Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

LDAP no longer supported

Labels:
avatar
author-rank cpuengr
Explorer

Created on ‎10-06-2016 03:38 PM - edited ‎09-16-2022 03:43 AM

I set up my kerberized cluster with LDAP a long time ago. I am now trying to add services after upgrading to CM 5.8.2 which require more kerberos accounts on AD, and it looks like it only supports LDAPS. Is this correct? 

I can add LDAPS to my AD server, but where do I put the certificate on CM?

 

Thank You

1,687 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank rufusayeni author-rank
Rising Star

Created ‎10-06-2016 07:34 PM

Hello,

 

The AD certificate goes in the JVM keystore on CM:

 

1. On the domain controller, export the certificate in the "Base-64 encoded X.509 (.CER) format.

 

2. Copy the file to the Cloudera Manager host using an SCP/SSH tool such as WinSCP.

 

3. Import the certificate into your JVM keystore:

 

keytool -import -alias <alias-for-cert> -file <path-to-cert> -keystore <path-to-keystore> -storepass <keystore password>

Note: The truststore is usually located at: $JAVA_HOME/jre/lib/security/cacerts.

View solution in original post

1,678 Views
1 REPLY 1

avatar
author-rank rufusayeni author-rank
Rising Star

Created ‎10-06-2016 07:34 PM

Hello,

 

The AD certificate goes in the JVM keystore on CM:

 

1. On the domain controller, export the certificate in the "Base-64 encoded X.509 (.CER) format.

 

2. Copy the file to the Cloudera Manager host using an SCP/SSH tool such as WinSCP.

 

3. Import the certificate into your JVM keystore:

 

keytool -import -alias <alias-for-cert> -file <path-to-cert> -keystore <path-to-keystore> -storepass <keystore password>

Note: The truststore is usually located at: $JAVA_HOME/jre/lib/security/cacerts.

1,679 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements