Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

permission denied while copying ldap server public key to the cluster node

permission denied while copying ldap server public key to the cluster node

Expert Contributor

Hello,

I want to sync cluster user,Ambari user and Ranger user. so I configured LDAP server on AWS instance, created group and user on LDAP server. Now, I am trying to sync this user with Hadoop cluster node. I have installed nss-pam-ldapd, openldap-clients, openssl, sssd on client machine. when i am trying to copy LDAP server public key to the client machine it shows following error:

  scp root@ip-xx-x-x-xxx.ec2.internal:/etc/pki/tls/certs/ldap1_pubkey.pem /etc/openldap/cacerts/

  Permission denied (publickey).

I am using Putty to login to the Host and client. created private key for the key used while creating cluster and LDAP instance. I have added private key to the putty for authentication for both client and host.

I am new to LDAP. can anyone help me out to get over this error ?

Thank You.

6 REPLIES 6
Highlighted

Re: permission denied while copying ldap server public key to the cluster node

Contributor

@heta desai

From description I understand that you want to sync the ldap user with ambari and your ldap is on ssl. so in order to have proper communication you want to add ldap certificate to cacerts ( default java truststore )

You can try following

Step 1 : Get the ldap cert

#echo | openssl s_client -connect <ldap_hostname>:<port> -showcerts2>&1 | sed--quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ldap.crt
</p><p>Step 2 : Add this cert to Default Java Truststore</p><pre>/usr/lib/jvm/java-1.8.0/bin/keytool -import -file ldap.crt -alias ldap-cert -keystore /etc/pki/java/cacerts -storepass changeit 

Note : default password is `changeit`

Re: permission denied while copying ldap server public key to the cluster node

Expert Contributor

@Rishi I have to perform this steps on client machine ?

Re: permission denied while copying ldap server public key to the cluster node

Contributor

@heta desai You have to perfrom this on Ambari-server node

Re: permission denied while copying ldap server public key to the cluster node

Expert Contributor

@Rishi

step 1 throws following error

-bash: sed--quiet: command not found 
unknown option -showcerts2

Re: permission denied while copying ldap server public key to the cluster node

Contributor

Could you please try this instead

openssl s_client -connect <ldap>:<port> <<<'' | openssl x509 -out /tmp/ldap.cert

Re: permission denied while copying ldap server public key to the cluster node

Expert Contributor
@Rishi

As a alternative I used winscp to copy LDAP server public key.

Thanks.