Configuring Ambari Authentication with LDAP/AD
Also available as:
PDF

Synchronize LDAP Users and Groups

How to synchronize LDAP users and groups in Ambari.

The ambari-server sync-ldap [option] utility provides three options for synchronization:
  • Specific set of users and groups
  • Synchronize the existing users and groups in Ambari with LDAP
  • All users and groups
Run the LDAP synchronize command and answer the prompts to initiate the sync: ambari-server sync-ldap [option]:
Option Description Notes
--users users.txt --groups groups.txt Specific Set of Users and Groups Use this option to synchronize a specific set of users and groups from LDAP into Ambari. Provide the command a text file of comma-separated users and groups. The comma separated entries in each of these files should be based off of the values in LDAP of the attributes chosen during setup. The "User name attribute" should be used for the users.txt file, and the "Group name attribute" should be used for the groups.txt file. This command will find, import, and synchronize the matching LDAP entities with Ambari.
--existing Existing users and groups After you have performed a synchronization of a specific set of users and groups (above), you use this option to synchronize only those entities that are in Ambari with LDAP. Users will be removed from Ambari if they no longer exist in LDAP, and group membership in Ambari will be updated to match LDAP.
--all All users and groups

Only use this option if you are sure you want to synchronize all users and groups from LDAP into Ambari. If you only want to synchronize a subset of users and groups, use a specific set of users and groups option.

This will import all entities with matching LDAP user and group object classes into Ambari.

Review log files for failed synchronization attempts, at /var/log/ambari-server/ambari-server.log on the Ambari Server host.