1.1. Setting Up LDAP Authentication

The following table details the properties and values you need to know to set up LDAP authentication.

[Note]Note

If you are going to set bindAnonymously to false (the default), you need to make sure you have an LDAP Manager name and password set up. If you are going to use SSL, you need to make sure you have already set up your certificate and keys.

 

Table 2.1. Ambari Server LDAP Properties

PropertyValuesDescription
authentication.ldap.primaryUrlserver:port

The hostname and port for the LDAP or AD server.

Example: my.ldap.server:389

authentication.ldap.secondaryUrlserver:port

The hostname and port for the secondary LDAP or AD server.

Example: my.secondary.ldap.server:389

This is an optional value.

authentication.ldap.useSSLtrue or false If true, use SSL when connecting to the LDAP or AD server.
authentication.ldap. usernameAttribute[LDAP attribute]

The attribute for username

Example: uid

authentication.ldap.baseDn[Distinguished Name]

The root Distinguished Name to search in the directory for users.

Example:

ou=people,dc=hadoop,dc=apache,dc=org

authentication.ldap. bindAnonymouslytrue or falseIf true, bind to the LDAP or AD server anonymously
authentication.ldap.managerDn[Full Distinguished Name]

If Bind anonymous is set to false, the Distinguished Name (“DN”) for the manager.

Example:

uid=hdfs,ou=people,dc=hadoop,dc=apache,dc=org

authentication.ldap. managerPassword[password] If Bind anonymous is set to false, the password for the manager