Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

ambari-server sync-ldap --all

ambari-server sync-ldap --all

Contributor

When I execute "ambari-server sync-ldap --all", it will return the following result:

REASON: Caught exception running LDAP sync. [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: Attempt to lookup non-existant entry: uid=admin,ou=employees,dc=hortonworks,dc=com]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: Attempt to lookup non-existant entry: uid=admin,ou=employees,dc=hortonworks,dc=com]
5 REPLIES 5

Re: ambari-server sync-ldap --all

Hi @Zhao Chaofeng,

It seems that the properties you entered are not correct to access your LDAP server. Please check in the Ambari configuration file /etc/ambari-server/conf/ambari.properties that your parameters are correct. Share your parameters in case of issue and if you want us to have a look.

Hope this helps.

Re: ambari-server sync-ldap --all

Contributor

Hi, ambari.properties file content as follows:

ambariproperties.zip

Thank you.

Re: ambari-server sync-ldap --all

Based on your property file, you are trying to access a LDAP server on ldap.hortonworks.com, is a server available at this address on port 389? You are trying to access the LDAP using uid=admin,cn=accounts,cn=Manager,dc=hortonworks,dc=com, is that accurate? Is the base DN matching the tree you have defined in your LDAP?

Re: ambari-server sync-ldap --all

Contributor

cn=Manager,dc=hortonworks,dc=com is in my LDAP Server, but uid=admin,cn=accounts,cn=Manager,dc=hortonworks,dc=com is not in my LDAP Server. I think it will be created in sync-ldap process, it's all right?

Re: ambari-server sync-ldap --all

@Zhao Chaofeng, Were you able to solve your issue?

The error message indicates that the credential you provided while setting up the LDAP sync facility is not correct. My guess is that either your manager DN or the supplied password are incorrect. Make sure the manager DN (authentication.ldap.managerDn) references an existing user in the LDAP server who has at least read access to the subtree specified by the base DN value (authentication.ldap.baseDn). Also make sure you are using the correct password for that user.