Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to view the AD user groups that are available on the cluster with 3 master and 4 datanodes

avatar
author-rank cplusplus1
Contributor

Created on ‎02-14-2017 08:09 AM - edited ‎09-16-2022 04:05 AM

we are on CDH 5.7.1, kerberos configured, users able to pull kerberos tickets and perform hdfs functions. but there are some issues, not yet enabled sentry security user role based authentication. there are some gaps.

 

Is there a rule to have specific set of Ad groups created on hadoop cluster ldap config?

 

I login to cluster as sudo user, need to know what are the steps to view what Ad groups are configured on the box.

 

Thanks a lot for the helpful info.

 

 

3,800 Views
0 Kudos
1 REPLY 1

avatar
mbigelow author-rank
Champion

Created ‎02-14-2017 01:23 PM

As for a rule for AD groups. If you set up LDAP for Hadoop this you should have set a base DN and user and group filters. This determines what is available from AD for Hadoop.

The 'hdfs groups' command. It will return the groups identified for the current users. You can specify the username at the end to check a specific user.

Warning: I and Cloudera do not recommend using Hadoop LDAP. It is better to integrate LDAP at the OS level using sssd, VAS/QAS, Centrify, etc.
3,787 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements