Created 07-05-2018 06:35 AM
Hello team,
Integrated Cloudera Manager with Windows AD and provided few admin users as Admin permissions. Now i want to disable admin account as admin account not present on Openldap.
How can i disable admin account which still does local authentication?
I can not create admin account on Openldap server?
- Vijay Mishra
Created 12-16-2019 12:59 PM
That was quite a gap in our conversation 🙂
You are almost perfectly correct in your interpretation of the options:
External Only (with emergency Administrator access) means that FULL ADMINISTRATORS and USER ADMINISTRATORS can authenticate using the CM database.
External Only (without emergency Administrator access) means that no user can authenticate to the CM database.
"Emergency Access" is exactly what it means. If your LDAP database went down or something like that you would still have a way to authenticate to CM to manage the configuration or users accounts. Any users who are not given the "full" or "user" administrator role will not have access to the CM UI.
The Description next to the "Authentication Backend Order" configuration option explains it:
Regards,
Ben
Created 07-05-2018 10:20 AM
You can leverage the following in Cloudera Manager's Administration --> Settings --> External Authentication configuration:
Authentication Backend Order
Choose:
External Only (with emergency Administrator access)
or
External Only (without emergency Administrator access)
If you still want the ability to use a local Full Administrator or User Administrator in the event your something went wrong with the LDAP host, then you could set it to "External Only (with emergency Administrator access)".
Otherwise, set it to "External Only (without emergency Administrator access)" to allow NO local authentication.
I am not sure what you mean by "disable" so if the above does not help, please clarify what disable means to you.
-Ben
Created 12-16-2019 04:19 AM
When i say disable admin login which means
1. End Users login should be able to authenticate with AD and access Cm Web UI
2. No one can login with admin(local account) on CM UI.
Wanted to know difference between both mentioned below?
External Only (with emergency Administrator access)".
External Only (without emergency Administrator access)" to allow NO local authentication.
Does it mean it will allow only admin login (authentication with local) and no other users in case something happens to AD with External Only (with emergency Administrator access)" option ?
- Vijay M
Created 12-16-2019 12:59 PM
That was quite a gap in our conversation 🙂
You are almost perfectly correct in your interpretation of the options:
External Only (with emergency Administrator access) means that FULL ADMINISTRATORS and USER ADMINISTRATORS can authenticate using the CM database.
External Only (without emergency Administrator access) means that no user can authenticate to the CM database.
"Emergency Access" is exactly what it means. If your LDAP database went down or something like that you would still have a way to authenticate to CM to manage the configuration or users accounts. Any users who are not given the "full" or "user" administrator role will not have access to the CM UI.
The Description next to the "Authentication Backend Order" configuration option explains it:
Regards,
Ben
Created 12-16-2019 01:01 PM
It seems when I posted, my smiley after "that was quite a gap in our conversation" disappeared.
I wanted to be sure you knew it was supposed to be there 🙂