Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Unable to Sync LDAP with Ambari

Hi All,

I am trying to Sync LDAP with Ambari. I am able to succesfully import the LDAP group however the Users in the Group are not getting imported. I am using smbari-servr sync-ldap --all command.

I tried syncing in another way by using ambari-server sync-ldap --users /users.txt command. However when I am trying to Sync using this command I am getting error "REASON: Caught exception running LDAP sync. Couldn't sync LDAP user xyz, it doesn't exist" But I know that user is present in the group by ldap serach tool.

I wanted to know how to specify the name of the user in the users.txt file which I am referring in the sync command. Request you guys to provide an example of how to specify name of the user.

3 REPLIES 3

Contributor

You just need to specify comma separated user names:

user1, user2,..........,userN

Note that it is just the user name and NOT the full DN of the user.

If you are getting the "user doesn't exist' error, please check your ambari.properties for ldap configuration. It is most likely that the baseDN specified has the groups under it but not the users. Please correct the baseDN in that case.

Hi Basu, when I do the LDAP search I get all the users in the list. For ex if I have a user named Akash Saha and if I mention it in users.txt file, ambari is conidering only till Akash and it is not considering the lastname. So my name is Akash Saha, how will I mention it in users.txt file?

Request your inputs

Contributor

Generally, it is not a good practice to have space in LDAP user name. However, in my env, ambari is not considering space as delimiter i.e it is able to consider the full name in the syn request (though it fails as I have used a dummy user):

Using python /usr/bin/python Syncing with LDAP...

Enter Ambari Admin login: admin

Enter Ambari Admin password: Syncing specified users and groups...

ERROR: Exiting with exit code 1.

REASON: Caught exception running LDAP sync. Couldn't sync LDAP user xxxx yyyy, it doesn't exist

Please open your users.txt file in VI editor and check for any commas in between the first name and the last name. If it is all good, then please check the below mentioned properties in your ambari.properties:

authentication.ldap.userObjectClass=user

authentication.ldap.usernameAttribute=sAMAccountName