Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

how to connect to Demo LDAP server with LDAP-GUI ?

avatar
Guru

Hello,

I wanted to connect with ApacheDirectoryStudio to the DemoLDAP server included in Knox, just to have a graphical way of checking for users.

Network settings are fine =>

1353-network-settings-ok.png

But I got stuck in providing correct bind credentials.....what to provide there ?!?!

1354-bind-parameter-error.png

I also tried to provide the following bind dn: uid=admin,ou=users,dc=hdp,dc=XYZ,dc=sit , but it fails also, with error

1355-bind-parameter-error-2.png

Any hint highly appreciated 😉

1 ACCEPTED SOLUTION

avatar

@Gerd Koenig

Here is your answer:

1356-screen-shot-2016-01-14-at-94048-am.png

Here is how I connected via JExplorer (If you are using the Sandbox, you need to expose port 33389)

1357-screen-shot-2016-01-14-at-94651-am.png

View solution in original post

10 REPLIES 10

avatar
Master Mentor

avatar
Master Mentor

avatar
I was able to set this up using
  • Authentication Method: Simple Authentication
  • Bind DN or user: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org

This of course assumes you haven't changed the users.ldif file. I'm guessing you are trying to use your real domain but haven't updated the user.ldif file to reflect that. For reference here is the entry for the admin user in the default demo users.ldif file.

dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
objectclass:top
objectclass:person
objectclass:organizationalPerson
objectclass:inetOrgPerson
cn: Admin
sn: Admin
uid: admin
userPassword:xxxxxxxxxxxxxx

avatar
Guru

Thanks @Kevin Minder for your feedback. Indeed I was able to connect to another cluster with the default user DN provided by DemoLDAP.

I guess the issue may be caused by the difference of connecting to the LDAP server. In the non-working one I have to create a ssh-tunnel to port 33389 due to firewall issue, whereas in the working cluster there is no firewall in front and I can directly access it. But I have no explanation what exactly can go wrong there, since accessing the port isn't an issue (see screenshot 1)...?!

For now it is o.k, I'll dive into that later on...

Thanks

avatar

@Gerd Koenig

Here is your answer:

1356-screen-shot-2016-01-14-at-94048-am.png

Here is how I connected via JExplorer (If you are using the Sandbox, you need to expose port 33389)

1357-screen-shot-2016-01-14-at-94651-am.png

avatar
Master Mentor

@Ancil McBarnett I wikified this...Thank you!

avatar
Guru

Hi @Ancil McBarnett, many thanks for your explanation.

I could successfully connect to another clusters DemoLDAP with DirectoryStudio (unfortunately I have no permissions to install JExplorer) by using the default user DN.

I will double check the manually adjusted users in the non-working cluster, or maybe the ssh-tunnel/firewall topic is causing issues ?!?! (see my reply to Kevin Minder)

Thanks and regards, Gerd

avatar
Guru

Hi @Kevin Minder , Hi @Neeraj Sabharwal

I investigated a bit more to deep dive into how I can set the Bind DN to: uid=admin,ou=people,dc=hadoop,dc=apache,dc=prd

Yes, I just want to change the "domain". I did that in Ambari=>Knox=>users.ldif and additionally I set log-output to DEBUG. After restarting the DemoLDAP server I found in the log:

2016-01-26 20:23:41,136 INFO  store.LdifFileLoader (LdifFileLoader.java:execute(212)) - Could not create entry Entry
    dn[n]: uid=admin,ou=people,dc=hadoop,dc=apache,dc=prd
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    uid: admin
    userpassword: admin-password
    sn: Admin
    cn: Admin
org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException: ERR_268 Cannot find a partition for uid=admin,ou=people,dc=hadoop,dc=apache,dc=prd

Seems like by default just dc=hadoop,dc=apache,dc=org is allowed ?!?! How to add a custom 'partition' to set a custom domain?

I tried it using ApacheDirectoryStudio by right-click on the connection => "open configuration" (while being connected successfully), but unfortunately I received the error

org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException: Unable to find the 'ou=config' base entry.
at org.apache.directory.studio.apacheds.configuration.jobs.LoadConfigurationRunnable.readConfiguration(LoadConfigurationRunnable.java:382)
at org.apache.directory.studio.apacheds.configuration.jobs.LoadConfigurationRunnable.getConfiguration(LoadConfigurationRunnable.java:201)
at org.apache.directory.studio.apacheds.configuration.jobs.LoadConfigurationRunnable.run(LoadConfigurationRunnable.java:139)
at org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:83)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)

Any hints for how to set a custom domain?

Thanks in advance...

avatar

The potentially confusing process of adding a partition to Apache Directory Studio is the reason we decided to include the pre-populated Demo LDAP server with Knox instead of just instructions for using ADS. To do this in ADS you need to switch to the "Servers" tab in the lower right and click on Local. Then in the Partitions view on the left press "Add..." and provide the Suffix: value for example dc=custom,dc=sample,dc=com. Set ID: to something unique. Then you should be able to add subentries to that partition and you would no longer use the Knox Demo LDAP server. Keep in mind that the port is typically 10389 instead of the 33389 used by the Knox Demo LDAP. See the "General" view tab when the Local server is selected for details. You can import a LDIF using the File>Import menu item. Select LDAP Browser>DIF into LDAP. Browse for your LDIF file and Import into Local. Make sure you check "Overwrite existing log..." if you have to repeat the process. One confusing part here is that there needs to be an entry in your LDIF file for the Suffix: entered above. For example if you are trying to import the users.ldif that comes with Knox the Suffix: you would use is dc=hadoop,dc=apache,dc=org because this is the root object in that users.ldif.