Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

how to connect to Demo LDAP server with LDAP-GUI ?

Labels:
avatar
author-rank geko
Guru

Created on ‎01-14-2016 09:44 AM - edited ‎08-19-2019 05:14 AM

Hello,

I wanted to connect with ApacheDirectoryStudio to the DemoLDAP server included in Knox, just to have a graphical way of checking for users.

Network settings are fine =>

1353-network-settings-ok.png

But I got stuck in providing correct bind credentials.....what to provide there ?!?!

1354-bind-parameter-error.png

I also tried to provide the following bind dn: uid=admin,ou=users,dc=hdp,dc=XYZ,dc=sit , but it fails also, with error

1355-bind-parameter-error-2.png

Any hint highly appreciated 😉

7,358 Views
1 ACCEPTED SOLUTION

avatar
author-rank amcbarnett
Guru

Created on ‎01-14-2016 02:48 PM - edited ‎08-19-2019 05:14 AM

@Gerd Koenig

Here is your answer:

1356-screen-shot-2016-01-14-at-94048-am.png

Here is how I connected via JExplorer (If you are using the Sandbox, you need to expose port 33389)

1357-screen-shot-2016-01-14-at-94651-am.png

View solution in original post

5,877 Views
10 REPLIES 10

avatar
author-rank nsabharwal
Master Mentor

Created ‎01-14-2016 02:10 PM

@Kevin Minder

5,592 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎01-14-2016 02:18 PM

@Gerd Koenig

Check out this doc and hope this helps

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Knox_Gateway_Admin_Guide/content/ch06.htm...

5,592 Views
0 Kudos

avatar
author-rank kevin_minder
Guru

Created ‎01-14-2016 02:39 PM

I was able to set this up using
  • Authentication Method: Simple Authentication
  • Bind DN or user: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org

This of course assumes you haven't changed the users.ldif file. I'm guessing you are trying to use your real domain but haven't updated the user.ldif file to reflect that. For reference here is the entry for the admin user in the default demo users.ldif file.

dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
objectclass:top
objectclass:person
objectclass:organizationalPerson
objectclass:inetOrgPerson
cn: Admin
sn: Admin
uid: admin
userPassword:xxxxxxxxxxxxxx
5,592 Views

avatar
author-rank geko
Guru

Created ‎01-14-2016 07:49 PM

Thanks @Kevin Minder for your feedback. Indeed I was able to connect to another cluster with the default user DN provided by DemoLDAP.

I guess the issue may be caused by the difference of connecting to the LDAP server. In the non-working one I have to create a ssh-tunnel to port 33389 due to firewall issue, whereas in the working cluster there is no firewall in front and I can directly access it. But I have no explanation what exactly can go wrong there, since accessing the port isn't an issue (see screenshot 1)...?!

For now it is o.k, I'll dive into that later on...

Thanks

5,592 Views
0 Kudos

avatar
author-rank amcbarnett
Guru

Created on ‎01-14-2016 02:48 PM - edited ‎08-19-2019 05:14 AM

@Gerd Koenig

Here is your answer:

1356-screen-shot-2016-01-14-at-94048-am.png

Here is how I connected via JExplorer (If you are using the Sandbox, you need to expose port 33389)

1357-screen-shot-2016-01-14-at-94651-am.png

5,878 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎01-14-2016 03:01 PM

@Ancil McBarnett I wikified this...Thank you!

5,592 Views
0 Kudos

avatar
author-rank geko
Guru

Created ‎01-14-2016 07:54 PM

Hi @Ancil McBarnett, many thanks for your explanation.

I could successfully connect to another clusters DemoLDAP with DirectoryStudio (unfortunately I have no permissions to install JExplorer) by using the default user DN.

I will double check the manually adjusted users in the non-working cluster, or maybe the ssh-tunnel/firewall topic is causing issues ?!?! (see my reply to Kevin Minder)

Thanks and regards, Gerd

5,592 Views
0 Kudos

avatar
author-rank geko
Guru

Created ‎01-26-2016 07:39 PM

Hi @Kevin Minder , Hi @Neeraj Sabharwal

I investigated a bit more to deep dive into how I can set the Bind DN to: uid=admin,ou=people,dc=hadoop,dc=apache,dc=prd

Yes, I just want to change the "domain". I did that in Ambari=>Knox=>users.ldif and additionally I set log-output to DEBUG. After restarting the DemoLDAP server I found in the log:

2016-01-26 20:23:41,136 INFO  store.LdifFileLoader (LdifFileLoader.java:execute(212)) - Could not create entry Entry
    dn[n]: uid=admin,ou=people,dc=hadoop,dc=apache,dc=prd
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    uid: admin
    userpassword: admin-password
    sn: Admin
    cn: Admin
org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException: ERR_268 Cannot find a partition for uid=admin,ou=people,dc=hadoop,dc=apache,dc=prd

Seems like by default just dc=hadoop,dc=apache,dc=org is allowed ?!?! How to add a custom 'partition' to set a custom domain?

I tried it using ApacheDirectoryStudio by right-click on the connection => "open configuration" (while being connected successfully), but unfortunately I received the error

org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException: Unable to find the 'ou=config' base entry.
at org.apache.directory.studio.apacheds.configuration.jobs.LoadConfigurationRunnable.readConfiguration(LoadConfigurationRunnable.java:382)
at org.apache.directory.studio.apacheds.configuration.jobs.LoadConfigurationRunnable.getConfiguration(LoadConfigurationRunnable.java:201)
at org.apache.directory.studio.apacheds.configuration.jobs.LoadConfigurationRunnable.run(LoadConfigurationRunnable.java:139)
at org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:83)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)

Any hints for how to set a custom domain?

Thanks in advance...

5,592 Views

avatar
author-rank kevin_minder
Guru

Created ‎01-26-2016 08:41 PM

The potentially confusing process of adding a partition to Apache Directory Studio is the reason we decided to include the pre-populated Demo LDAP server with Knox instead of just instructions for using ADS. To do this in ADS you need to switch to the "Servers" tab in the lower right and click on Local. Then in the Partitions view on the left press "Add..." and provide the Suffix: value for example dc=custom,dc=sample,dc=com. Set ID: to something unique. Then you should be able to add subentries to that partition and you would no longer use the Knox Demo LDAP server. Keep in mind that the port is typically 10389 instead of the 33389 used by the Knox Demo LDAP. See the "General" view tab when the Local server is selected for details. You can import a LDIF using the File>Import menu item. Select LDAP Browser>DIF into LDAP. Browse for your LDIF file and Import into Local. Make sure you check "Overwrite existing log..." if you have to repeat the process. One confusing part here is that there needs to be an entry in your LDIF file for the Suffix: entered above. For example if you are trying to import the users.ldif that comes with Knox the Suffix: you would use is dc=hadoop,dc=apache,dc=org because this is the root object in that users.ldif.

5,592 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements