How to integrate Ambari with ldap

  • 3

How to integrate Ambari with ldap

Tags :

Category : Ambari

By default, Ambari uses an internal database as the user store for authentication and authorization. If you wish to add LDAP external authentication in addition for Ambari Web, you need to make some edits to the Ambari properties file.

  1. Collect following information :
  • ldap.primaryUrl=<ldap_server_name>:389
  • ldap.useSSL=false
  • ldap.usernameAttribute=sAMAccountName
  • ldap.baseDn=cn=Users,dc=<sreach_dir>,dc=com
  • ldap.bindAnonymously=false
  • ldap.managerDn=cn=ambari,cn=users,dc=<sreach_dir>,dc=com
  • ldap.managerPassword=/etc/ambari-server/conf/ldap-password.dat
  • ldap.userObjectClass=user
  • ldap.groupObjectClass=group
  • ldap.groupMembershipAttr=memberOf
  • ldap.groupNamingAttr=cn
  • ldap.referral=ignore
  • ldap.isConfigured=true
  • security=ldap
  • ldap.dnAttribute=dn
  1. Create ldap-password.dat file with ldap password under =/etc/ambari-server/conf :

[root@m1 ~]# vi /etc/ambari-server/conf/ldap-password.dat

  1. Run Ambari ldap integration command on Ambari server and provide all required information, which you have collected above:

[root@m1 ~]# ambari-server setup-ldap

  1. Once it is done then restart your Ambari server:

[root@m1 ~]# ambari-server restart

  1. There is a problem in Ambari which does not sync users automatically so for that we have create a file users.txt(put user’s windows id in this file) under home dir and then usersync command manually:

[root@m1 ~]# vi users.txt

[root@m1 ~]# sudo /usr/sbin/ambari-server sync-ldap –users /root/users.txt

Using python /usr/bin/python2

Syncing with LDAP…

Enter Ambari Admin login: admin

Enter Ambari Admin password:

Syncing specified users and groups….


Completed LDAP Sync.



removed = 0

created = 0


updated = 0

removed = 0

created = 1


updated = 0

removed = 0

created = 0

Ambari Server ‘sync-ldap’ completed successfully.

When you have made the necessary edits to the properties file. Initially the users you have enabled will all have User privileges. Users can read metrics, view service status and configuration, and browse job information.