Cloudera Community
ElephantAdmin
user rank
New Contributor
My Accepted Solutions
Show All

Re: Can't restart services after removing kerberos...

by New Contributor in Support Questions
‎10-19-2020 05:00 AM
‎10-19-2020 05:00 AM
Try below. Some times the ambari cluster environment variable security_enabled might still hold the value true and hence all services expect keytabs .   To validate the value of the environment variable  /var/lib/ambari-server/resources/scripts/configs.py -a get -l <ambari-server host> -t 8080 -n <cluster-name> -u <admin-user> -p <admin-password> -c cluster-env | grep security "security_enabled": "true", "smokeuser_keytab": "/etc/security/keytabs/smokeuser.headless.keytab"   /var/lib/ambari-server/resources/scripts/configs.py -a set -k security_enabled -v false -l <ambari-server host> -t 8080 -n <cluster name> -u <admin user> -p <admin password> -c cluster-env   Try setting that variable to false ... View more

Re: HOW CAN I RETRIEVE LDAP GROUP FOR ZEPPELIN 0.8...

by New Contributor in Support Questions
‎08-29-2019 10:04 PM
1 Kudo
‎08-29-2019 10:04 PM
1 Kudo
Hi @raobelina_toky_ Is this setup done?   Else Please try out below steps.   Step1: In rolesByGroup please specify only the group's cn and not the full. Change "cn=Group-admin,dc=domain,dc=company": to Group-admin:admin_role   Step2: Validate your group search base path ldapRealm.groupSearchBase and group Object class name and memberAttribute. For instance if your  ldapRealm.groupSearchBase = dc=domain, dc=company ldapRealm.groupObjectClass = posixGroup ldapRealm.memberAttribute = member   As per the source code it pulls group's cn based on these values. Also comment out below if there is no group inside groups. # Enable support for nested groups using the LDAP_MATCHING_RULE_IN_CHAIN operator #ldapRealm.groupSearchEnableMatchingRuleInChain = true   To cross verify your settings try using ldapsearch this comes as part of ldap-utils package. Replace the values in <> and try search.   ldapsearch -h <ldapHost> -p <ldapport> -D <ldapRealm.contextFactory.systemUsername> -w <bind user password> -b <groupSearchBase> -s sub "(objectclass=<groupObjectClass>)" ... View more
Contact Me
Online
Offline
Last Visited
‎11-08-2020 10:37 AM
Community Statistics
Member Since ‎08-29-2019 09:54 PM
Last Visited ‎11-08-2020 10:37 AM
Posts 3
Kudos received 1