Member since
08-29-2019
3
Posts
1
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
3659 | 08-29-2019 10:04 PM |
10-19-2020
05:00 AM
Try below. Some times the ambari cluster environment variable security_enabled might still hold the value true and hence all services expect keytabs . To validate the value of the environment variable /var/lib/ambari-server/resources/scripts/configs.py -a get -l <ambari-server host> -t 8080 -n <cluster-name> -u <admin-user> -p <admin-password> -c cluster-env | grep security
"security_enabled": "true",
"smokeuser_keytab": "/etc/security/keytabs/smokeuser.headless.keytab" /var/lib/ambari-server/resources/scripts/configs.py -a set -k security_enabled -v false -l <ambari-server host> -t 8080 -n <cluster name> -u <admin user> -p <admin password> -c cluster-env Try setting that variable to false
... View more
08-29-2019
10:04 PM
1 Kudo
Hi @raobelina_toky_ Is this setup done? Else Please try out below steps. Step1: In rolesByGroup please specify only the group's cn and not the full. Change "cn=Group-admin,dc=domain,dc=company": to Group-admin:admin_role Step2: Validate your group search base path ldapRealm.groupSearchBase and group Object class name and memberAttribute. For instance if your ldapRealm.groupSearchBase = dc=domain, dc=company ldapRealm.groupObjectClass = posixGroup ldapRealm.memberAttribute = member As per the source code it pulls group's cn based on these values. Also comment out below if there is no group inside groups. # Enable support for nested groups using the LDAP_MATCHING_RULE_IN_CHAIN operator #ldapRealm.groupSearchEnableMatchingRuleInChain = true To cross verify your settings try using ldapsearch this comes as part of ldap-utils package. Replace the values in <> and try search. ldapsearch -h <ldapHost> -p <ldapport> -D <ldapRealm.contextFactory.systemUsername> -w <bind user password> -b <groupSearchBase> -s sub "(objectclass=<groupObjectClass>)"
... View more