Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

LDAP sync error

Re: LDAP sync error

Rising Star

@Narasimma varman Thanks, If you have the same LDAP setup for your Ranger question and this Ambari, then please send us the output of the ldapsearch command :

# ldapsearch -x -b "dc=example,dc=com" -h 127.0.0.1 -D "cn=Manager,dc=example,dc=com" -w <password generated using slappasswd command during configuring slapd.conf>

Re: LDAP sync error

Rising Star

@Narasimma varman : I found the LDAP connection tool and Apache Directory Studio very handy for troubleshooting. Here's a video demo of these tools in action: https://www.youtube.com/watch?v=vJPWDfsrJek.

Re: LDAP sync error

ldapsearch helps me resolve 100% of all ldap cases.

ldapsearch -x -h <LDAP_SERVER_HOST> -p <PORT> -D "<bind_DN>" -w <bind_PASSWORD> -b "BASE_DN" "USER_SEARCH_FILTER=USERNAME"
Highlighted

Re: LDAP sync error

New Contributor

It shows me "ldap_bind: Invalid credentials (49)" issue

[root@sandbox ~]# ldapsearch -x -h ldap://hortonworks.com -p 636 -D "cn=Manager,dc=hortonworks,dc=com" -w supranimbus -b "dc=hortonworks,dc=com" "USER_SEARCH_FILTER=(uid={0})"

Re: LDAP sync error

In your attached ambari.properties file (from another comment), your LDAP url is

authentication.ldap.primaryUrl=ldap://127.0.0.1:636

The ldapseach host and port you used above are

-h ldap://hortonworks.com -p 636

This should read

-h 127.0.0.1 -p 636

Also, there are some issues with your authentication.ldap.primaryUrl value:

  • Port 636 is the LDAPS port, so the url should be ldaps://127.0.0.1:636. If the connection is not secure and you really want to use LDAP, then the port should probably be 389
  • 127.0.0.1 is a localhost IP address. Is the LDAP server on the same host as Ambari? If so, this may be ok, else you should consider using the hostname of the actual host
  • If using LDAPS, Ambari will need to trust the SSL certificate provided by the LDAP server. To do this, the certificate needs to be imported into Ambari's truststore. See http://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-security/content/configure_ambari_...

Hopefully some of this will help.

Don't have an account?
Coming from Hortonworks? Activate your account here