incubator-ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mahadev Konar <maha...@hortonworks.com>
Subject Re: LDAP authentication
Date Thu, 17 Oct 2013 20:44:54 GMT
Artem,
 If you are able to run ldap search without providing a truststore (meaning) something like:

ldapsearch  -H 'ldaps://test.mydomain.com/' …… 

you don't really need to provide a local CA to Ambari.

thanks
mahadev


On Oct 17, 2013, at 1:30 PM, Artem Ervits <are9004@nyp.org> wrote:

> Anyone?
> 
> -----Original Message-----
> From: Artem Ervits [mailto:are9004@nyp.org] 
> Sent: Wednesday, October 16, 2013 5:58 PM
> To: ambari-user@incubator.apache.org
> Subject: RE: LDAP authentication
> 
> It does say it is ldaps:// so I setup a truststore. Also, I spoke to our LDAP guy, he
says I need to tell Ambari to trust a local CA. How do I provide a local CA to Ambari?
> 
> Thanks
> 
> -----Original Message-----
> From: Mahadev Konar [mailto:mahadev@hortonworks.com]
> Sent: Wednesday, October 16, 2013 5:29 PM
> To: ambari-user@incubator.apache.org
> Subject: Re: LDAP authentication
> 
> All you need to do post that is login via an ldap user. If a ldap user has already logged
in you will see that user in the admin tab. As of now we do not get list of all the users
in ldap on that page. Only shows up once a ldap user logs in.
> 
> ALso, trustsore no is ok unless you are using a ldaps which need a truststore for verification.
> 
> mahadev
> 
> On Oct 16, 2013, at 2:23 PM, Artem Ervits <are9004@nyp.org> wrote:
> 
>> That's really convenient, didn't see that option before and didn't see 
>> documentation for it either. So I followed the questions and it picked 
>> up all of my answers from the manual configuration. One additional 
>> question was to setup a custom truststore, to which I replied no.
>> Other than that, in Ambari UI do I need to add a user which is in LDAP 
>> in order to authenticate? I only see an option to add local users. I 
>> am using Ambari 1.2.5
>> 
>> Thanks
>> 
>> -----Original Message-----
>> From: Mahadev Konar [mailto:mahadev@hortonworks.com]
>> Sent: Wednesday, October 16, 2013 5:07 PM
>> To: ambari-user@incubator.apache.org
>> Subject: Re: LDAP authentication
>> 
>> Artem,
>> You might want to use ambari-server setup-ldap to help you go through the ldap setup.
That way you wont miss any properties in your ldap setup.
>> 
>> thanks
>> mahadev
>> Mahadev Konar
>> Hortonworks Inc.
>> http://hortonworks.com/
>> 
>> 
>> On Wed, Oct 16, 2013 at 2:02 PM, Artem Ervits <are9004@nyp.org> wrote:
>>> Hello all,
>>> 
>>> 
>>> 
>>> I'm trying to configure Ambari with LDAP and I'm a bit stuck.
>>> 
>>> 
>>> 
>>> I filled out all of the properties in the installation guide, 
>>> however, I am not able to authenticate with Ambari. I see the following in the
logs:
>>> 
>>> 
>>> 
>>> INFO AmbariLocalUserDetailsService:67 - user not found
>>> 
>>> INFO AmbariLdapAuthenticationProvider:128 - Reloading properties
>>> 
>>> INFO AmbariLdapAuthenticationProvider:78 - LDAP Properties changed - 
>>> rebuilding Context
>>> 
>>> INFO AbstractContextSource:330 - Property 'userDn' not set - 
>>> anonymous context will be used for read-write operations
>>> 
>>> INFO FilterBasedLdapUserSearch:89 - SearchBase not set. Searches will 
>>> be performed from the root: ou=IS,o=nyp.org
>>> 
>>> 
>>> 
>>> Should I add more detail to the Ambari properties file?
>>> 
>>> 
>>> 
>>> Thanks.
>>> 
>>> 
>>> 
>>> Artem Ervits
>>> 
>>> New York Presbyterian Hospital
>>> 
>>> 
>>> 
>>> 
>>> This electronic message is intended to be for the use only of the 
>>> named recipient, and may contain information that is confidential or privileged.
>>> If you are not the intended recipient, you are hereby notified that 
>>> any disclosure, copying, distribution or use of the contents of this 
>>> message is strictly prohibited. If you have received this message in 
>>> error or are not the named recipient, please notify us immediately by 
>>> contacting the sender at the electronic mail address noted above, and 
>>> delete and destroy all copies of this message. Thank you.
>> 
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity to which
it is addressed and may contain information that is confidential, privileged and exempt from
disclosure under applicable law. If the reader of this message is not the intended recipient,
you are hereby notified that any printing, copying, dissemination, distribution, disclosure
or forwarding of this communication is strictly prohibited. If you have received this communication
in error, please contact the sender immediately and delete it from your system. Thank You.
>> 
>> This electronic message is intended to be for the use only of the named recipient,
and may contain information that is confidential or privileged.  If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution or use of the
contents of this message is strictly prohibited.  If you have received this message in error
or are not the named recipient, please notify us immediately by contacting the sender at the
electronic mail address noted above, and delete and destroy all copies of this message.  Thank
you.
> 
> 
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to which it
is addressed and may contain information that is confidential, privileged and exempt from
disclosure under applicable law. If the reader of this message is not the intended recipient,
you are hereby notified that any printing, copying, dissemination, distribution, disclosure
or forwarding of this communication is strictly prohibited. If you have received this communication
in error, please contact the sender immediately and delete it from your system. Thank You.
> 
> This electronic message is intended to be for the use only of the named recipient, and
may contain information that is confidential or privileged.  If you are not the intended recipient,
you are hereby notified that any disclosure, copying, distribution or use of the contents
of this message is strictly prohibited.  If you have received this message in error or are
not the named recipient, please notify us immediately by contacting the sender at the electronic
mail address noted above, and delete and destroy all copies of this message.  Thank you.
> 
> ________________________________
> 
> Confidential Information subject to NYP's (and its affiliates') information management
and security policies (http://infonet.nyp.org/QA/HospitalManual).
> 
> This electronic message is intended to be for the use only of the named recipient, and
may contain information that is confidential or privileged.  If you are not the intended recipient,
you are hereby notified that any disclosure, copying, distribution or use of the contents
of this message is strictly prohibited.  If you have received this message in error or are
not the named recipient, please notify us immediately by contacting the sender at the electronic
mail address noted above, and delete and destroy all copies of this message.  Thank you.


-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Mime
View raw message