Return-Path: X-Original-To: apmail-ambari-user-archive@www.apache.org Delivered-To: apmail-ambari-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 22ACE18BD2 for ; Fri, 18 Dec 2015 10:39:32 +0000 (UTC) Received: (qmail 44732 invoked by uid 500); 18 Dec 2015 10:39:31 -0000 Delivered-To: apmail-ambari-user-archive@ambari.apache.org Received: (qmail 44699 invoked by uid 500); 18 Dec 2015 10:39:31 -0000 Mailing-List: contact user-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@ambari.apache.org Delivered-To: mailing list user@ambari.apache.org Received: (qmail 44689 invoked by uid 99); 18 Dec 2015 10:39:31 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Dec 2015 10:39:31 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 63B0EC0D3D for ; Fri, 18 Dec 2015 10:39:31 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.901 X-Spam-Level: ** X-Spam-Status: No, score=2.901 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id RCZw1x5sseyM for ; Fri, 18 Dec 2015 10:39:20 +0000 (UTC) Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 17FA82026F for ; Fri, 18 Dec 2015 10:39:20 +0000 (UTC) Received: by mail-wm0-f48.google.com with SMTP id l126so59825222wml.1 for ; Fri, 18 Dec 2015 02:39:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=2st+IfOBd0cw1GQ3H272vXED9sKaWp3yaMtuwMsDr1A=; b=ZLm0AiXgCgriCZqo9DRc8YkCBrFEPrZyBMkXUEh2V9lPjY6y2E7ptkR9Z1aCcnnZP9 6DlKKfYaKkMjA6GlCpucQtj0/IOI5qDImWeZSqSxoG+HziDpg/bR5FhS3v5h49K2GgLs /mCf34zhe5rd35LgJlBQq2B+5L5XtZ5mb3c1rTNVmtBM8cpnE7X2a0+aQ1TBjdCjxOAt /U27+8AiMw7slWYc8makSeyVtqzgm+H4Wlr0ooXuPIQT3ePDc4JEaYlQJ85jW1jdIQTT ILwDOEXqXmaN6En4OQxptnoHHKZZGqA7uEXr05Jk8rslBeBljJ+Nea6F7jtxyu6/vNt9 Jcug== MIME-Version: 1.0 X-Received: by 10.28.3.131 with SMTP id 125mr2209768wmd.64.1450435159737; Fri, 18 Dec 2015 02:39:19 -0800 (PST) Received: by 10.27.211.14 with HTTP; Fri, 18 Dec 2015 02:39:19 -0800 (PST) In-Reply-To: References: <8CFA93FC-9F81-4138-BF0E-9ADEC963E99D@hortonworks.com> Date: Fri, 18 Dec 2015 10:39:19 +0000 Message-ID: Subject: Re: Need help in Ambari - Active Directory Integration From: Darpan Patel To: user@ambari.apache.org Content-Type: multipart/alternative; boundary=001a1145315877494c052729c024 --001a1145315877494c052729c024 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Folks, While trying to setup A/D for Ambari, I am not able to login to Ambari console also using default admin/admin. Neither able to synch fully. My Active Directory domain is : TEST.COM and one of the valid users in that is Darpan Patel (principal : darpan@TEST.COM). Here are the list of properties from /etc/ambari-server/conf/ambari.properties With the following properties still I am not able to synch the users. api.authenticate=3Dtrue authentication.ldap.baseDn=3DCN=3DUsers,DC=3Dtest,DC=3Dcom authentication.ldap.bindAnonymously=3Dfalse authentication.ldap.dnAttribute=3DCN=3DUsers,DC=3Dtest,DC=3Dcom authentication.ldap.groupMembershipAttr=3Duid authentication.ldap.groupNamingAttr=3Dcn authentication.ldap.groupObjectClass=3Dgroup authentication.ldap.managerDn=3DCN=3DDarpan Patel,CN=3Dusers,DC=3Dtest,DC= =3Dcom authentication.ldap.managerPassword=3D/etc/ambari-server/conf/ldap-password= .dat authentication.ldap.primaryUrl=3DIP_OF_AD_MACHINE:389 authentication.ldap.referral=3Dignore authentication.ldap.secondaryUrl=3DIP_OF_AD_MACHINE:389 authentication.ldap.useSSL=3Dfalse authentication.ldap.userObjectClass=3Dperson authentication.ldap.usernameAttribute=3DsAMAccountName Here is the list of sequence what I am trying to do : 1) $ ambari-server setup-ldap 2) Enter the above properties 3) Restart the ambari server 4) $ambari-server sync-ldap --all 5) Enter admin id/password (i.e. default Ambari Admin userid : admin/admin) also tried with darpan, darpan@TEST.COM 6) In all the cases I see : Syncing all.ERROR: Exiting with exit code 1. *REASON: Sync event creation failed. Error details: HTTP Error 403: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]* 7) Log shows : 18 Dec 2015 10:27:34,899 WARN [qtp-client-26] AmbariLdapAuthenticationProvider:71 - Looks like LDAP manager credentials (that are used for connecting to LDAP server) are invalid. org.springframework.security.authentication.InternalAuthenticationServiceEx= ception: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] -------------- Interesting thing is :* I am no longer to login to Ambari using admin/admin user*. On the ambari portal : when I use admin/admin it says invalid credentials. So I tried resetting the password to default by changing in the ambari.users db (update ambari.users set user_password=3D'538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4= af29ddbb6f2b1033b81b00' where user_name=3D'admin') To my curiosity when I see the ambari.users table few of the A/D users are present in the table. for example : ambari=3D> select * from ambari.users; user_id | principal_id | ldap_user | user_name | create_time | active | --------+--------------+-----------+---------------+----------------------= ------+------ 12 | 4 | 1 | pratlu | 2015-12-17 17:49:05.699 |1 | 3 | 6 | 1 | darpan | 2015-12-17 17:49:05.699 |1 | 13 | 3 | 1 | administrator | 2015-12-17 17:49:05.699 |1 | 4 | 5 | 1 | test | 2015-12-17 17:49:05.699 |1 | 14 | 11 | 1 | sanjay.sharma | 2015-12-17 17:49:05.699 |1 | 8 | 7 | 1 | guest | 2015-12-17 17:49:05.699 |1 | 10 | 14 | 1 | hadoop.com$ | 2015-12-17 17:49:05.699 |1 | 9 | 10 | 1 | devuser | 2015-12-17 17:49:05.699 |1 | 11 | 12 | 1 | dgotl | 2015-12-17 17:49:05.699 |1 | 7 | 9 | 1 | krbtgt | 2015-12-17 17:49:05.699 |1 | 1 | 1 | 1 | admin | 2015-11-09 23:47:08.368558 |1 | I also tried logging in to ambari web console using darpan, darpan@TEST.COM= , admin/admin but it does not work!! Did any one face similar issue ? Or can anyone suggest work around? Regards, Arpan On 17 December 2015 at 23:25, Darpan Patel wrote: > Thanks Robert for the quick reply. > > I am copying the DN from Active directory : CN=3DDarpan > Patel,CN=3DUsers,DC=3Dtest,DC=3Dcom and keeping the same while configurin= g the > Ambari LDAP setting. i.e. Manager DN*: CN=3DDarpan > Patel,CN=3DUsers,DC=3Dtest,DC=3Dcom > > But the error is still the same : Syncing all.ERROR: Exiting with exit > code 1. > REASON: Sync event creation failed. Error details: HTTP Error 403: Bad > credentials > > > On 17 December 2015 at 21:51, Robert Levas wrote= : > >> Darpan=E2=80=A6 >> >> The Manger DN request is expecting a distinguished name value, not a >> principal name. A distinguished name would look something like >> *CN=3Ddarpan,CN=3DUsers,DC=3Dtest,DC=3Dcom*, which may reference the sam= e >> account as darpan@TEST.COM (which would be the userPrincipalName) or >> darpan (which would be be sAMAccountName). >> >> Rob >> >> >> From: Darpan Patel >> Reply-To: "user@ambari.apache.org" >> Date: Thursday, December 17, 2015 at 4:35 PM >> >> To: "user@ambari.apache.org" >> Subject: Re: Need help in Ambari - Active Directory Integration >> >> Many Thanks Robert. >> >> I made the corresponding changes and specifying bind anonymously to >> false. Thanks the old issue is gone now. But still I am facing strange >> issue. I am giving the Manager DN =3D darpan@TEST.COM and trying to sync= h >> all the users of AD but on the console I see : >> >> *Syncing all.ERROR: Exiting with exit code 1.* >> *REASON: Sync event creation failed. Error details: HTTP Error 403: Bad >> credentials* >> >> *(It is kind of strange because I just issued the valid TGT using kinit >> darpan@TEST.COM without any issues!!!!)* >> >> There is only one line the logs: >> 17 Dec 2015 21:24:07,682 INFO [qtp-client-23] >> FilterBasedLdapUserSearch:89 - SearchBase not set. Searches will be >> performed from the root: cn=3DUsers,dc=3Dtest,dc=3Dcom >> >> Regards, >> DP >> >> >> On 17 December 2015 at 17:55, Robert Levas >> wrote: >> >>> However, I don=E2=80=99t think that these changes will help with the >>> authentication/bind issue. For that, when asked to bind anonymously, y= ou >>> should answer *false* and then set the Manager DN value to the DN of a >>> user with read access to the specified container in your Active Directo= ry. >>> >>> I hope this helps, >>> >>> Rob >>> >>> >>> From: Darpan Patel >>> Reply-To: "user@ambari.apache.org" >>> Date: Thursday, December 17, 2015 at 12:20 PM >>> To: "user@ambari.apache.org" >>> Subject: Re: Need help in Ambari - Active Directory Integration >>> >>> Forgot to mention that logs show Naming Exception. >>> [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In >>> order to perform this operation a successful bind must be completed on = the >>> connection., data 0, v1db1]; remaining name 'CN=3DUsers,DC=3Dtest,DC=3D= com' >>> >>> 17 Dec 2015 16:36:08,801 FATAL [pool-7-thread-1] >>> AbstractRequestControlDirContextProcessor:186 - No matching response >>> control found for paged results - looking for 'class >>> javax.naming.ldap.PagedResultsResponseControl >>> 17 Dec 2015 16:36:08,802 ERROR [pool-7-thread-1] >>> LdapSyncEventResourceProvider:434 - Caught exception running LDAP sync. >>> *org.springframework.ldap.UncategorizedLdapException: Uncategorized >>> exception occured during LDAP processing; nested exception is >>> javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: >>> DSID-0C0906E8, comment: In order to perform this operation a successful >>> bind must be completed on the connection., data 0, v1db1]; remaining na= me >>> 'CN=3DUsers,DC=3Dtest,DC=3Dcom'* >>> at >>> org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUti= ls.java:217) >>> at >>> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319= ) >>> at >>> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259= ) >>> at >>> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606= ) >>> at >>> org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getFilte= redLdapUsers(AmbariLdapDataPopulator.java:549) >>> >>> >>> On 17 December 2015 at 17:19, Darpan Patel wrote: >>> >>>> Hi guys, >>>> >>>> I am trying to integrate A/D 2012 Server with Ambari. >>>> I have doubt that some of the properties are not correct. >>>> I am tried various permutation combinations but not successful yet. >>>> Could anyone review and help fixing it ? >>>> >>>> *Active directory domain controller* name is : TEST.COM >>>> >>>> On the console here are the values I am passing: >>>> *$ambari-server setup-ldap* >>>> >>>> Setting up LDAP properties... >>>> *Primary URL* {host:port}* :IP_OF_AD_SERVER:389 >>>> *Use SSL* [true/false] *: false >>>> *User object class** :person >>>> *User name attribute** :sAMAccountName >>>> *Group object class* :*User >>>> *Group name attribute* : *User >>>> *Group member attribute* :*member >>>> *Distinguished name attribute* :*CN=3DUsers,DC=3Dtest,DC=3Dcom >>>> *Base DN* :*CN=3DUsers,DC=3Dtest,DC=3Dcom >>>> *Referral method [follow/ignore] :*ignore >>>> *Bind anonymously* [*true/false] :true >>>> >>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>>> Review Settings >>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>>> Save settings [y/n] (y)?y >>>> Saving...done >>>> Ambari Server 'setup-ldap' completed successfully. >>>> >>>> >>>> Regards, >>>> DP >>>> >>> >>> >> > --001a1145315877494c052729c024 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Folks,

While trying to setup A/D for= Ambari, I am not able to login to Ambari console also using default admin/= admin. Neither able to synch fully.

My Active Dire= ctory domain is : TEST.COM and one of the v= alid users in that is Darpan Patel (principal : darpan@TEST.COM). Here are the list of properties from /etc/amb= ari-server/conf/ambari.properties

With the fo= llowing properties still I am not able to synch the users.=C2=A0
=
api.authenticate=3Dtrue
authentication.ldap.baseDn= =3DCN=3DUsers,DC=3Dtest,DC=3Dcom
authentication.ldap.bindAnonymou= sly=3Dfalse
authentication.ldap.dnAttribute=3DCN=3DUsers,DC=3Dtes= t,DC=3Dcom
authentication.ldap.groupMembershipAttr=3Duid
authentication.ldap.groupNamingAttr=3Dcn
authentication.ldap.gr= oupObjectClass=3Dgroup
authentication.ldap.managerDn=3DCN=3DDarpa= n Patel,CN=3Dusers,DC=3Dtest,DC=3Dcom
authentication.ldap.manager= Password=3D/etc/ambari-server/conf/ldap-password.dat
authenticati= on.ldap.primaryUrl=3DIP_OF_AD_MACHINE:389
authentication.ldap.ref= erral=3Dignore
authentication.ldap.secondaryUrl=3DIP_OF_AD_MACHIN= E:389
authentication.ldap.useSSL=3Dfalse
authentication= .ldap.userObjectClass=3Dperson
authentication.ldap.usernameAttrib= ute=3DsAMAccountName

Here is the list of seq= uence what I am trying to do :

1) $ ambari-server = setup-ldap
2) Enter the above properties
3) Restart= the ambari server
4) $ambari-server sync-ldap --all
5)= Enter admin id/password (i.e. default Ambari Admin userid : admin/admin) a= lso tried with darpan, darpan@TEST.COM


=

ambari=3D> select * from ambari.users;
=C2= =A0user_id | principal_id | ldap_user | =C2=A0 user_name = =C2=A0 | =C2=A0 =C2=A0 =C2=A0 =C2=A0create_time =C2=A0 =C2=A0 =C2=A0 =C2=A0= | active | =C2=A0 =C2=A0 =C2=A0 =C2=A0
= =C2=A0--------+--------------+-----------+---------------+-----------------= -----------+------
=C2=A0 =C2=A0 =C2=A0 1= 2 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A04 | =C2=A0 =C2=A0 =C2=A0 =C2= =A0 1 | pratlu =C2=A0 =C2=A0 =C2=A0 =C2=A0| 2015-12-17 17:49:05.699 =C2=A0 = =C2=A0|1 |
=C2=A0 =C2=A0 =C2=A0 =C2=A03 |= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A06 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 1= | darpan =C2=A0 =C2=A0 =C2=A0 =C2=A0| 2015-12-17 17:49:05.699 =C2=A0 =C2= =A0|1 |
=C2=A0 =C2=A0 =C2=A0 13 | =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A03 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 1 | admin= istrator | 2015-12-17 17:49:05.699 =C2=A0 =C2=A0|1 |
=C2=A0 =C2=A0 =C2=A0 =C2=A04 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A05 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 1 | test =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0| 2015-12-17 17:49:05.699 =C2=A0 =C2=A0|1 |
=C2=A0 =C2=A0 =C2=A0 14 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 1= 1 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 1 | sanjay.sharma | 2015-12-17 17:49:05.699= =C2=A0 =C2=A0|1 |
=C2=A0 =C2=A0 =C2=A0 = =C2=A08 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A07 | =C2=A0 =C2=A0 =C2=A0= =C2=A0 1 | guest =C2=A0 =C2=A0 =C2=A0 =C2=A0 | 2015-12-17 17:49:05.699 =C2= =A0 =C2=A0|1 |
=C2=A0 =C2=A0 =C2=A0 = =C2=A09 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 10 | =C2=A0 =C2=A0 =C2=A0 =C2= =A0 1 | devuser =C2=A0 =C2=A0 =C2=A0 | 2015-12-17 17:49:05.699 =C2=A0 =C2= =A0|1 |
=C2=A0 =C2=A0 =C2=A0 11 | =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 12 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 1 | dgotl =C2= =A0 =C2=A0 =C2=A0 =C2=A0 | 2015-12-17 17:49:05.699 =C2=A0 =C2=A0|1 |=
=C2=A0 =C2=A0 =C2=A0 =C2=A07 | =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A09 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 1 | krbtgt =C2= =A0 =C2=A0 =C2=A0 =C2=A0| 2015-12-17 17:49:05.699 =C2=A0 =C2=A0|1 |<= /div>
=C2=A0 =C2=A0 =C2=A0 =C2=A01 | =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A01 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 1 | admin =C2=A0 = =C2=A0 =C2=A0 =C2=A0 | 2015-11-09 23:47:08.368558 |1 |=C2=A0

I also tried logging in to ambari web console using= darpan, darpan@TEST.COM, admin/admi= n but it does not work!!

Did any one face similar = issue ? Or can anyone suggest work around?

Regards= ,
Arpan

On 17 December 2015 at 23:25, Darpan Patel &l= t;darpanbe@gmail.co= m> wrote:
= Thanks Robert for the quick reply.

I am copying the DN f= rom Active directory :=C2=A0CN=3DDarpan Patel,CN=3DUsers,DC=3Dtest,DC=3Dcom= and keeping the same while configuring the Ambari LDAP setting. =C2=A0i.e.= Manager DN*: CN=3DDarpan Patel,CN=3DUsers,DC=3Dtest,DC=3Dcom
But the error is still the same : Syncing all.ERROR: Exiting wi= th exit code 1.
REASON: Sync event creation fail= ed. Error details: HTTP Error 403: Bad credentials


On 17 December 2015 at 21:51, Robert Levas = <rlevas@hortonworks.com> wrote:
Darpan=E2=80=A6

The Manger DN request is expecting a distinguished name value, not a p= rincipal name.=C2=A0 A distinguished name would look something like CN=3Ddarpan,CN=3DUsers,DC=3Dtest,DC=3Dcom, which may reference the s= ame account as darpan@= TEST.COM (which would be the userPrincipalName) or darpan (which would = be be sAMAccountName).

Rob


From: Darpan Patel <darpanbe@gmail.com>
Reply-To: "user@ambari.apache.org" &= lt;user@ambari.= apache.org>
Date: Thursday, December 17,= 2015 at 4:35 PM

To: "user@ambari.apache.org" <user@ambari.apache= .org>
Subject: Re: Need help in Ambari - = Active Directory Integration

Many Thanks Robert.

I made the corresponding changes and specifying bind anonymously to fa= lse.=C2=A0 Thanks the old issue is gone now. But still I am facing strange = issue. I am giving the Manager DN =3D darpan@TEST.COM an= d trying to synch all the users of AD but on the console I see :=C2=A0

Syncing all.ERROR: Exiting with exit code 1.
REASON: Sync event creation failed. Error details: HTTP Error 403: = Bad credentials
=C2=A0
(It is kind of strange because I just issued the valid TGT using ki= nit darpan@TEST.COM without any issues!!!!)

There is only one line the logs:
17 Dec 2015 21:24:07,682 =C2=A0INFO [qtp-client-23] FilterBasedLdapUse= rSearch:89 - SearchBase not set. Searches will be performed from the root: = cn=3DUsers,dc=3Dtest,dc=3Dcom

Regards,
DP


On 17 December 2015 at 17:55, Robert Levas <rlevas@hort= onworks.com> wrote:
However, I don=E2=80=99t = think that these changes will help with the authentication/bind issue.=C2= =A0 For that, when asked to bind anonymously, you should answer false and then set the=C2=A0Manager DN value = to the DN of a user with read access to the specified container in your Act= ive Directory.=C2=A0

I hope this helps,

Rob


From: Darpan Patel <darpanbe@gmail.com>
Reply-To: "user@ambari.apache.org" &= lt;user@ambari.= apache.org>
Date: Thursday, December 17, 2015 a= t 12:20 PM
To: "user@ambari.apache.org" <user@ambari.apache= .org>
Subject: Re: Need help in Ambari - = Active Directory Integration

Forgot to mention that logs show Naming Exception.
[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In or= der to perform this operation a successful bind must be completed on the co= nnection., data 0, v1db1]; remaining name 'CN=3DUsers,DC=3Dtest,DC=3Dco= m'

17 Dec 2015 16:36:08,801 FATAL [pool-7-thread-1] AbstractRequestContro= lDirContextProcessor:186 - No matching response control found for paged res= ults - looking for 'class javax.naming.ldap.PagedResultsResponseControl=
17 Dec 2015 16:36:08,802 ERROR [pool-7-thread-1] LdapSyncEventResource= Provider:434 - Caught exception running LDAP sync.
org.springframework.ldap.UncategorizedLdapException: Uncategorized = exception occured during LDAP processing; nested exception is javax.naming.= NamingException: [LDAP: error code 1 - 0= 00004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operatio= n a successful bind must be completed on the connection., data 0, v1db1]; r= emaining name 'CN=3DUsers,DC=3Dtest,DC=3Dcom'
=C2=A0 =C2=A0 =C2=A0 =C2=A0 at org.springframework.ldap.support.LdapUt= ils.convertLdapException(LdapUtils.java:217)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 at org.springframework.ldap.core.LdapTempl= ate.search(LdapTemplate.java:319)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 at org.springframework.ldap.core.LdapTempl= ate.search(LdapTemplate.java:259)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 at org.springframework.ldap.core.LdapTempl= ate.search(LdapTemplate.java:606)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 at org.apache.ambari.server.security.ldap.= AmbariLdapDataPopulator.getFilteredLdapUsers(AmbariLdapDataPopulator.java:5= 49)


On 17 December 2015 at 17:19, Darpan Patel <darpanbe@gmail.= com> wrote:
Hi guys,

I am trying to integrate A/D 2012 Server with Ambari.
I have doubt that some of the properties are not correct.
I am tried various permutation combinations but not successful yet.=C2= =A0 Could anyone review and help fixing it ?

Active directory domain controller name is : TEST.COM

On the console here are the values I am passing:
$ambari-server setup-ldap

Setting up LDAP properties...
Primary URL* {host:port} :IP_OF_AD_SERVER:389
Use SSL* [true/false] : false
User object class* :person
User name attribute* :sAMAccountName
Group object class* :User
Group name attribute* : User
Group member attribute* :member
Distinguished name attribute* :CN=3DUsers,DC=3Dtest,DC=3Dcom
Base DN* :CN=3DUsers,DC=3Dtest,DC=3Dcom
Referral method [follow/ignore] :ignore
Bind anonymously* [true/false] :true

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Review Settings
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Save settings [y/n] (y)?y
Saving...done
Ambari Server 'setup-ldap' completed successfully.


Regards,
DP




--001a1145315877494c052729c024--