Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.
Solved Go to solution

Not able to login to Ambari using LDAP User

Labels:
arunak
Super Collaborator

Created ‎08-26-2016 02:55 AM

Hi All, I synced some users from IPA LDAP to Ambari. However I am not able to login to ambari using any of the LDAP users. On the web UI I get the below error, 

Unable to connect to Ambari Server. 

Confirm Ambari Server is running and you can reach Ambari Server from this machine.

ambari-server.txt Also attached the exception trace.

Preview file
6 KB
2,253 Views
0 Kudos
1 ACCEPTED SOLUTION

arunak
Super Collaborator

Created ‎08-26-2016 06:49 PM

Started working now. Below are the changes I made

New Values 

authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=uid

Old Values 

authentication.ldap.userObjectClass=mepManagedEntry
authentication.ldap.usernameAttribute=cn

View solution in original post

1,730 Views
0 Kudos
7 REPLIES 7

pminovic
Guru

Created ‎08-26-2016 05:36 AM

It looks like there are 2 users called "arun". Can you try to restart ambari-server, login as admin and check regiestered users.

1,730 Views
0 Kudos

arunak
Super Collaborator

Created ‎08-26-2016 05:39 AM

@Predrag Minovic I did verify that. There is only 1 user arun within the directory. Tried restarting the server, still the same.

1,730 Views
0 Kudos

cstanca
Guru

Created ‎08-26-2016 06:50 PM

@Arun A K

Before bringing new user records from LDAP to Ambari, did you have an Ambari user Arun?

1,730 Views
0 Kudos

arunak
Super Collaborator

Created ‎08-26-2016 06:51 PM

Hi @Constantin Stanca, there wasn't multiple user by the name Arun. However after changing the default values for userObjectClass and usernameAttribute, I got it working.

1,730 Views
0 Kudos

arunak
Super Collaborator

Created ‎08-26-2016 06:49 PM

Started working now. Below are the changes I made

New Values 

authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=uid

Old Values 

authentication.ldap.userObjectClass=mepManagedEntry
authentication.ldap.usernameAttribute=cn
1,731 Views
0 Kudos

arunak
Super Collaborator

Created ‎08-26-2016 06:53 PM

The only problem here is that the user list specified while sync'ing need to have the uid rather than the user name.

1,730 Views
0 Kudos

arunak
Super Collaborator

Created on ‎08-26-2016 07:03 PM - edited ‎08-19-2019 03:31 AM

Not Sure why, but when a user "x" was created in IPA, there was an entry for x under users and also under groups. Could be this lead to ambiguity for the search to locate the right user "x" (arun in my case). To resolve the ambiguity, I thought of referring users by their uid rather than the default cn, which could conflict.

7005-ipa.png

1,730 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud: May 2023 Release Summary
What's New @ Cloudera
Cloudera Operational Database (COD) provides enhancements to the --scale-type CDP CLI option
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
View More Announcements