Setting Up LDAP User Authentication
The following table details the properties and values you need to know to set up LDAP authentication.
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
If you are going to set |
Ambari Server LDAP Properties
Property | Values | Description |
|---|---|---|
authentication.ldap.primaryUrl | server:port | The hostname and port for the LDAP or AD server. Example: my.ldap.server:389 |
authentication.ldap.secondaryUrl | server:port | The hostname and port for the secondary LDAP or AD server. Example: my.secondary.ldap.server:389 This is an optional value. |
authentication.ldap.useSSL | true or false | If true, use SSL when connecting to the LDAP or AD server. |
authentication.ldap.usernameAttribute | [LDAP attribute] | The attribute for username. Example: uid |
authentication.ldap.baseDn | [Distinguished Name] | The root Distinguished Name to search in the directory for users. Example: ou=people,dc=hadoop,dc=apache,dc=org |
authentication.ldap.referral | [Referral method] | Determines if LDAP referrals should be followed, or ignored. |
authentication.ldap.bindAnonymously | true or false | If true, bind to the LDAP or AD server anonymously |
authentication.ldap.managerDn | [Full Distinguished Name] | If Bind anonymous is set to false, the Distinguished Name (“DN”) for the manager. Example: uid=hdfs,ou=people,dc=hadoop,dc=apache,dc=org |
authentication.ldap.managerPassword | [password] | If Bind anonymous is set to false, the password for the manager |
authentication.ldap.userObjectClass | [LDAP Object Class] | The object class that is used for users. Example: organizationalPerson |
authentication.ldap.groupObjectClass | [LDAP Object Class] | The object class that is used for groups. Example: groupOfUniqueNames |
authentication.ldap.groupMembershipAttr | [LDAP attribute] | The attribute for group membership. Example: uniqueMember |
authentication.ldap.groupNamingAttr | [LDAP attribute] | The attribute for group name. |