Configure user authentication

After obtaining your LDAP/AD information, configure LDAP/AD user authentication for Cloudbreak.

Steps

On the Cloudbreak host, browse to /var/lib/cloudbreak-deployment.
Create a new yml file called uaa-changes.yml.

In the yml file enter the following using your LDAP/AD information.

spring_profiles: postgresql,ldap

ldap:
  profile:
    file: ldap/ldap-search-and-bind.xml
  base:
    url: ldap://10.0.3.138:389
    userDn: cn=Administrator,ou=srv,dc=hortonworks,dc=local
    password: ’mypassword’
    searchBase: ou=Users,dc=hortonworks,dc=local
    searchFilter: mail={0}
  groups:
    file: ldap/ldap-groups-map-to-scopes.xml
    searchBase: ou=Groups,dc=hortonworks,dc=local
    searchSubtree: false
    maxSearchDepth: 1
    groupSearchFilter: member={0}
    autoAdd: true

If using LDAPS, use an LDAPS URL such as ldaps://10.0.3.138:636.

Save the file and restart Cloudbreak.

Troubleshooting

If you are using LDAPS and the authentication is not working, check the logs of the identity service on the Cloudbreak host:

cbd logs identity

A message similar to the following means UAA could not connect to the LDAP server because it could not validate its certificate:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To resolve this issue, turn off certificate validation by adding the following lines under the ldap attribute in the uaa-changes.yml file:

ssl: 
    skipverification: true

Next, save the file and restart Cloudbreak.