I have 2 LDAP servers for loadbalancing. I'm having an issue configuring external authentication since no matter how I provide the URLs, I always have LDAP errors.
This is what I've tried so far:
1. ldap://ldap1.example.com,ldap://ldap2.example.com -> CM server thinks /ldap2.example.com is a DN
2. ldap://ldap1.example.com ldap://ldap2.example.com -> ldap://ldap1.example.com ldap://ldap2.example.com is an invalid LDAP URL. Illegal character in authority at index 7: dap://ldap1.example.com ldap://ldap2.example.com (even though in Cloudera Documentation it says "A space-separated list of URLs can be entered")
4. ldap://ldap1.example.com ldap2.example.com
What is the correct way? Thanks!
I have a couple questions regarding your post:
1. What documentation are you following?
2. Are you utilizing Active Directory for authentication? If so have you considered using the LDAP external authentication and point Cloudera Manager to an Active Directory Global Catalog?
3. Could you provide the contents of the cloudera-scm-server log that shows the error?
4. In this case would it be more beneficial to point to the loadbalancer and then alllow the loadbalancer to decide what server to use for authentication?
"The URL of the LDAP server. The URL must be prefixed with ldap:// or ldaps://. The URL can optionally specify a custom port, for example: ldaps://ldap_server.example.com:1636. Note that usernames and passwords will be transmitted in the clear unless either an ldaps:// URL is used, or "Enable LDAP TLS" is turned on (where available). Also note that encryption must be in use between the client and this service for the same reason.
For more detail on the LDAP URL format, see RFC 2255 . A space-separated list of URLs can be entered; in this case the URLs will each be tried in turn until one replies."
The docs themselves do not make mention of this and only give an example of using a single LDAP server.
If it was AD, pointing to one would be sufficient. I assumed with was OpenLDAP or something like it.
Thanks for the clarification and the provided information. I would suggest to us the loadbalancer as stated in the previous post. As for the tool tip, thanks for pointing that out; I will relay this to our internal teams to review.