Configuring Ambari Authentication with LDAP/AD
Also available as:
PDF

Generic, Open LDAP setup example

If the users for whom you want to enable authentication into Ambari UI are stored in LDAP, you should configure Ambari to integrate directly against your LDAP instance. Selecting Generic LDAP as an LDAP type helps the wizard configure some smarter defaults for the the attribute values that tend to work in most OpenLDAP instances.

Gather details about your OpenLDAP instance from your LDAP administrator and provide them as input to the cli wizard. Verify the settings before you confirm them as these instances can be configured in various ways.

To configure LDAP integration against generic LDAP using the cli wizard:

  1. Run ambari-server setup-ldap on the Ambari server host.
  2. Provide the following information about your domain.
    PromptExample value for OpenLDAP
    Please select the type of LDAP you want to use : Generic
    Primary URL Host* openldap.hortonworks.site
    Primary URL Port 389
    Secondary URL Host (optional)  
    Secondary URL Port (optional)  
    Use SSL* false
    Do you want to provide custom TrustStore for Ambari [y/n] n
    TrustStore type  
    Path to TrustStore  
    Password for TrustStore  
    User object class organizationalPerson
    User name attribute* uid
    Group object class* groupOfNames
    Group name attribute* cn
    Group member attribute* uniquemember
    Distinguished name attribute*  
    Search Base ou=people,dc=hortonworks,dc=site
    Referral method* follow
    Bind anonymously* false
    Bind DN: uid=ldapbind,ou=people,dc=hortonworks,dc=site
    Bind DN Password:  
    Handling behavior for username collisions: convert
    Force lower-case user names true
    Results from LDAP are paginated when requeste false
  3. Verify your default settings.
Synchronize your LDAP users and groups.