Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

RHEL Stand Alone IPA Ambari LDAP Integration

avatar

Greetings,

We're having issues getting Ambari LDAP hooked into an existing RHEL IdM.

[25/Apr/2016:17:38:46 +0000] conn=103047 fd=111 slot=111 connection from 10.72.142.71 to 10.72.142.30 [25/Apr/2016:17:38:46 +0000] conn=103047 op=0 BIND dn="" method=128 version=3 [25/Apr/2016:17:38:46 +0000] conn=103047 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [25/Apr/2016:17:38:46 +0000] conn=103047 op=1 SRCH base="dc=ace,dc=mydomain,dc=com" scope=2 filter="(uid=idmadmin)" attrs=ALL [25/Apr/2016:17:38:46 +0000] conn=103047 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [25/Apr/2016:17:38:46 +0000] conn=103047 op=2 UNBIND [25/Apr/2016:17:38:46 +0000] conn=103047 op=2 fd=111 closed - U1

I opened a ticket with Redhat and they confirmed these logs indicate our client's (Ambari) query, is reaching the IdM, but for some reason the session is not moving forward after the and is closing. The following is from Ambari logs but does not paint a clear picture for me:

25 Apr 2016 17:38:44,912 WARN [qtp-client-24] ServletHandler:563 - /api/v1/ldap_sync_events org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect result size: expected 1, actual 2 at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:243) at org.springframework.security.ldap.SpringSecurityLdapTemplate$3.executeWithContext(SpringSecurityLdapTemplate.java:198) at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:807) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:793) at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:196) at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:116) at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:90) at org.apache.ambari.server.security.authorization.AmbariLdapBindAuthenticator.authenticate(AmbariLdapBindAuthenticator.java:53) at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61) at org.apache.ambari.server.security.authorization.AmbariLdapAuthenticationProvider.authenticate(AmbariLdapAuthenticationProvider.java:60) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) at org.apache.ambari.server.api.MethodOverrideFilter.doFilter(MethodOverrideFilter.java:72) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) at org.apache.ambari.server.api.AmbariPersistFilter.doFilter(AmbariPersistFilter.java:47) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:82) at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:294) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.apache.ambari.server.controller.AmbariHandlerList.processHandlers(AmbariHandlerList.java:209) at org.apache.ambari.server.controller.AmbariHandlerList.processHandlers(AmbariHandlerList.java:198) at org.apache.ambari.server.controller.AmbariHandlerList.handle(AmbariHandlerList.java:132) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) at java.lang.Thread.run(Thread.java:745)

Any help would be appreciated.

1 ACCEPTED SOLUTION

avatar
Master Guru

Your BIND dn is empty. I did Ambari sync with Free IPA a few months ago. I created a system account for binding to LDAP using ldapmodify as explained here, and used that for my BIND dn. Also check other properties set during "ambari-server setup-ldap" and make sure they are in sync with the ones set by IPA. You can use "ipa user-find" to inspect the structure of your users. To change some properties in Ambari you can re-run setup-ldap or set properties directly in /etc/ambari-server/conf/ambari.properties and restart ambari-server.

View solution in original post

2 REPLIES 2

avatar
Master Guru

Your BIND dn is empty. I did Ambari sync with Free IPA a few months ago. I created a system account for binding to LDAP using ldapmodify as explained here, and used that for my BIND dn. Also check other properties set during "ambari-server setup-ldap" and make sure they are in sync with the ones set by IPA. You can use "ipa user-find" to inspect the structure of your users. To change some properties in Ambari you can re-run setup-ldap or set properties directly in /etc/ambari-server/conf/ambari.properties and restart ambari-server.

avatar

Thanks for your response, @Predrag Minovic. This pointed me in the right direction and I successfully pulled in users/groups.