Support Questions

cpuengr · ‎10-06-2016

I set up my kerberized cluster with LDAP a long time ago. I am now trying to add services after upgrading to CM 5.8.2 which require more kerberos accounts on AD, and it looks like it only supports LDAPS. Is this correct?

I can add LDAPS to my AD server, but where do I put the certificate on CM?

Thank You

rufusayeni · ‎10-06-2016

Hello,

The AD certificate goes in the JVM keystore on CM:

1. On the domain controller, export the certificate in the "Base-64 encoded X.509 (.CER) format.

2. Copy the file to the Cloudera Manager host using an SCP/SSH tool such as WinSCP.

3. Import the certificate into your JVM keystore:

keytool -import -alias <alias-for-cert> -file <path-to-cert> -keystore <path-to-keystore> -storepass <keystore password>

Note: The truststore is usually located at: $JAVA_HOME/jre/lib/security/cacerts.

View solution in original post

rufusayeni · ‎10-06-2016

Hello,

The AD certificate goes in the JVM keystore on CM:

1. On the domain controller, export the certificate in the "Base-64 encoded X.509 (.CER) format.

2. Copy the file to the Cloudera Manager host using an SCP/SSH tool such as WinSCP.

3. Import the certificate into your JVM keystore:

keytool -import -alias <alias-for-cert> -file <path-to-cert> -keystore <path-to-keystore> -storepass <keystore password>

Note: The truststore is usually located at: $JAVA_HOME/jre/lib/security/cacerts.

Cloudera Community

Support Questions

LDAP no longer supported

Spark Python Supportability Matrix

Spark and Java versions Supportability Matrix

Apache Spark and Iceberg Supportability Matrix

Uploading Files for Cloudera Support - alternate m...

Connecting Nifi to LDAP with Docker

ambari-server sync-ldap no longer working

Various options supported in Ranger Usersync with ...

Apache Ranger LDAP / LDAPS configuration

Ranger Ldap Integration

Support for Hive DatabaseType in JDBC Storage Hand...