When using the advanced configuration option, Knox uses an LDAP service
account to perform LDAP searches. Hortonworks recommends saving the account
password to the credential store and setting the
main.ldapRealm.contextFactory.systemPasswordparameter
value to ${ALIAS=accountalias}, which pulls the password from
the store.
To store the account password in the credential store, run the following command:
$gateway_home/bin/knoxcli.sh create-alias $accountalias --cluster $cluster-name --value $password
where $accountalias identifies the stored password
to use for the cluster configuration, $cluster-name
matches the cluster topology descriptor without the .xml extension, and
$password is the LDAP service account password
that Knox uses for searches of the defined LDAP service.
The following example assumes that
main.ldapRealm.contextFactory.systemPassword=${ALIAS=ldcSystemPassword},
ldcSystemPassword is the alias for the password stored in
credential store, the cluster topology descriptor is
hdp.xml and the plain text password is
hadoop:
$gateway_home/bin/knoxcli.sh create-alias ldcSystemPassword --cluster hdp --value hadoop
