You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by bjonnakuti <bj...@fulcrm.com> on 2015/10/19 22:22:26 UTC

Unable to sync group membership from LDAP

Hi,

I am trying to use LDAP authentication for ambari. I am able to sync 
users and groups but unable to sync group memberships. Below are the 
details.

Ambari Version : 2.1.2
LDAP Version: openldap-2.4.31

*Ambari Configuration:*
authentication.ldap.baseDn=dc=qbe,dc=fulcrm,dc=com
authentication.ldap.bindAnonymously=false
authentication.ldap.dnAttribute=dn
authentication.ldap.groupMembershipAttr=member
authentication.ldap.groupNamingAttr=cn
authentication.ldap.groupObjectClass=groupOfNames
authentication.ldap.managerDn=cn=admin,dc=qbe,dc=fulcrm,dc=com
authentication.ldap.managerPassword=/etc/ambari-server/conf/ldap-password.dat
authentication.ldap.primaryUrl=10.206.0.24:389
authentication.ldap.referral=ignore
authentication.ldap.useSSL=false
authentication.ldap.userObjectClass=person
authentication.ldap.usernameAttribute=uid

We used member attribute to link the users to group. Can you please help 
me fixing this issue.

Thanks,
Bala

Re: Unable to sync group membership from LDAP

Posted by Robert Levas <rl...@hortonworks.com>.
Hi Bala…

Was anyone able to answer your question or have you solved this yourself.

Without seeing you schema it’s hard to tell what the issue is. However for the object class “groupOfNames”, it is expected that the “member” attribute is the “dn” of the user objects that exist in the group.  Can you make sure this is the case?

Also, have you checked the ambari-server.log to see if there are any interesting errors related to this?

Rob




On 10/19/15, 4:22 PM, "bjonnakuti" <bj...@fulcrm.com> wrote:

>Hi,
>
>I am trying to use LDAP authentication for ambari. I am able to sync 
>users and groups but unable to sync group memberships. Below are the 
>details.
>
>Ambari Version : 2.1.2
>LDAP Version: openldap-2.4.31
>
>*Ambari Configuration:*
>authentication.ldap.baseDn=dc=qbe,dc=fulcrm,dc=com
>authentication.ldap.bindAnonymously=false
>authentication.ldap.dnAttribute=dn
>authentication.ldap.groupMembershipAttr=member
>authentication.ldap.groupNamingAttr=cn
>authentication.ldap.groupObjectClass=groupOfNames
>authentication.ldap.managerDn=cn=admin,dc=qbe,dc=fulcrm,dc=com
>authentication.ldap.managerPassword=/etc/ambari-server/conf/ldap-password.dat
>authentication.ldap.primaryUrl=10.206.0.24:389
>authentication.ldap.referral=ignore
>authentication.ldap.useSSL=false
>authentication.ldap.userObjectClass=person
>authentication.ldap.usernameAttribute=uid
>
>We used member attribute to link the users to group. Can you please help 
>me fixing this issue.
>
>Thanks,
>Bala