Hello, We have set Ambari and HDFS with LDAP and Ranger. But we need strong user authentication in Hadoop. So I guess I need to configure Kerberos. I am a little afraid because we already have fairly stable system, and I don't want to break anything. So I am reading documentation first. I doubt one of the prerequisites: "Active Directory secure LDAP (LDAPS) connectivity has been configured. " We have an external LDAP server but not with SSL (we don't have LDAPS). So, it will be possible to configure Kerberos with our own LDAP server? Thanks in advance. ... View more

Hello, First of all, sorry for my english. When I try to sync ldap with memberUid, only sync users but don't sync groups. This is the part in the log with groups part: groupSearchEnabled: true, groupSearchBase: ou=Samba,dc=example,dc=es, groupSearchScope: 2, groupObjectClass: posixGroup, groupSearchFilter: cn=*, extendedGroupSearchFilter: (&(objectclass=posixGroup)(cn=*)(memberUid={0})), extendedAllGroupsSearchFilter: (&(objectclass=posixGroup)(cn=*)), groupMemberAttributeName: memberUid, groupNameAttribute: cn, groupUserMapSyncEnabled: false, ldapReferral: ignore The problem is that in my LDAP this is the search for groups: slapd[8101]: conn=1034 op=6 SRCH base="ou=Samba,dc=example,dc=es" scope=2 deref=3 filter="(&(objectClass=posixGroup)(cn=*)(memberUid=uid=user.user,ou=Users,dc=example,dc=es))" Allways append memberUid=uid=user.user,ou=Users,dc=example,dc=es But we need memberUid=user.user The following search: ldapsearch -x -LLL -b dc=example,dc=es '(&(objectClass=posixGroup)(cn=*)(memberUid=uid=user.user,ou=Users,dc=example,dc=es))' Doesn't bring any result. I need this correct search: ldapsearch -x -LLL -b dc=example,dc=es '(&(objectClass=posixGroup)(cn=*)(memberUid=user.user))' Other thing: with the script run.sh in the ldaptool the groups are sync correctly. Please, help!! Thanks ... View more