With some help from a colleague, we figured out that all I needed to do was go into Administration > Users & Roles > LDAP/PAM Groups. There, I clicked on the "Add LDAP/PAM Group Mapping" and added the group I expected to be synced from Active Directory, along with a role assignment.  This was enough to make sure that the user after being authenticated, was able to login in with the right role privileges. ... View more

@CaptainJa  The version of Tomcat used in CDH 5.16.2 should not have any vulnerabilities. Could you share the CVE that is reported CDH is vulnerable to?   Per the notice [1] independent upgrade of Tomcat is not supported and we are moving towards newer versions in CDH6 => Cloudera Enterprise 6 has replaced Tomcat 6 with Jetty 9 and is not susceptible to Tomcat security issues.   LINKS: [1] https://community.cloudera.com/t5/Customer/CDH-5-support-for-Tomcat-6/ta-p/73655 ... View more