ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darpan Patel <darpa...@gmail.com>
Subject Re: Need help in Ambari - Active Directory Integration
Date Thu, 17 Dec 2015 23:25:43 GMT
Thanks Robert for the quick reply.

I am copying the DN from Active directory : CN=Darpan
Patel,CN=Users,DC=test,DC=com and keeping the same while configuring the
Ambari LDAP setting.  i.e. Manager DN*: CN=Darpan
Patel,CN=Users,DC=test,DC=com

But the error is still the same : Syncing all.ERROR: Exiting with exit code
1.
REASON: Sync event creation failed. Error details: HTTP Error 403: Bad
credentials


On 17 December 2015 at 21:51, Robert Levas <rlevas@hortonworks.com> wrote:

> Darpan…
>
> The Manger DN request is expecting a distinguished name value, not a
> principal name.  A distinguished name would look something like
> *CN=darpan,CN=Users,DC=test,DC=com*, which may reference the same account
> as darpan@TEST.COM (which would be the userPrincipalName) or darpan
> (which would be be sAMAccountName).
>
> Rob
>
>
> From: Darpan Patel <darpanbe@gmail.com>
> Reply-To: "user@ambari.apache.org" <user@ambari.apache.org>
> Date: Thursday, December 17, 2015 at 4:35 PM
>
> To: "user@ambari.apache.org" <user@ambari.apache.org>
> Subject: Re: Need help in Ambari - Active Directory Integration
>
> Many Thanks Robert.
>
> I made the corresponding changes and specifying bind anonymously to
> false.  Thanks the old issue is gone now. But still I am facing strange
> issue. I am giving the Manager DN = darpan@TEST.COM and trying to synch
> all the users of AD but on the console I see :
>
> *Syncing all.ERROR: Exiting with exit code 1.*
> *REASON: Sync event creation failed. Error details: HTTP Error 403: Bad
> credentials*
>
> *(It is kind of strange because I just issued the valid TGT using kinit
> darpan@TEST.COM <darpan@TEST.COM> without any issues!!!!)*
>
> There is only one line the logs:
> 17 Dec 2015 21:24:07,682  INFO [qtp-client-23]
> FilterBasedLdapUserSearch:89 - SearchBase not set. Searches will be
> performed from the root: cn=Users,dc=test,dc=com
>
> Regards,
> DP
>
>
> On 17 December 2015 at 17:55, Robert Levas <rlevas@hortonworks.com> wrote:
>
>> However, I don’t think that these changes will help with the
>> authentication/bind issue.  For that, when asked to bind anonymously, you
>> should answer *false* and then set the Manager DN value to the DN of a
>> user with read access to the specified container in your Active Directory.
>>
>> I hope this helps,
>>
>> Rob
>>
>>
>> From: Darpan Patel <darpanbe@gmail.com>
>> Reply-To: "user@ambari.apache.org" <user@ambari.apache.org>
>> Date: Thursday, December 17, 2015 at 12:20 PM
>> To: "user@ambari.apache.org" <user@ambari.apache.org>
>> Subject: Re: Need help in Ambari - Active Directory Integration
>>
>> Forgot to mention that logs show Naming Exception.
>> [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order
>> to perform this operation a successful bind must be completed on the
>> connection., data 0, v1db1]; remaining name 'CN=Users,DC=test,DC=com'
>>
>> 17 Dec 2015 16:36:08,801 FATAL [pool-7-thread-1]
>> AbstractRequestControlDirContextProcessor:186 - No matching response
>> control found for paged results - looking for 'class
>> javax.naming.ldap.PagedResultsResponseControl
>> 17 Dec 2015 16:36:08,802 ERROR [pool-7-thread-1]
>> LdapSyncEventResourceProvider:434 - Caught exception running LDAP sync.
>> *org.springframework.ldap.UncategorizedLdapException: Uncategorized
>> exception occured during LDAP processing; nested exception is
>> javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr:
>> DSID-0C0906E8, comment: In order to perform this operation a successful
>> bind must be completed on the connection., data 0, v1db1]; remaining name
>> 'CN=Users,DC=test,DC=com'*
>>         at
>> org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217)
>>         at
>> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
>>         at
>> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
>>         at
>> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606)
>>         at
>> org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getFilteredLdapUsers(AmbariLdapDataPopulator.java:549)
>>
>>
>> On 17 December 2015 at 17:19, Darpan Patel <darpanbe@gmail.com> wrote:
>>
>>> Hi guys,
>>>
>>> I am trying to integrate A/D 2012 Server with Ambari.
>>> I have doubt that some of the properties are not correct.
>>> I am tried various permutation combinations but not successful yet.
>>> Could anyone review and help fixing it ?
>>>
>>> *Active directory domain controller* name is : TEST.COM
>>>
>>> On the console here are the values I am passing:
>>> *$ambari-server setup-ldap*
>>>
>>> Setting up LDAP properties...
>>> *Primary URL* {host:port}* :IP_OF_AD_SERVER:389
>>> *Use SSL* [true/false] *: false
>>> *User object class** :person
>>> *User name attribute** :sAMAccountName
>>> *Group object class* :*User
>>> *Group name attribute* : *User
>>> *Group member attribute* :*member
>>> *Distinguished name attribute* :*CN=Users,DC=test,DC=com
>>> *Base DN* :*CN=Users,DC=test,DC=com
>>> *Referral method [follow/ignore] :*ignore
>>> *Bind anonymously* [*true/false] :true
>>>
>>> ====================
>>> Review Settings
>>> ====================
>>> Save settings [y/n] (y)?y
>>> Saving...done
>>> Ambari Server 'setup-ldap' completed successfully.
>>>
>>>
>>> Regards,
>>> DP
>>>
>>
>>
>

Mime
View raw message