Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Setting up LDAP/AD in Knox

Solved Go to solution
Highlighted

Setting up LDAP/AD in Knox

Expert Contributor

Hi,

I have a problem with configuring LDAP/AD with Knox. The DEMO LDAP works great for both: sandbox and my own cluster. I am configuring LDAP connection using this document: Setting Up LDAP Authentication. I configured main.ldapRealm.userDnTemplate and main.ldapRealm.contextFactory.url. I tried both classes in main.ldapRealm (KnoxLdapRealm and Jndi...) I am using Ambari to make changes. The versions I use is: sandbox - 2.4.0 and my cluster 2.3.2. When I configure my LDAP - Knox keeps saying that I am unauthorized (401). The credentials are correct because I can use them to log in beeline which is also configured with LDAP + AD.

Do I need to change Advanced users-ldif section in Ambari as well?

Thank you in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Setting up LDAP/AD in Knox

If your users belong to different branches of the LDAP directory you'll need to use Advanced LDAP Authentication in the Knox topology. Review the linked doc to understand the limitations of userDnTemplate, and refer to the "Example provider config" section to understand the additional properties available.

There should be log messages in gateway.log corresponding to the 401. Those might provide more insight into the reason for the error, so please provide them if possible.

View solution in original post

3 REPLIES 3

Re: Setting up LDAP/AD in Knox

If your users belong to different branches of the LDAP directory you'll need to use Advanced LDAP Authentication in the Knox topology. Review the linked doc to understand the limitations of userDnTemplate, and refer to the "Example provider config" section to understand the additional properties available.

There should be log messages in gateway.log corresponding to the 401. Those might provide more insight into the reason for the error, so please provide them if possible.

View solution in original post

Highlighted

Re: Setting up LDAP/AD in Knox

Expert Contributor

Thank you very much @Alex Miller for your quick response. According to doc that you linked and log I found out that I had misconfigured userDnTemplate.

I have another problem. In my AD/LDAP I am using sAMAccountName to identify user, so I need to type at the begging of userDnTemplate something like: sAMAccountName={0},ou=... so on, but it does not recognize users. I cant use cn={0} because as a cn I use two separate words - so I will not work. I dont use uid, and I am not AD admin to add or edit anything.

Highlighted

Re: Setting up LDAP/AD in Knox

Expert Contributor

I found the solution. If anyone else is facing the same problem, review this link and use @bsaini topology. Thanks!

Don't have an account?
Coming from Hortonworks? Activate your account here