Advanced Cloudbreak Configuration
Also available as:

Configure user authentication

After obtaining your LDAP/AD information, configure LDAP/AD user authentication for Cloudbreak.


  1. On the Cloudbreak host, browse to /var/lib/cloudbreak-deployment.
  2. Create a new yml file called uaa-changes.yml.
  3. In the yml file enter the following using your LDAP/AD information.
    spring_profiles: postgresql,ldap
        file: ldap/ldap-search-and-bind.xml
        url: ldap://
        userDn: cn=Administrator,ou=srv,dc=hortonworks,dc=local
        password: ’mypassword’
        searchBase: ou=Users,dc=hortonworks,dc=local
        searchFilter: mail={0}
        file: ldap/ldap-groups-map-to-scopes.xml
        searchBase: ou=Groups,dc=hortonworks,dc=local
        searchSubtree: false
        maxSearchDepth: 1
        groupSearchFilter: member={0}
        autoAdd: true

    If using LDAPS, use an LDAPS URL such as ldaps://

  4. Save the file and restart Cloudbreak.


If you are using LDAPS and the authentication is not working, check the logs of the identity service on the Cloudbreak host:
cbd logs identity

A message similar to the following means UAA could not connect to the LDAP server because it could not validate its certificate:

Caused by: PKIX path building failed: unable to find valid certification path to requested target

To resolve this issue, turn off certificate validation by adding the following lines under the ldap attribute in the uaa-changes.yml file:

    skipverification: true

Next, save the file and restart Cloudbreak.