Support Questions
Find answers, ask questions, and share your expertise

Re: LDAP sync error

Rising Star

@Narasimma varman Thanks, If you have the same LDAP setup for your Ranger question and this Ambari, then please send us the output of the ldapsearch command :

# ldapsearch -x -b "dc=example,dc=com" -h -D "cn=Manager,dc=example,dc=com" -w <password generated using slappasswd command during configuring slapd.conf>

Re: LDAP sync error

Rising Star

@Narasimma varman : I found the LDAP connection tool and Apache Directory Studio very handy for troubleshooting. Here's a video demo of these tools in action:

Re: LDAP sync error

ldapsearch helps me resolve 100% of all ldap cases.

ldapsearch -x -h <LDAP_SERVER_HOST> -p <PORT> -D "<bind_DN>" -w <bind_PASSWORD> -b "BASE_DN" "USER_SEARCH_FILTER=USERNAME"

Re: LDAP sync error

It shows me "ldap_bind: Invalid credentials (49)" issue

[root@sandbox ~]# ldapsearch -x -h ldap:// -p 636 -D "cn=Manager,dc=hortonworks,dc=com" -w supranimbus -b "dc=hortonworks,dc=com" "USER_SEARCH_FILTER=(uid={0})"

Re: LDAP sync error

In your attached file (from another comment), your LDAP url is


The ldapseach host and port you used above are

-h ldap:// -p 636

This should read

-h -p 636

Also, there are some issues with your authentication.ldap.primaryUrl value:

  • Port 636 is the LDAPS port, so the url should be ldaps:// If the connection is not secure and you really want to use LDAP, then the port should probably be 389
  • is a localhost IP address. Is the LDAP server on the same host as Ambari? If so, this may be ok, else you should consider using the hostname of the actual host
  • If using LDAPS, Ambari will need to trust the SSL certificate provided by the LDAP server. To do this, the certificate needs to be imported into Ambari's truststore. See

Hopefully some of this will help.