Advanced Cloudbreak Configuration
Also available as:

Configure user authentication

After obtaining your LDAP/AD information, configure LDAP/AD user authentication for Cloudbreak.


  1. On the Cloudbreak host, browse to /var/lib/cloudbreak-deployment.
  2. Create a new yml file called uaa-changes.yml.
  3. In the yml file enter the following using your LDAP/AD information.
    spring_profiles: postgresql,ldap
        file: ldap/ldap-search-and-bind.xml
        url: ldap://
        userDn: cn=Administrator,ou=srv,dc=hortonworks,dc=local
        password: ’mypassword’
        searchBase: ou=Users,dc=hortonworks,dc=local
        searchFilter: mail={0}
        file: ldap/ldap-groups-map-to-scopes.xml
        searchBase: ou=Groups,dc=hortonworks,dc=local
        searchSubtree: false
        maxSearchDepth: 1
        groupSearchFilter: member={0}
        autoAdd: true

    If using LDAPS, use an LDAPS URL such as ldaps://

  4. If you have an LDAP server certificate that you would like to use, copy it to the certs directory within the Cloudbreak deployment directory. By default, this is /var/lib/cloudbreak-deployment/certs/.
  5. Save the file and restart Cloudbreak.

    If using an LDAP server certificate, when the identity container starts, it imports all certificates from the certs directory to JVM's trust store, enabling UAA to trust the LDAP server certificate.