Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

how to ​Configure Hadoop Group Mapping for LDAP/AD Using SSSD ? Please Help

Highlighted

how to ​Configure Hadoop Group Mapping for LDAP/AD Using SSSD ? Please Help

New Contributor

Hi All,

I am trying to map user and groups in AD in HDP. Once it is mapped i can apply policy on groups.

5 REPLIES 5

Re: how to ​Configure Hadoop Group Mapping for LDAP/AD Using SSSD ? Please Help

Re: how to ​Configure Hadoop Group Mapping for LDAP/AD Using SSSD ? Please Help

New Contributor

Hi @dvillarreal ,

I'm trying to map the users and groups from my AD to my Hadoop cluster using SSSD and Unix based mapping provider, not the LDAP mapping provider. I'm following the guide you shared.

https://github.com/HortonworksUniversity/Security_Labs/blob/master/HDP-2.6-AD.md#lab-4

I was able to make SSSD work and both id and groups commands return the correct user@domain.com and groups@domain.com. However, my hdfs groups command returns nothing (group field is empty). I did refresh both hdfs and yarn after enabling that.

Is there a way to troubleshoot that? I'm not on a kerberized cluster, is it a prerequisite for system group mapping to work? I'm able to use the LDAP group mapping by configuring it in core-site.xml but as I understand it's not recommended as I already joined the linux box to the AD.

Really appreciated if you can shed some lights.

Re: how to ​Configure Hadoop Group Mapping for LDAP/AD Using SSSD ? Please Help

@David Liu

Hi, Check that sssd returns group on id username on all nodes. Then check your core-site.xml make sure to remove any references to ldap or other configs that aren't default in this area. It is possible to map multiple providers here so it may be a configuration issue with core-site.xml. Make sure you also restart full MR, and YARN as well as HDFS.

Re: how to ​Configure Hadoop Group Mapping for LDAP/AD Using SSSD ? Please Help

New Contributor

yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python


vi /etc/hosts (add the AD hostname and ip)

realm join --user=sssdadmin PRD.HDP.COM

realm list

id sssdadmin PRD.HDP.COM

vi sssd.conf (update so that it can only consider the username)

systemctl status sssd

then try to login using the AD user and credentials

Cheers, Pravat Sutar

Re: how to ​Configure Hadoop Group Mapping for LDAP/AD Using SSSD ? Please Help

New Contributor

yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python


yum install addjob realmd samba samba-common oddjob-mkhomedir sssd adcli