login with admin(local account) on CM UI.

 

Wanted to know difference between both mentioned below?

External Only (with emergency Administrator access)".

External Only (without emergency Administrator access)" to allow NO local authentication.

 

 

Does it mean it will allow only admin login (authentication with local) and no other users in case something happens to AD with External Only (with emergency Administrator access)" option ?

 

- Vijay M

avatar
Master Guru

@VijayM,

 

That was quite a gap in our conversation 🙂

You are almost perfectly correct in your interpretation of the options:

External Only (with emergency Administrator access) means that FULL ADMINISTRATORS and USER ADMINISTRATORS can authenticate using the CM database.

External Only (without emergency Administrator access) means that no user can authenticate to the CM database.

 

"Emergency Access" is exactly what it means.  If your LDAP database went down or something like that you would still have a way to authenticate to CM to manage the configuration or users accounts.  Any users who are not given the "full" or "user" administrator role will not have access to the CM UI.

 

The Description next to the "Authentication Backend Order" configuration option explains it:

The order in which authentication back ends are used for authenticating a user. Emergency Administrator Access allows Full and User Administrators in the local database to authenticate if external authentication is not functioning.

 

Regards,

 

Ben

avatar
Master Guru

@VijayM,

 

It seems when I posted, my smiley after "that was quite a gap in our conversation" disappeared.

I wanted to be sure you knew it was supposed to be there 🙂