Set Up LDAP Authentication – Ambari

https://ambari.apache.org/1.2.1/installing-hadoop-using-ambari/content/ambari-chap2-4.html

vi /etc/ambari-server/conf/ambari.properties

client.security=ldap

ambari-server setup-ldap
Using python  /usr/bin/python
Setting up LDAP properties...
Primary URL* {host:port} (adserver.abc.com:3268):
Secondary URL {host:port} :
Use SSL* [true/false] (false):
User object class* (user):
User name attribute* (sAMAccountName):
Group object class* (group):
Group name attribute* (cn):
Group member attribute* (member):
Distinguished name attribute* (distinguishedName):
Base DN* (dc=abc,dc=com):
Referral method [follow/ignore] :
Bind anonymously* [true/false] (false):
Manager DN* (cn=<AD service account>,OU=Hadoop,OU=Applications,DC=abc,DC=com):
Enter Manager Password* :
Re-enter password:
====================
Review Settings
====================
authentication.ldap.managerDn: cn=<AD service account>,OU=Hadoop,OU=Applications,DC=abc,DC=com
authentication.ldap.managerPassword: *****
Save settings [y/n] (y)? y
Saving...done
Ambari Server 'setup-ldap' completed successfully.

To Sync the groups.
vi groups.csv
<add all the ad groups which need to be sync with ambari>

ambari-server sync-ldap --groups groups.csv

To Sync the users. create users.csv file with list of ad user accounts separated by comma.
ambari-server sync-ldap --user users.csv
Advertisements

Author: rajukv

Hadoop(BigData) Architect and Hadoop Security Architect can design and build hadoop system to meet various data science projects.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s