You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2018/06/29 17:41:00 UTC
[jira] [Created] (AMBARI-24225) Ambari Server Secure LDAP (LDAPS)
setup fails with internal error
Andrew Onischuk created AMBARI-24225:
----------------------------------------
Summary: Ambari Server Secure LDAP (LDAPS) setup fails with internal error
Key: AMBARI-24225
URL: https://issues.apache.org/jira/browse/AMBARI-24225
Project: Ambari
Issue Type: Bug
Reporter: Andrew Onischuk
Assignee: Andrew Onischuk
Fix For: 2.7.0
Attachments: AMBARI-24225.patch
perform ambari-server setup-ldap
At use SSL* prompt choose true to setup secure ldap
Send value on rest of the prompts as seen below. trusttore is already created
before this setup.
At the end this fails with a 500 internal server error.
[root@ctr-e138-1518143905142-384562-01-000008 init.d]# ambari-server setup-ldap
Using python /usr/bin/python
Primary URL Host* : ctr-e138-1518143905142-384562-01-000008.hwx.site
Primary URL Port* : 636
Secondary URL Host :
Secondary URL Port :
Use SSL* [true/false] (false): true
User object class* (person):
User name attribute* (uid):
Group object class* (ou=groups,dc=ambari,dc=apache,dc=org):
Group name attribute* (cn):
Group member attribute* (memberUid):
Distinguished name attribute* (dn):
Base DN* (dc=ambari,dc=apache,dc=org): dc=apache,dc=org
Referral method [follow/ignore] :
Bind anonymously* [true/false] (false):
Handling behavior for username collisions [convert/skip] for LDAP sync* (convert):
Force lower-case user names [true/false] :true
Results from LDAP are paginated when requested [true/false] :true
Manager DN* : uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
Enter Manager Password* :
Re-enter password:
Do you want to provide custom TrustStore for Ambari [y/n] (n)?y
TrustStore type [jks/jceks/pkcs12] (jks):jks
Path to TrustStore file :/root/keystore.jks
Password for TrustStore:
Re-enter password:
====================
Review Settings
====================
Primary URL Host* : ctr-e138-1518143905142-384562-01-000008.hwx.site
Primary URL Port* : 636
Use SSL* [true/false] (false): true
User object class* (person): person
User name attribute* (uid): uid
Group object class* (ou=groups,dc=ambari,dc=apache,dc=org): ou=groups,dc=ambari,dc=apache,dc=org
Group name attribute* (cn): cn
Group member attribute* (memberUid): memberUid
Distinguished name attribute* (dn): dn
Base DN* (dc=ambari,dc=apache,dc=org): dc=apache,dc=org
Bind anonymously* [true/false] (false): false
Handling behavior for username collisions [convert/skip] for LDAP sync* (convert): convert
Force lower-case user names [true/false] : true
Results from LDAP are paginated when requested [true/false] : true
ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
ambari.ldap.connectivity.bind_password: *****
ssl.trustStore.type: jks
ssl.trustStore.path: /root/keystore.jks
ssl.trustStore.password: *****
Save settings [y/n] (y)? y
Saving LDAP properties...
Enter Ambari Admin login: admin
Enter Ambari Admin password:
ERROR: Unexpected HTTPError: HTTP Error 500: Internal Server Error
For more info run ambari-server with -v or --verbose option
Found following in ambari-audit logs
[root@ctr-e138-1518143905142-384562-01-000008 ambari-server]# tail -1000f ambari-audit.log
2018-06-29T02:34:58.425Z, User(null), RemoteIp(127.0.0.1), Operation(User login), Roles(
), Status(Failed), Reason(Authentication required), Consecutive failures(UNKNOWN USER)
2018-06-29T02:34:58.482Z, User(admin), RemoteIp(127.0.0.1), Operation(User login), Roles(
Ambari: Ambari Administrator
), Status(Success)
2018-06-29T02:34:58.638Z, User(admin), RemoteIp(127.0.0.1), RequestType(PUT), url(http://127.0.0.1:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/ldap-configuration), ResultStatus(200 OK)
2018-06-29T06:01:46.430Z, User(null), RemoteIp(127.0.0.1), Operation(User login), Roles(
), Status(Failed), Reason(Authentication required), Consecutive failures(UNKNOWN USER)
2018-06-29T06:01:46.510Z, User(admin), RemoteIp(127.0.0.1), Operation(User login), Roles(
Ambari: Ambari Administrator
), Status(Success)
2018-06-29T06:01:46.642Z, User(admin), RemoteIp(127.0.0.1), RequestType(PUT), url(http://127.0.0.1:8080/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/ldap-configuration), ResultStatus(500 Internal Server Error), Reason(org.apache.ambari.server.controller.spi.SystemException: Invalid Ambari server configuration key: ldap-configuration:ssl.trustStore.path)
^C
[root@ctr-e138-1518143905142-384562-01-000008 ambari-server]#
Could you please help take a look to identofy the issue
Cluster where this is reproduced :
172.27.76.136 ctr-e138-1518143905142-384562-01-000008.hwx.site
172.27.76.136 ctr-e138-1518143905142-384562-01-000008.hwx.site ctr-e138-1518143905142-384562-01-000008
172.27.76.128 ctr-e138-1518143905142-384562-01-000004.hwx.site ctr-e138-1518143905142-384562-01-000004
172.27.57.11 ctr-e138-1518143905142-384562-01-000003.hwx.site ctr-e138-1518143905142-384562-01-000003
172.27.79.80 ctr-e138-1518143905142-384562-01-000005.hwx.site ctr-e138-1518143905142-384562-01-000005
172.27.57.3 ctr-e138-1518143905142-384562-01-000009.hwx.site ctr-e138-1518143905142-384562-01-000009
172.27.79.82 ctr-e138-1518143905142-384562-01-000010.hwx.site ctr-e138-1518143905142-384562-01-000010
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)