Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Not able to login to Ambari using LDAP User

Labels:
avatar
author-rank arunak
Super Collaborator

Created ‎08-26-2016 02:55 AM

Hi All, I synced some users from IPA LDAP to Ambari. However I am not able to login to ambari using any of the LDAP users. On the web UI I get the below error, 

Unable to connect to Ambari Server. 

Confirm Ambari Server is running and you can reach Ambari Server from this machine.

ambari-server.txt Also attached the exception trace.

Preview file
6 KB
3,676 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank arunak
Super Collaborator

Created ‎08-26-2016 06:49 PM

Started working now. Below are the changes I made

New Values 

authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=uid

Old Values 

authentication.ldap.userObjectClass=mepManagedEntry
authentication.ldap.usernameAttribute=cn

View solution in original post

3,153 Views
0 Kudos
7 REPLIES 7

avatar
author-rank pminovic author-rank
Master Guru

Created ‎08-26-2016 05:36 AM

It looks like there are 2 users called "arun". Can you try to restart ambari-server, login as admin and check regiestered users.

3,153 Views
0 Kudos

avatar
author-rank arunak
Super Collaborator

Created ‎08-26-2016 05:39 AM

@Predrag Minovic I did verify that. There is only 1 user arun within the directory. Tried restarting the server, still the same.

3,153 Views
0 Kudos

avatar
author-rank cstanca
Super Guru

Created ‎08-26-2016 06:50 PM

@Arun A K

Before bringing new user records from LDAP to Ambari, did you have an Ambari user Arun?

3,153 Views
0 Kudos

avatar
author-rank arunak
Super Collaborator

Created ‎08-26-2016 06:51 PM

Hi @Constantin Stanca, there wasn't multiple user by the name Arun. However after changing the default values for userObjectClass and usernameAttribute, I got it working.

3,153 Views
0 Kudos

avatar
author-rank arunak
Super Collaborator

Created ‎08-26-2016 06:49 PM

Started working now. Below are the changes I made

New Values 

authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=uid

Old Values 

authentication.ldap.userObjectClass=mepManagedEntry
authentication.ldap.usernameAttribute=cn
3,154 Views
0 Kudos

avatar
author-rank arunak
Super Collaborator

Created ‎08-26-2016 06:53 PM

The only problem here is that the user list specified while sync'ing need to have the uid rather than the user name.

3,153 Views
0 Kudos

avatar
author-rank arunak
Super Collaborator

Created on ‎08-26-2016 07:03 PM - edited ‎08-19-2019 03:31 AM

Not Sure why, but when a user "x" was created in IPA, there was an entry for x under users and also under groups. Could be this lead to ambiguity for the search to locate the right user "x" (arun in my case). To resolve the ambiguity, I thought of referring users by their uid rather than the default cn, which could conflict.

7005-ipa.png

3,153 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements