1.1. Setting Up LDAP User Authentication

The following table details the properties and values you need to know to set up LDAP authentication.

[Note]Note

If you are going to set bindAnonymously to false (the default), you need to make sure you have an LDAP Manager name and password set up. If you are going to use SSL, you need to make sure you have already set up your certificate and keys.

Ambari Server LDAP Properties

Property

Values

Description

authentication.ldap.primaryUrl

server:port

The hostname and port for the LDAP or AD server.

Example: my.ldap.server:389

authentication.ldap.secondaryUrl

server:port

The hostname and port for the secondary LDAP or AD server. Example: my.secondary.ldap.server:389

This is an optional value.

authentication.ldap.useSSL

true or false

If true, use SSL when connecting to the LDAP or AD server.

authentication.ldap.usernameAttribute

[LDAP attribute]

The attribute for username. Example: uid

authentication.ldap.baseDn

[Distinguished Name]

The root Distinguished Name to search in the directory for users. Example:

ou=people,dc=hadoop,dc=apache,dc=org

authentication.ldap.referral

[Referral method]

Determines if LDAP referrals should be followed, or ignored.

authentication.ldap.bindAnonymously

true or false

If true, bind to the LDAP or AD server anonymously

authentication.ldap.managerDn

[Full Distinguished Name]

If Bind anonymous is set to false, the Distinguished Name (“DN”) for the manager.

Example: uid=hdfs,ou=people,dc=hadoop,dc=apache,dc=org

authentication.ldap.managerPassword

[password]

If Bind anonymous is set to false, the password for the manager

authentication.ldap.userObjectClass

[LDAP Object Class]

The object class that is used for users.

Example: organizationalPerson

authentication.ldap.groupObjectClass

[LDAP Object Class]

The object class that is used for groups.

Example: groupOfUniqueNames

authentication.ldap.groupMembershipAttr

[LDAP attribute]

The attribute for group membership.

Example: uniqueMember

authentication.ldap.groupNamingAttr

[LDAP attribute]

The attribute for group name.