Return-Path: X-Original-To: apmail-incubator-ambari-user-archive@minotaur.apache.org Delivered-To: apmail-incubator-ambari-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C43481070D for ; Wed, 16 Oct 2013 22:17:30 +0000 (UTC) Received: (qmail 30875 invoked by uid 500); 16 Oct 2013 22:09:56 -0000 Delivered-To: apmail-incubator-ambari-user-archive@incubator.apache.org Received: (qmail 29180 invoked by uid 500); 16 Oct 2013 22:07:06 -0000 Mailing-List: contact ambari-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-user@incubator.apache.org Delivered-To: mailing list ambari-user@incubator.apache.org Received: (qmail 20024 invoked by uid 99); 16 Oct 2013 21:58:24 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Oct 2013 21:58:24 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [216.82.254.101] (HELO mail1.bemta7.messagelabs.com) (216.82.254.101) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Oct 2013 21:58:19 +0000 Received: from [216.82.253.67:21024] by server-5.bemta-7.messagelabs.com id 86/69-10584-6EB0F525; Wed, 16 Oct 2013 21:57:58 +0000 X-Env-Sender: are9004@nyp.org X-Msg-Ref: server-13.tower-158.messagelabs.com!1381960664!2830988!16 X-Originating-IP: [143.104.101.21] X-StarScan-Received: X-StarScan-Version: 6.9.12; banners=nyp.org,-,- X-VirusChecked: Checked Received: (qmail 29297 invoked from network); 16 Oct 2013 21:57:57 -0000 Received: from unknown (HELO smtp.nyp.org) (143.104.101.21) by server-13.tower-158.messagelabs.com with AES128-SHA encrypted SMTP; 16 Oct 2013 21:57:57 -0000 Received: from smtp.nyp.org (10.172.133.188) by NYSGEXED02.nyp.org (10.172.133.181) with Microsoft SMTP Server id 14.2.347.0; Wed, 16 Oct 2013 17:58:50 -0400 Received: from NYSGMBXB06.a.wcmc-ad.net ([fe80::99d1:b8de:2f4c:5323]) by NYSGCAS03.a.wcmc-ad.net ([::1]) with mapi id 14.02.0318.004; Wed, 16 Oct 2013 17:57:50 -0400 From: Artem Ervits To: "ambari-user@incubator.apache.org" Subject: RE: LDAP authentication Thread-Topic: LDAP authentication Thread-Index: Ac7KssYOUqbSznSyRtePVl89KdBU4QAInSEAAAfsTGD//8aIgIAAPCUw Date: Wed, 16 Oct 2013 21:57:48 +0000 Message-ID: <99DD75DC8938B743BBBC2CA54F7224A70E5267E2@NYSGMBXB06.a.wcmc-ad.net> References: <99DD75DC8938B743BBBC2CA54F7224A70E526691@NYSGMBXB06.a.wcmc-ad.net> <99DD75DC8938B743BBBC2CA54F7224A70E526732@NYSGMBXB06.a.wcmc-ad.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.172.132.5] x-received-by: Exchange Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Virus-Checked: Checked by ClamAV on apache.org It does say it is ldaps:// so I setup a truststore. Also, I spoke to our L= DAP guy, he says I need to tell Ambari to trust a local CA. How do I provi= de a local CA to Ambari?=20 Thanks -----Original Message----- From: Mahadev Konar [mailto:mahadev@hortonworks.com]=20 Sent: Wednesday, October 16, 2013 5:29 PM To: ambari-user@incubator.apache.org Subject: Re: LDAP authentication All you need to do post that is login via an ldap user. If a ldap user has= already logged in you will see that user in the admin tab. As of now we d= o not get list of all the users in ldap on that page. Only shows up once a= ldap user logs in. ALso, trustsore no is ok unless you are using a ldaps which need a trustst= ore for verification. mahadev On Oct 16, 2013, at 2:23 PM, Artem Ervits wrote: > That's really convenient, didn't see that option before and didn't see=20= > documentation for it either. So I followed the questions and it picked=20= > up all of my answers from the manual configuration. One additional=20 > question=20was to setup a custom truststore, to which I replied no.=20 > Other than that, in Ambari UI do I need to add a user which is in LDAP=20= > in order to authenticate? I only see an option to add local users. I=20 > am using Ambari 1.2.5 >=20 > Thanks >=20 > -----Original Message----- > From: Mahadev Konar [mailto:mahadev@hortonworks.com] > Sent: Wednesday, October 16, 2013 5:07 PM > To: ambari-user@incubator.apache.org > Subject: Re: LDAP authentication >=20 > Artem, > You might want to use ambari-server setup-ldap to help you go through th= e ldap setup. That way you wont miss any properties in your ldap setup. >=20 > thanks > mahadev > Mahadev Konar > Hortonworks Inc. > http://hortonworks.com/ >=20 >=20 > On Wed, Oct 16, 2013 at 2:02 PM, Artem Ervits wrote: >> Hello all, >>=20 >>=20 >>=20 >> I'm trying to configure Ambari with LDAP and I'm a bit stuck. >>=20 >>=20 >>=20 >> I filled out all of the properties in the installation guide,=20 >> however, I am not able to authenticate with Ambari. I see the following= in the logs: >>=20 >>=20 >>=20 >> INFO AmbariLocalUserDetailsService:67 - user not found >>=20 >> INFO AmbariLdapAuthenticationProvider:128 - Reloading properties >>=20 >> INFO AmbariLdapAuthenticationProvider:78 - LDAP Properties changed -=20= >> rebuilding Context >>=20 >> INFO AbstractContextSource:330 - Property 'userDn' not set -=20 >> anonymous context will be used for read-write operations >>=20 >> INFO FilterBasedLdapUserSearch:89 - SearchBase not set. Searches will=20= >> be performed from the root: ou=3DIS,o=3Dnyp.org >>=20 >>=20 >>=20 >> Should I add more detail to the Ambari properties file? >>=20 >>=20 >>=20 >> Thanks. >>=20 >>=20 >>=20 >> Artem Ervits >>=20 >> New York Presbyterian Hospital >>=20 >>=20 >>=20 >>=20 >> This electronic message is intended to be for the use only of the=20 >> named recipient, and may contain information that is confidential or pr= ivileged. >> If you are not the intended recipient, you are hereby notified that=20 >> any disclosure, copying, distribution or use of the contents of this=20= >> message is strictly prohibited. If you have received this message in=20= >> error or are not the named recipient, please notify us immediately by=20= >> contacting the sender at the electronic mail address noted above, and=20= >> delete and destroy all copies of this message. Thank you. >=20 > -- > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity= to which it is addressed and may contain information that is confidential= , privileged and exempt from disclosure under applicable law. If the reade= r of this message is not the intended recipient, you are hereby notified t= hat any printing, copying, dissemination, distribution, disclosure or forw= arding of this communication is strictly prohibited. If you have received = this communication in error, please contact the sender immediately and del= ete it from your system. Thank You. >=20 > This electronic message is intended to be for the use only of the named = recipient, and may contain information that is confidential or privileged.= If you are not the intended recipient, you are hereby notified that any = disclosure, copying, distribution or use of the contents of this message i= s strictly prohibited. If you have received this message in error or are = not the named recipient, please notify us immediately by contacting the se= nder at the electronic mail address noted above, and delete and destroy al= l copies of this message. Thank you. -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity t= o which it is addressed and may contain information that is confidential, = privileged and exempt from disclosure under applicable law. If the reader = of this message is not the intended recipient, you are hereby notified tha= t any printing, copying, dissemination, distribution, disclosure or forwar= ding of this communication is strictly prohibited. If you have received th= is communication in error, please contact the sender immediately and delet= e it from your system. Thank You. This electronic message is intended to be for the use only of the named re= cipient, and may=20contain information that is confidential or privileged.= If you are not the intended recipient, you are hereby notified that any = disclosure, copying, distribution or use of the contents of this message i= s strictly prohibited. If you have received this message in error or are = not the named recipient, please notify us immediately by contacting the se= nder at the electronic mail address noted above, and delete and destroy al= l copies of this message. Thank you.