I want to sync cluster user,Ambari user and Ranger user. so I configured LDAP server on AWS instance, created group and user on LDAP server. Now, I am trying to sync this user with Hadoop cluster node. I have installed nss-pam-ldapd, openldap-clients, openssl, sssd on client machine. when i am trying to copy LDAP server public key to the client machine it shows following error:
scp email@example.com:/etc/pki/tls/certs/ldap1_pubkey.pem /etc/openldap/cacerts/ Permission denied (publickey).
I am using Putty to login to the Host and client. created private key for the key used while creating cluster and LDAP instance. I have added private key to the putty for authentication for both client and host.
I am new to LDAP. can anyone help me out to get over this error ?
From description I understand that you want to sync the ldap user with ambari and your ldap is on ssl. so in order to have proper communication you want to add ldap certificate to cacerts ( default java truststore )
You can try following
Step 1 : Get the ldap cert
#echo | openssl s_client -connect <ldap_hostname>:<port> -showcerts2>&1 | sed--quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ldap.crt </p><p>Step 2 : Add this cert to Default Java Truststore</p><pre>/usr/lib/jvm/java-1.8.0/bin/keytool -import -file ldap.crt -alias ldap-cert -keystore /etc/pki/java/cacerts -storepass changeit
Note : default password is `changeit`
Could you please try this instead
openssl s_client -connect <ldap>:<port> <<<'' | openssl x509 -out /tmp/ldap.cert