Support Questions

Thanks @Orlando Teixeira. Could you share me a sample ldif file that you used for ldapadd. I was able to sync the user bases using the default specified above. I did not see a dn attribute to any of my user/group using jxplore and hence wanted to know how relevant these default values are. After the sync, the admin user in IPA which is defaulted to admin messed up my Ambari admin user, which is also by default admin.

@Arun A K If you have existing admin user in your AD/LDAP, it will be override the existing Ambari admin user. This is known behaviour.

@Krishna Pandey. In anticipation of this, I had created an ambari_admin before the sync and granted the admin role to this new user. However, after sync, I am not able to see the user management option in ambari after logging in as ambari_admin. Is this some configuration issue at my end?

The earlier created local Ambari "ambari_admin" user should exist even after ldap sync. Please select "All" as Type in Manage Ambari -> User+Group Management section, your user should show up there.

Thanks @Krishna Pandey. Was able to use the default ones to Sync up the users. However I was not sure where there attributes are attached to my users/groups since I could not see anything called dn using jxplorer.

Thanks @Orlando Teixeira. One last question - what tool do you use to add users to the directory? I have been using ipa user-add and ipa group-add and as a result, if I do a ldap search, I don't find any values for krbPwdPolicyReference: and krbPrincipalName. Is there something I am doing wrong here.

[admin@ipa ec2-user]$ ldapsearch -x  -W "uid=jsmith"
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> (default) with scope subtree
# filter: uid=jsmith
# requesting: ALL
#
# jsmith, users, compat, arunak.com
dn: uid=jsmith,cn=users,cn=compat,dc=example,dc=com
cn: James Smith
objectClass: posixAccount
objectClass: ipaOverrideTarget
objectClass: top
ipaAnchorUUID:: OklQQTphcnVuYWsuY29tOmVhMzk5OGEwLTY2NDAtMTFlNi05NTExLTEyNzY0N2
 ZhZThlOQ==
gidNumber: 443400011
gecos: James Smith
uidNumber: 443400011
loginShell: /bin/sh
homeDirectory: /home/jsmith
uid: jsmith
# jsmith, users, accounts, example.com
dn: uid=jsmith,cn=users,cn=accounts,dc=example,dc=com
displayName: James Smith
uid: tutui
objectClass: ipaobject
objectClass: person
objectClass: top
objectClass: ipasshuser
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: krbticketpolicyaux
objectClass: krbprincipalaux
objectClass: inetuser
objectClass: posixaccount
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
loginShell: /bin/sh
initials: SA
gecos: James Smith
sn: Smith
homeDirectory: /home/jsmith
givenName: James
cn: James Smith
uidNumber: 443400011
gidNumber: 443400011
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2

Thanks Again!!. I was prototyping, and hence wasn't looking for something at an enterprise level. 🙂