Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Looking for an automated integration of HDP/Ambari with Kerberos and LDAP

Labels:
avatar
author-rank pminovic author-rank
Master Guru

Created ‎01-23-2016 12:23 AM

After upgrade to Ambari-2.1.2.1 (or 2.2.1) and HDP-2.3.x we are going to add Kerberos and LDAP to the cluster and we are looking for the best, automated solution. Both will run on a RHEL box but we can select components freely. What's the best way to go? I'm aware of

  • FreeIPA, exactly what we want except that it's not supported by Ambari. I don't mind using manual Kerberos wizard but in Ambari-2.1.2 there were some issues on clusters with manually installed Kerberos (like CSV files not appearing when adding new services, issues when adding new nodes etc).
  • KDC and OpenLDAP, KDC is fully supported from Ambari, but not aware of full integration of KDC and OpenLDAP, like when adding new users have to add them twice, once to OpenLDAP and then to KDC (possibly can use scripts).

Any help and ideas will be appreciated.

4,248 Views
1 ACCEPTED SOLUTION

avatar
author-rank abajwa author-rank
Guru

Created ‎01-23-2016 01:02 AM

+ @Jean-Philippe Player

Partner team have built some security workshops that show authentication, authorization, audit, encryption on HDP that might be helpful:

  1. For IPA, see here for prebuilt VM and steps on single node. @David Streever updated here for multi-node
  2. For OpenLDAP/KDC, we have similar steps here but they are not really integrated. I took another shot at this to better integrate the two and came up with the steps here but still needed to manually create principal in keytabs. Would be great to get this updated to a more complete solution (any volunteers?)
  3. For demo purposes we also have Ambari services for KDC, OpenLDAP which can be installed either on existing cluster or brought up on new cluster (via blueprints). Steps for those provided here

Also note that in Ambari 2.2.0.0 onwards there is a feature to enable kerberos via blueprints (tech preview feature)

View solution in original post

3,087 Views
10 REPLIES 10

avatar
author-rank aervits
Master Mentor

Created ‎02-02-2016 06:09 PM

@Predrag Minovic has this been resolved? Please accept best answer or provide your own solution.

919 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements