When using the advanced configuration option, Knox uses an LDAP service
account to perform LDAP searches. Hortonworks recommends saving the account
password to the credential store and setting the
main.ldapRealm.contextFactory.systemPassword
parameter
value to ${ALIAS=accountalias}
, which pulls the password from
the store.
To store the account password in the credential store, run the following command:
$gateway_home/bin/knoxcli.sh create-alias $accountalias --cluster $cluster-name --value $password
where $accountalias
identifies the stored password
to use for the cluster configuration, $cluster-name
matches the cluster topology descriptor without the .xml extension, and
$password
is the LDAP service account password
that Knox uses for searches of the defined LDAP service.
The following example assumes that
main.ldapRealm.contextFactory.systemPassword
=${ALIAS=ldcSystemPassword}
,
ldcSystemPassword
is the alias for the password stored in
credential store, the cluster topology descriptor is
hdp.xml
and the plain text password is
hadoop
:
$gateway_home/bin/knoxcli.sh create-alias ldcSystemPassword --cluster hdp --value hadoop