Cloudera Community
smasoud
user rank
Explorer
My Accepted Solutions
Show All

Re: Ambari LDAP API not working > 2.4.2

by Explorer in Support Questions
‎03-28-2017 12:58 PM
‎03-28-2017 12:58 PM
UPDATE: I ended up rebuilding a new Ambari server and database from scratch, and running the 'sync-ldap' command using the default credentials (admin:admin). I think changing the default credentials before syncing the LDAP users causes the sync to fail, will try to raise an issue about this in Github. Thanks @Jay SenSharma and @Vipin Rathor for your help! I used your suggestions when I rebuilt Ambari and they were very helpful! ... View more

Re: Ambari LDAP API not working > 2.4.2

by Explorer in Support Questions
‎03-24-2017 02:29 PM
‎03-24-2017 02:29 PM
@Vipin Rathor I cannot use the ambari-server command because that command makes a request to 127.0.0.1 (IPv4), which fails because the ambari-server is binding to ::1 (IPv6): [ec2-user@ip-192-168-12-67 ~]$ sudo ambari-server sync-ldap --all -v Using python /usr/bin/python Syncing with LDAP... INFO: about to run command: ps -p 22683 INFO: Loading properties from /etc/ambari-server/conf/ambari.properties Enter Ambari Admin login: <user> Enter Ambari Admin password: Syncing all. Calling API https://127.0.0.1:8443/api/v1/ldap_sync_events : [{'Event': {'specs': [{'principal_type': 'users', 'sync_type': 'all'}, {'principal_type': 'groups', 'sync_type': 'all'}]}}] ERROR: Exiting with exit code 1. REASON: Sync event creation failed. Error details: <urlopen error [Errno 111] Connection refused> [ec2-user@ip-192-168-12-67 ~]$ sudo curl -k -i -u '<redacted>' -H 'X-Requested-By: ambari' -X POST -d '[{"Event":{"specs":[{"principal_type":"users","sync_type":"all"},{"principal_type":"groups","sync_type":"all"}]}}]' https://localhost:8443/api/v1/ldap_sync_events HTTP/1.1 403 Unable to sign in. Invalid username/password combination. Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Content-Type: text/plain;charset=ISO-8859-1 Content-Length: 93 Server: Jetty(8.1.19.v20160209) { "status": 403, "message": "Unable to sign in. Invalid username/password combination." } ambari-server.log: 24 Mar 2017 10:25:40,841 ERROR [ambari-client-thread-28] AmbariLdapAuthoritiesPopulator:71 - Can't get authorities for user ambari, he is not present in local DB I believe the current issue I am experiencing is the Ambari credentials are not in the 'users' table in PostgreSQL. Is there a way I can add those credentials to the table manually? ... View more

Re: Ambari LDAP API not working > 2.4.2

by Explorer in Support Questions
‎03-23-2017 08:12 PM
‎03-23-2017 08:12 PM
@Vipin Rathor Thank you! Binding with a manager as a user seems to have resolved the previous issue and allowed me to establish a proper connection to Windows, but now I cannot seem to form the proper curl command to sync the users. I believe the way I am feeding the username/password combination is incorrect. This is the command I'm using and the result: [ec2-user@ip-192-168-12-67 ~]$ curl -k -i -u '<user>:<password>' -H 'X-Requested-By: ambari' -X POST -d '[{"Event":{"specs":[{"principal_type":"users","sync_type":"all"},{"principal_type":"groups","sync_type":"all"}]}}]' <a href="https://localhost:8443/api/v1/ldap_sync_events">https://localhost:8443/api/v1/ldap_sync_events</a> HTTP/1.1 403 Unable to sign in. Invalid username/password combination. Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Content-Type: text/plain;charset=ISO-8859-1 Content-Length: 93 Server: Jetty(8.1.19.v20160209) { "status": 403, "message": "Unable to sign in. Invalid username/password combination." } ambari-server.log: 23 Mar 2017 16:08:40,244 INFO [ambari-client-thread-25] FilterBasedLdapUserSearch:89 - SearchBase not set. Searches will be performed from the root: cn=Users,dc=<redacted>,dc=local 23 Mar 2017 16:09:20,619 ERROR [ambari-client-thread-28] AmbariLdapAuthoritiesPopulator:71 - Can't get authorities for user <user>, he is not present in local DB UPDATE: it appears that the original admin user i created in Ambari UI is no longer in the users table (PostgreSQL database). How can I manually add the user back into the database? ... View more

Re: Ambari LDAP API not working > 2.4.2

by Explorer in Support Questions
‎03-22-2017 05:40 PM
‎03-22-2017 05:40 PM
@Jay SenSharma I changed the baseDn peoperty to match the example you gave me, still getting the same error. Has Ambari been confirmed to work with Windows Server 2012? I am concerned that it cannot interface with a newer version of Windows. ... View more

Re: Ambari LDAP API not working > 2.4.2

by Explorer in Support Questions
‎03-22-2017 04:43 PM
‎03-22-2017 04:43 PM
Hello @Jay SenSharma, Thanks for replying. I am using ActiveDirectory on Windows Server 2012 R2, and I confirmed it's running by using telnet from my RedHat box. I used the corrected curl command you posted, and the result is the same. [ec2-user@ip-192-168-12-67 ~]$ curl -k -i -u <redacted> -H 'X-Requested-By: ambari' -X POST -d '[{"Event":{"specs":[{"principal_type":"users","sync_type":"all"},{"principal_type":"groups","sync_type":"all"}]}}]' https://localhost:8443/api/v1/ldap_sync_events HTTP/1.1 500 Server Error Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Content-Type: text/plain;charset=ISO-8859-1 Content-Length: 48 Server: Jetty(8.1.19.v20160209) { "status": 500, "message": "Server Error" } ambari.properties: [ec2-user@ip-192-168-12-67 ~]$ cat /etc/ambari-server/conf/ambari.properties | grep ldap ambari.ldap.isConfigured=true authentication.ldap.baseDn=dc authentication.ldap.bindAnonymously=true authentication.ldap.dnAttribute=cn authentication.ldap.groupMembershipAttr=member authentication.ldap.groupNamingAttr=name authentication.ldap.groupObjectClass=group authentication.ldap.primaryUrl=<redacted>:389 authentication.ldap.referral=ignore authentication.ldap.secondaryUrl=<redacted>:389 authentication.ldap.useSSL=false authentication.ldap.userObjectClass=user authentication.ldap.usernameAttribute=name client.security=ldap ambari-server.log: 22 Mar 2017 12:34:38,591 WARN [ambari-client-thread-24] ServletHandler:561 - Error Processing URI: /api/v1/ldap_sync_events - (org.springframework.ldap.BadLdapGrammarException) Failed to parse DN; nested exception is org.springframework.ldap.core.ParseException: Encountered "<EOF>" at line 1, column 2. Was expecting: <SPACED_EQUALS> ... ... View more

Ambari LDAP API not working > 2.4.2

by Explorer in Support Questions
‎03-22-2017 02:48 PM
‎03-22-2017 02:48 PM
My Ambari server (RedHat 7.3) is listening on ::1 (IPv6), and when I run 'ambari-server sync-ldap', it tries to make a request to 127.0.0.1, which results in a 'Connection refused': [ec2-user@ip-192-168-12-67 ~]$ sudo ambari-server sync-ldap --all -v Using python /usr/bin/python Syncing with LDAP... INFO: about to run command: ps -p 11579 INFO: Loading properties from /etc/ambari-server/conf/ambari.properties .......Syncing all. Calling API https://127.0.0.1:8443/api/v1/ldap_sync_events : [{'Event': {'specs': [{'principal_type': 'users', 'sync_type': 'all'}, {'principal_type': 'groups', 'sync_type': 'all'}]}}] ERROR: Exiting with exit code 1. REASON: Sync event creation failed. Error details: <urlopen error [Errno 111] Connection refused> When I attempt to manually curl the service (https://cwiki.apache.org/confluence/display/AMBARI/API+to+sync+LDAP+users) via localhost instead of 127.0.0.1, I get a 500 error: [ec2-user@ip-192-168-12-67 ~]$ curl -i -u<redacted> -H 'X-Requested-By: ambari' -X POST -d '"[{"Event":{"specs":[{"principal_type":"users","sync_type":"all"},{"principal_type":"groups","sync_type":"all"}]}}]' https://localhost:8443/api/v1/ldap-sync-events -k HTTP/1.1 500 Server Error Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Content-Type: text/plain;charset=ISO-8859-1 Content-Length: 48 Server: Jetty(8.1.19.v20160209) { "status": 500, "message": "Server Error" Tailing the log: [ec2-user@ip-192-168-12-67 ~]$tail -30 /var/log/ambari-server/ambari-server.log 22 Mar 2017 10:30:55,779 WARN [ambari-client-thread-24] ServletHandler:561 - Error Processing URI: /api/v1/ldap-sync-events - (org.springframework.ldap.BadLdapGrammarException) Failed to parse DN; nested exception is org.springframework.ldap.core.ParseException: Encountered "<EOF>" at line 1, column 2. Was expecting: <SPACED_EQUALS> ... Is there any way to either have the 'sync-ldap' command send the request to localhost instead of 127.0.0.1, or is there something wrong with my manual curl request? ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎05-01-2017 01:03 PM
Community Statistics
Member Since ‎03-07-2017 07:23 PM
Last Visited ‎05-01-2017 01:03 PM
Posts 7