Support Questions

Find answers, ask questions, and share your expertise
Celebrating as our community reaches 100,000 members! Thank you!

How do I automate the Ambari LDAP sync?


I want to automate through cron or other method "ambari-server sync-ldap --existing" but it prompts for an Ambari username and password. Any ideas on how I can automate an Ambari LDAP sync?


Rising Star

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community


New Contributor

Both ldapsearch and cron will show up in ps with passwords in their command line. That's easy to prevent with both tools: use the -y option for ldapsearch, and --netrc-file for cron.

Rising Star

@Neeraj Sabharwal

Hi Neeraj,

I have used your ambari-ldap sync script but I get the following error when I ran the below command. One thing I noticed is that if the run the script manually as ./ then its getting executed.

Also I have shown my ambari-ldap sync script below. So the script is not getting executed from crontab with 'sh' command . Please help.

[root@host1(] # sh line 3: spawn: command not found
couldn't read file "Enter Ambari Admin login:": no such file or directory line 7: send: command not found
couldn't read file "Enter Ambari Admin password:": no such file or directory line 11: send: command not found
couldn't read file "eof": no such file or directory

[root@host1(] # cat

spawn ambari-server sync-ldap --existing

expect "Enter Ambari Admin login:"

send "admin\r"

expect "Enter Ambari Admin password:"

send "admin\r"

expect eof

[root@host1(] # crontab -e
00 15 * * * /


This is an expect script not a shell script. Your shell does not understand expect commands.


Worth knowing that now there is no need for the "expect" statement now with the following attributes that can be added to the sync-ldap request:

--ldap-sync-admin-name=admin --ldap-sync-admin-password=secret

New Contributor

The unexpected benefit of this is that nobody will ever forget the LDAP password again: not will it be included in your favourite shell's history file, but anyone who can log in on that node will also be able to see those options by keeping an eye on ps. Isn't that neat?

Don't do this, kids. Never write passwords on the command line.