ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Levas <rle...@hortonworks.com>
Subject Re: Need help in Ambari - Active Directory Integration
Date Thu, 17 Dec 2015 21:51:29 GMT
Darpan…

The Manger DN request is expecting a distinguished name value, not a principal name.  A distinguished
name would look something like CN=darpan,CN=Users,DC=test,DC=com, which may reference the
same account as darpan@TEST.COM (which would be the userPrincipalName) or darpan (which would
be be sAMAccountName).

Rob


From: Darpan Patel <darpanbe@gmail.com<mailto:darpanbe@gmail.com>>
Reply-To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>>
Date: Thursday, December 17, 2015 at 4:35 PM
To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>>
Subject: Re: Need help in Ambari - Active Directory Integration

Many Thanks Robert.

I made the corresponding changes and specifying bind anonymously to false.  Thanks the old
issue is gone now. But still I am facing strange issue. I am giving the Manager DN = darpan@TEST.COM<mailto:darpan@TEST.COM>
and trying to synch all the users of AD but on the console I see :

Syncing all.ERROR: Exiting with exit code 1.
REASON: Sync event creation failed. Error details: HTTP Error 403: Bad credentials

(It is kind of strange because I just issued the valid TGT using kinit darpan@TEST.COM<mailto:darpan@TEST.COM>
without any issues!!!!)

There is only one line the logs:
17 Dec 2015 21:24:07,682  INFO [qtp-client-23] FilterBasedLdapUserSearch:89 - SearchBase not
set. Searches will be performed from the root: cn=Users,dc=test,dc=com

Regards,
DP


On 17 December 2015 at 17:55, Robert Levas <rlevas@hortonworks.com<mailto:rlevas@hortonworks.com>>
wrote:
However, I don’t think that these changes will help with the authentication/bind issue.
 For that, when asked to bind anonymously, you should answer false and then set the Manager
DN value to the DN of a user with read access to the specified container in your Active Directory.

I hope this helps,

Rob


From: Darpan Patel <darpanbe@gmail.com<mailto:darpanbe@gmail.com>>
Reply-To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>>
Date: Thursday, December 17, 2015 at 12:20 PM
To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>>
Subject: Re: Need help in Ambari - Active Directory Integration

Forgot to mention that logs show Naming Exception.
[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this
operation a successful bind must be completed on the connection., data 0, v1db1]; remaining
name 'CN=Users,DC=test,DC=com'

17 Dec 2015 16:36:08,801 FATAL [pool-7-thread-1] AbstractRequestControlDirContextProcessor:186
- No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl
17 Dec 2015 16:36:08,802 ERROR [pool-7-thread-1] LdapSyncEventResourceProvider:434 - Caught
exception running LDAP sync.
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during
LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC:
LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must
be completed on the connection., data 0, v1db1]; remaining name 'CN=Users,DC=test,DC=com'
        at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606)
        at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getFilteredLdapUsers(AmbariLdapDataPopulator.java:549)


On 17 December 2015 at 17:19, Darpan Patel <darpanbe@gmail.com<mailto:darpanbe@gmail.com>>
wrote:
Hi guys,

I am trying to integrate A/D 2012 Server with Ambari.
I have doubt that some of the properties are not correct.
I am tried various permutation combinations but not successful yet.  Could anyone review and
help fixing it ?

Active directory domain controller name is : TEST.COM<http://TEST.COM>

On the console here are the values I am passing:
$ambari-server setup-ldap

Setting up LDAP properties...
Primary URL* {host:port} :IP_OF_AD_SERVER:389
Use SSL* [true/false] : false
User object class* :person
User name attribute* :sAMAccountName
Group object class* :User
Group name attribute* : User
Group member attribute* :member
Distinguished name attribute* :CN=Users,DC=test,DC=com
Base DN* :CN=Users,DC=test,DC=com
Referral method [follow/ignore] :ignore
Bind anonymously* [true/false] :true

====================
Review Settings
====================
Save settings [y/n] (y)?y
Saving...done
Ambari Server 'setup-ldap' completed successfully.


Regards,
DP


Mime
View raw message