Cloudera Community
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
markus_baettig
user rank
Explorer

Can't sync Ambari with LDAP

by Explorer in Support Questions
‎04-10-2018 09:11 AM
‎04-10-2018 09:11 AM
Hi guys It's my turn to secure our cluster right now. But I have some trouble already with the LDAP connection of Ambari. On the production system I get the following error and I don't know where I can find the error anymore. Can you give me possible points where I should look for the error? The certificates of the AD servers are imported and ldapsearch is working fine. I have add to the ambari-server.properties file the following content: authentication.ldap.primaryUrl=dc1.ad.test.com:636 authentication.ldap.secondaryUrl=dc02.ad.test.com:636 authentication.ldap.useSSL=true authentication.ldap.dnAttribute=distinguishedName authentication.ldap.usernameAttribute=sAMAccountName authentication.ldap.baseDn="DC=ad,DC=test,DC=com" authentication.ldap.bindAnonymously=false authentication.ldap.managerDn="CN=Service Account Hortonworks,OU=50.50.20 HadoopServiceUser,OU=50.50 Hortonworks,OU=50 Service User,DC=ad,DC=test,DC=com" authentication.ldap.userObjectClass=user authentication.ldap.groupObjectClass=group authentication.ldap.groupMembershipAttr=member authentication.ldap.groupNamingAttr=cn afterwards I run [user1@ad.test.com home]$ sudo ambari-server setup-ldap and validate the adjustments of the ambari-server.properties. Then I restart the server and agent [user1@ad.test.com home]$ sudo ambari-server restart [user1@ad.test.com home]$ sudo ambari-agent restart I create a file with only one entry: The Group with the Hadoop administrators. [user1@ad.test.com home]$ echo HadoopAdmin > groups.txt after that I want to import the HadoopAdmin group into Ambari [user1@ad.test.com home]$ sudo ambari-server sync-ldap --groups=groups.txt Using python /usr/bin/python Syncing with LDAP... Enter Ambari Admin login: admin Enter Ambari Admin password: Syncing all...ERROR: Exiting with exit code 1. REASON: Caught exception running LDAP sync. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839] In the Ambari Log I found the following error: 09 Apr 2018 16:37:00,577 ERROR [pool-18-thread-5] LdapSyncEventResourceProvider:460 - Caught exception running LDAP sync. org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140) at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:159) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getFilteredLdapUsers(AmbariLdapDataPopulator.java:667) at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getExternalLdapUserInfo(AmbariLdapDataPopulator.java:644) at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.synchronizeAllLdapUsers(AmbariLdapDataPopulator.java:212) at org.apache.ambari.server.controller.AmbariManagementControllerImpl.synchronizeLdapUsersAndGroups(AmbariManagementControllerImpl.java:5178) at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider.syncLdap(LdapSyncEventResourceProvider.java:490) at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider.processSyncEvents(LdapSyncEventResourceProvider.java:448) at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider.access$000(LdapSyncEventResourceProvider.java:65) at org.apache.ambari.server.controller.internal.LdapSyncEventResourceProvider$1.run(LdapSyncEventResourceProvider.java:259) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344) ... 18 more ... View more
Labels:

Re: Can't create table with encoding iso-8859-1

by Explorer in Support Questions
‎07-25-2017 11:47 AM
‎07-25-2017 11:47 AM
@Sindhu Thanks! ... View more

Can't create table with encoding iso-8859-1

by Explorer in Support Questions
‎07-25-2017 10:58 AM
‎07-25-2017 10:58 AM
Hi guys I'm struggling to create an Hive table, in which I can store german city names like München. I create the table in the follwoing way: CREATE external TABLE marketing.town ( lang String, town String) stored AS orc LOCATION'hdfs://xx/xx/xx/xx/xx/marketing/town' tblproperties ("orc.compress"="SNAPPY", 'store.charset'='ISO-8859-1', 'retrieve.charset'= 'ISO-8859-1') ; ALTER TABLE marketing.town SET serdeproperties ('serialization.encoding'='ISO-8859-1'); When i now fill the table: insert into marketing.town values ('german', 'München'); insert into marketing.town values ('english', 'Munich'); I get the follwoing output: Can you give me a hint, I'm lost... Best Markus ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎05-22-2018 01:13 PM
Community Statistics
Member Since ‎04-12-2016 06:38 PM
Last Visited ‎05-22-2018 01:13 PM
Posts 7