Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

With Ambari AD management is it possible to have user names prefixed automatically?

Labels:
avatar
author-rank hkropp
Super Collaborator

Created ‎10-21-2015 01:17 PM

 
1,596 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank pcodding author-rank
Guru

Created ‎10-21-2015 02:01 PM

@hkropp - if you're talking about automatically prefixing all AD kerberos principal names that are created, it is possible.

http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_launching_...

See 4.2.5.1g for some description on how specific LDAP attributes can be modified on creation for each of the principals (if necessary), and 4.2.1.8 on our default prefix which is the name of the cluster.

View solution in original post

1,463 Views
4 REPLIES 4

avatar
author-rank TerryP author-rank
Super Collaborator

Created ‎10-21-2015 01:30 PM

If this is for a Kerborized cluster, you can create rules in the auth_to_local setting under the REALMS configuration section of the krb5.conf file. You would have to tinker with the Advanced krb5 configuration settings in Ambari to create and propogate the rules. The rules can use the incoming AD id and manipulate it as you need. The MIT documentation has a few examples at http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html

1,463 Views
0 Kudos

avatar
author-rank pcodding author-rank
Guru

Created ‎10-21-2015 02:01 PM

@hkropp - if you're talking about automatically prefixing all AD kerberos principal names that are created, it is possible.

http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_launching_...

See 4.2.5.1g for some description on how specific LDAP attributes can be modified on creation for each of the principals (if necessary), and 4.2.1.8 on our default prefix which is the name of the cluster.

1,464 Views

avatar
author-rank hkropp
Super Collaborator

Created ‎10-21-2015 02:27 PM

What about CN or sAMAccount? As I understand they will be the same as principal name, or?

1,463 Views
0 Kudos

avatar
author-rank pcodding author-rank
Guru

Created ‎10-21-2015 02:35 PM

Each can be altered independently in the Attribute Template:

http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_customizin...

When you run through the wizard you'll see the template and the CN, and sAMAccountName and where you have the opportunity to prepend, append, alter their values.

1,463 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements