Member since
12-03-2016
91
Posts
27
Kudos Received
4
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
12396 | 08-27-2019 10:45 AM | |
3521 | 12-24-2018 01:08 PM | |
12574 | 09-16-2018 06:45 PM | |
2774 | 12-12-2016 01:44 AM |
08-20-2024
05:41 AM
If anyone will search, then the error "org.apache.zeppelin.livy.LivyException: {"msg":"User 'zeppelin-goa_datalake_1' not allowed to impersonate 'Some(sameer.dalai)'."} org.springframework.web.client.HttpClientErrorException: 403 Forbidden" Caused by livy settings. Here is how to change it https://community.cloudera.com/t5/Community-Articles/How-to-configure-zeppelin-livy-interpreter-for-secure-HDP/ta-p/249267
... View more
07-18-2023
06:42 AM
@GangWar This is still a problem in CDP 7.1.8 where there is no possibility of turning off the "Auto-TLS is Enabled" satus in Admin --> Security. Has anyone found the solution? I've now combed through UI settings, db and local files for anything to do with TLS and removed most if it. I know its turned off but as long as CDP thinks that Auto-TLS is ON I can't run the Auto-TLS setup Wizzard.
... View more
07-05-2023
09:03 PM
It works for me
... View more
11-16-2022
01:24 AM
How would you check logs related to ldap , In mine all docker-container like superset_app , superset-worker showing no error, but i can't be able to log from normal user either or ldap one My configured things from flask_appbuilder.security.manager import AUTH_LDAP
AUTH_TYPE = AUTH_LDAP
AUTH_USER_REGISTRATION = True
AUTH_LDAP_SERVER = "ldap://localhost:389"
# AUTH_LDAP_SEARCH="ou=people,dc=superset,dc=com"
AUTH_LDAP_SEARCH= "cn=admin,dc=ramhlocal,dc=com"
# AUTH_LDAP_APPEND_DOMAIN = "XXX.com"
AUTH_LDAP_UID_FIELD="cn"
AUTH_LDAP_FIRSTNAME_FIELD= "Rohit"
AUTH_LDAP_LASTTNAME_FIELD= "sn"
AUTH_LDAP_USE_TLS = False
# AUTH_LDAP_UID_FIELD=sAMAccountName
# AUTH_LDAP_BIND_USER=CN=Bind,OU=Admin,dc=our,dc=domain
AUTH_LDAP_ALLOW_SELF_SIGNED= True
AUTH_LDAP_APPEND_DOMAIN= False
... View more
05-05-2022
04:36 PM
As a general statement this is not right by any means. LDAP provides secure and encrypted authentication (encrypted user password and SSL/TLS communication) , together with user/group management. It's only the Hadoop stack does not support this and the two only autentication methods implemented for all the CDP components are the dummy simple auth (described above) and the Kerberos authentication (used in combination with PAM or LDAP for user/group mappings). As an example, nothing less than Knox (the security gateway to HDP or CDP) implements full authenticacion using only LDAP (with TLS), and it only relies on Kerberos to authenticate a single service/proxy user to communicate with the rest of the cluster.
... View more
04-30-2021
01:28 AM
@vidanimegh ,i have changed referral to follow but still users not sync to Ranger also not able to find any error in the usersync.log. Please find below config parameters and request you to pleases suggest if anything needs to be correct. ldapUrl: ldaps://ad.HWX.COM:636, ldapBindDn: CN=user1,OU=bda,DC=HWX,DC=COM, ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, searchBase: dc=hadoop,dc=apache,dc=org, userSearchBase: [OU=bda,DC=HWX,DC=COM], userSearchScope: 2, userObjectClass: user, userSearchFilter: ((memberof=OU=bda,DC=HWX,DC=COM)(memberof=CN=hdpadmin,OU=bda,DC=HWX,DC=COM)), extendedUserSearchFilter: (&(objectclass=user)((memberof=OU=bda,DC=HWX,DC=COM)(memberof=CN=hdpadmin,OU=bda,DC=HWX,DC=COM))), userNameAttribute: sAMAccountName, userSearchAttributes: [sAMAccountName], userGroupNameAttributeSet: null, pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: true, groupSearchBase: [DC=HWX,DC=COM], groupSearchScope: 2, groupObjectClass: group, groupSearchFilter: *, extendedGroupSearchFilter: (&(objectclass=group)(*)(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: (&(objectclass=group)(*)), groupMemberAttributeName: member, groupNameAttribute: cn, groupSearchAttributes: [member, cn], groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false, userSearchEnabled: false, ldapReferral: follow
... View more
01-24-2021
01:41 AM
I was just able to confirm that the update command listed is Postgresql database flavor.
... View more
12-01-2020
12:55 PM
The following map rule is wrong: RULE:[2:\$1@\$0](rm@MY_REALM)s/.*/rm/ the user for the ResourceManager is not "rm" but "yarn" and this should be the replacement value. This is the same as for the hadoop.security.auth_to_local in Hadoop/HDFS configuration.
... View more
11-12-2020
07:10 PM
To give some extra information (in case somebody guess about it) I have also tested adding the -b and -c options to curl, in order to use the received cookies in subsequent calls. Something like this: curl -i -k -u "admin:*****" -b cookies.txt -c cookies.txt --config headers-post.conf ... and the options included in headers-post.conf are: -X POST
-H "X-Requested-By:admin"
-H "Content-Type: application/json"
-H "X-XSRF-HEADER:valid" But the problem is the same and I still receive "HTTP/1.1 403 Forbidden" when trying to execute any statement with LIvy over the session. Best regards
... View more
08-19-2020
07:42 AM
If you use the $ZK_HOST defined in infra-solr-env.sh you should not need to include the /infra-solr prefix when getting the solrconfig.xml: source /etc/ambari-infra-solr/conf/infra-solr-env.sh /usr/lib/ambari-infra-solr/server/scripts/cloud-scripts/zkcli.sh -z $ZK_HOST \ -cmd getfile /configs/ranger_audits/solrconfig.xml solrconfig.xml The same applies when uploading the edited config.
... View more