Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Not able to login to Ambari using LDAP User

Solved Go to solution
Highlighted

Not able to login to Ambari using LDAP User

Super Collaborator

Hi All, I synced some users from IPA LDAP to Ambari. However I am not able to login to ambari using any of the LDAP users. On the web UI I get the below error,

Unable to connect to Ambari Server. 

Confirm Ambari Server is running and you can reach Ambari Server from this machine.

ambari-server.txt Also attached the exception trace.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Not able to login to Ambari using LDAP User

Super Collaborator

Started working now. Below are the changes I made

New Values

authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=uid

Old Values

authentication.ldap.userObjectClass=mepManagedEntry
authentication.ldap.usernameAttribute=cn

View solution in original post

7 REPLIES 7
Highlighted

Re: Not able to login to Ambari using LDAP User

It looks like there are 2 users called "arun". Can you try to restart ambari-server, login as admin and check regiestered users.

Highlighted

Re: Not able to login to Ambari using LDAP User

Super Collaborator

@Predrag Minovic I did verify that. There is only 1 user arun within the directory. Tried restarting the server, still the same.

Highlighted

Re: Not able to login to Ambari using LDAP User

@Arun A K

Before bringing new user records from LDAP to Ambari, did you have an Ambari user Arun?

Highlighted

Re: Not able to login to Ambari using LDAP User

Super Collaborator

Hi @Constantin Stanca, there wasn't multiple user by the name Arun. However after changing the default values for userObjectClass and usernameAttribute, I got it working.

Highlighted

Re: Not able to login to Ambari using LDAP User

Super Collaborator

Started working now. Below are the changes I made

New Values

authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=uid

Old Values

authentication.ldap.userObjectClass=mepManagedEntry
authentication.ldap.usernameAttribute=cn

View solution in original post

Highlighted

Re: Not able to login to Ambari using LDAP User

Super Collaborator

The only problem here is that the user list specified while sync'ing need to have the uid rather than the user name.

Highlighted

Re: Not able to login to Ambari using LDAP User

Super Collaborator

Not Sure why, but when a user "x" was created in IPA, there was an entry for x under users and also under groups. Could be this lead to ambiguity for the search to locate the right user "x" (arun in my case). To resolve the ambiguity, I thought of referring users by their uid rather than the default cn, which could conflict.

7005-ipa.png

Don't have an account?
Coming from Hortonworks? Activate your account here