Member since
10-10-2018
4
Posts
0
Kudos Received
0
Solutions
03-23-2020
02:14 AM
hello, This wokarround didn't work for me. Configured the LDAP setup so that the BaseDN matches only 1 entry. calling "ambari-server sync-ldap --existing" didn't remove all existing LDAP Users and groups rather it deleted 2 only. may be i missed something, but after running the setup do we need to restart ambari-server? What should be the expected behaviour when runing the "ambari-server sync-ldap --all" and the BaseDN pointing to a single AD entry? The doc states the following for option '--exisiting' : "Users will be removed from Ambari if they no longer exist in LDAP, and group membership in Ambari will be updated to match LDAP". Since AD users still exist that would have no effect to remove the users even if baseDN points to single entry. What we are looking for (HDP2.6.5) is to remove all LDAP synced users other than these specified in --users users.txt and --groups group.txt. It looks like there is no such tool and we have to resort to manually use ambari APIs somehow. One thing i'm not sure is how are the lowercased alias being handled, since during the first sync we had the default value 'true' to force lower case, and now changed it to 'false' looking forward your insights
... View more