Here is the .sh script we used at the customers. You'll need to fill in your specific environment information. It runs the curl commands but also includes an LDAP filter. #!/bin/sh # Just in case we are run from cron with no path set... export PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin AMBARI_ADMIN_USER='admin:xxxxx' # # Groups we want to look for, in this case any group name that starts with HDP_ # GROUP_FILTER="(&(ObjectClass=Group)(CN=HDP_*))" SEARCH_BASE=DC=MYDOMAIN,DC=com SEARCH_USER=CN=search_user,OU=LDAP,${SEARCH_BASE} SEARCH_PASSWD=ldapUserPassword LDAP_HOST=ldap.mydomain.com LDAPGROUPS=`ldapsearch -h $LDAP_HOST -x -s sub -b ${SEARCH_BASE} -D ${SEARCH_USER} -w ${SEARCH_PASSWD} "${GROUP_FILTER}" cn | grep ^dn: | cut -d' ' -f2- | sed -e "s/\(.*\)/(memberOf=\1)/" | tr '\n' ':' | sed -e "s/://g"` # Filter for users with a "valid" flag set who have a first name, last name and email. SEARCH_FILTER="(&(objectClass=USER)(mail=*mydomain.com)(givenName=*)(sn=*)(!(msexchuserAccountControl:1.2.840.113556.1.4.803:=2))(|$LDAPGROUPS))" # perform the search on AD and format the results in a way that postfix wants. #ldapsearch -h <ldap.company.com> -x -D “${SEARCH_USER}” -w “${SEARCH_PASSWD}” "${SEARCH_FILTER}" sAMAccountName | \ grep -v "{" | \ cut -d: -f3 | \ sort -u > ${TEMP_FILE} USERLIST=`ldapsearch -h $LDAP_HOST -x -s sub -b ${SEARCH_BASE} -D ${SEARCH_USER} -w ${SEARCH_PASSWD} "${SEARCH_FILTER}" sAMAccountName |\ grep -i sAMAccountName |\ grep -v ^# |\ sort -u |\ awk '{print $2}' |\ tr '\n' , |\ tr '[A-Z]' '[a-z]' |\ sed -e "s/,$//"` GROUPLIST=`ldapsearch -h $LDAP_HOST -x -s sub -b ${SEARCH_BASE} -D ${SEARCH_USER} -w ${SEARCH_PASSWD} "${SEARCH_FILTER}" memberOf |\ grep memberOf |\ grep -v ^# |\ grep HDP_ |\ sort -u |\ cut -d: -f2 |\ cut -d= -f2 |\ cut -d, -f1 |\ awk '{print $1}' |\ tr '\n' , |\ sed -e "s/,$//"` # Sync new users and groups curl -s -H "X-Requested-By: ambari” -u $AMBARI_ADMIN_USER -d '{"Event": {"specs": [{"principal_type": "users", "sync_type": "specific", "names": "'$USERLIST'"}, {"principal_type": "groups", "sync_type": "specific", "names": "'$GROUPLIST'"}]}}' http://127.0.0.1:8080/api/v1/ldap_sync_events >/dev/null sleep 30 # Sync existing users and groups curl -s -H "X-Requested-By: amber” -u $AMBARI_ADMIN_USER -d '{"Event": { "specs": [{"principal_type": "users", "sync_type": "existing"}, {"principal_type": "groups", "sync_type": "existing"}]}}' http://127.0.0.1:8080/api/v1/ldap_sync_events >/dev/null echo "AmbariLdapSync complete at `date`" exit 0 ... View more

We ended up going with Paul's solution and didn't try to delete from Oracle. Thanks for all your input and help! ... View more

We went down the path of deleting directly from Oracle but ran into a bunch of relational constraints. ... View more

That's sets up LDAP but I need to automate the sync process. I would like Ambari to execute the sync-ldap --existing command once a day. ... View more