Configuring Ambari Authentication with LDAP/AD
Also available as:
PDF

Set Up LDAP User Authentication

By default, Ambari uses an internal database as the user store for authentication and authorization. If you wish to add LDAP external authentication in addition for Ambari Web, you need to make some edits to the Ambari properties file.

  1. On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with a text editor.
  2. Make the following edits:
    1. Add the client security property and set it to LDAP: client.security=ldap.
    2. Add the following properties and values:

      Property

      Values

      Description

      authentication.ldap.primaryUrl

      server:port

      The hostname and port for the LDAP or AD server. Example: my.ldap.server:389

      authentication.ldap.secondaryUrl

      server:port

      The hostname and port for the secondary LDAP or AD server. Example: my.secondary.ldap.server:389 This is an optional value.

      authentication.ldap.useSSL

      true or false

      If true, use SSL when connecting to the LDAP or AD server.

      authentication.ldap.usernameAttribute

      [LDAP attribute]

      The attribute for username. Example: uid

      authentication.ldap.baseDn

      [Distinguished Name]

      The root Distinguished Name to search in the directory for users. Example: ou=people,dc=hadoop,dc=apache,dc=org

      authentication.ldap.referral

      [Referral method]

      Determines if LDAP referrals should be followed, or ignored.

      authentication.ldap.bindAnonymously

      true or false

      If true, bind to the LDAP or AD server anonymously

      authentication.ldap.managerDn

      [Full Distinguished Name]

      If Bind anonymous is set to false, the Distinguished Name (“DN”) for the manager. Example: uid=hdfs,ou=people,dc=hadoop,dc=apache,dc=org

      authentication.ldap.managerPassword

      [password]

      If Bind anonymous is set to false, the password for the manager

      authentication.ldap.userObjectClass

      [LDAP Object Class]

      The object class that is used for users. Example: organizationalPerson

      authentication.ldap.groupObjectClass

      [LDAP Object Class]

      The object class that is used for groups. Example: groupOfUniqueNames

      authentication.ldap.groupMembershipAttr

      [LDAP attribute]

      The attribute for group membership. Example: uniqueMember

      authentication.ldap.groupNamingAttr

      [LDAP attribute]

      The attribute for group name.