If like me, you made a mistake for instance loading all your LDAP users and groups with "ambari-server sync-ldap --all" and you realize that you in fact only wanted some groups/users, you can re-run the "ambari-server setup-ldap" wizard pointing to the DN of only one of your users to keep as the search base. Then run "ambari-server sync-ldap --existing" to remove all existing LDAP users and groups except the single one to keep. Then reset the correct search base and add the subset of groups/users you want using "ambari-server sync-ldap --users users.txt --groups groups.txt". This trick saved my life by automatically and easily removing roughly 15000 LDAP users and 1000 LDAP groups 🙂
... View more
