Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Restrict attributes from LDAP response in Ambari.

Highlighted

Restrict attributes from LDAP response in Ambari.

New Contributor

Hi All,

Can you please help us to restrict the attributes returned from LDAP whenever a request is made from Ambari/Ranger/Zeppelin?

Currently Ranger uses the following user search filter for LDAP -

(&(objectclass=user)(objectCategory=person)(memberOf=CN=********,OU=****,DC=com))

Is there a way to explicitly write a user/group search filter in a way that the response from LDAP has restricted attributes?

We know a way it can be done using ldapsearch [the below example will fetch only attribute "cn" ]-

ldapsearch -D “insert user DN” -W [-w] -h “*************” -p 389 -b "dc=****,dc=com” -s sub "(&(objectclass=user)(objectCategory=person)(memberOf=CN=********,OU=****,DC=com))" cn

We would be glad if someone can help us finding a similar solution for LDAP settings in Ambari/Ranger/Zeppelin.

Currently every request from Ambari to LDAP server is fetching all the attributes [57], which is increasing the load on the ldap server. We are using ldap for the authentication of users only and not using information from any other attributes.

Thanks,

Dishant Arora

Don't have an account?
Coming from Hortonworks? Activate your account here