Support Questions
Find answers, ask questions, and share your expertise

LDAP no longer supported

Solved Go to solution

LDAP no longer supported

Explorer

I set up my kerberized cluster with LDAP a long time ago. I am now trying to add services after upgrading to CM 5.8.2 which require more kerberos accounts on AD, and it looks like it only supports LDAPS. Is this correct? 

I can add LDAPS to my AD server, but where do I put the certificate on CM?

 

Thank You

1 ACCEPTED SOLUTION

Accepted Solutions

Re: LDAP no longer supported

Cloudera Employee

Hello,

 

The AD certificate goes in the JVM keystore on CM:

 

1. On the domain controller, export the certificate in the "Base-64 encoded X.509 (.CER) format.

 

2. Copy the file to the Cloudera Manager host using an SCP/SSH tool such as WinSCP.

 

3. Import the certificate into your JVM keystore:

 

keytool -import -alias <alias-for-cert> -file <path-to-cert> -keystore <path-to-keystore> -storepass <keystore password>

Note: The truststore is usually located at: $JAVA_HOME/jre/lib/security/cacerts.

View solution in original post

1 REPLY 1

Re: LDAP no longer supported

Cloudera Employee

Hello,

 

The AD certificate goes in the JVM keystore on CM:

 

1. On the domain controller, export the certificate in the "Base-64 encoded X.509 (.CER) format.

 

2. Copy the file to the Cloudera Manager host using an SCP/SSH tool such as WinSCP.

 

3. Import the certificate into your JVM keystore:

 

keytool -import -alias <alias-for-cert> -file <path-to-cert> -keystore <path-to-keystore> -storepass <keystore password>

Note: The truststore is usually located at: $JAVA_HOME/jre/lib/security/cacerts.

View solution in original post