Setting Up LDAP User Authentication
The following table details the properties and values you need to know to set up LDAP authentication.
Note | |
---|---|
If you are going to set |
Ambari Server LDAP Properties
Property |
Values |
Description |
---|---|---|
authentication.ldap.primaryUrl |
server:port |
The hostname and port for the LDAP or AD server. Example: my.ldap.server:389 |
authentication.ldap.secondaryUrl |
server:port |
The hostname and port for the secondary LDAP or AD server. Example: my.secondary.ldap.server:389 This is an optional value. |
authentication.ldap.useSSL |
true or false |
If true, use SSL when connecting to the LDAP or AD server. |
authentication.ldap.usernameAttribute |
[LDAP attribute] |
The attribute for username. Example: uid |
authentication.ldap.baseDn |
[Distinguished Name] |
The root Distinguished Name to search in the directory for users. Example: ou=people,dc=hadoop,dc=apache,dc=org |
authentication.ldap.referral |
[Referral method] |
Determines if LDAP referrals should be followed, or ignored. |
authentication.ldap.bindAnonymously |
true or false |
If true, bind to the LDAP or AD server anonymously |
authentication.ldap.managerDn |
[Full Distinguished Name] |
If Bind anonymous is set to false, the Distinguished Name (“DN”) for the manager. Example: uid=hdfs,ou=people,dc=hadoop,dc=apache,dc=org |
authentication.ldap.managerPassword |
[password] |
If Bind anonymous is set to false, the password for the manager |
authentication.ldap.userObjectClass |
[LDAP Object Class] |
The object class that is used for users. Example: organizationalPerson |
authentication.ldap.groupObjectClass |
[LDAP Object Class] |
The object class that is used for groups. Example: groupOfUniqueNames |
authentication.ldap.groupMembershipAttr |
[LDAP attribute] |
The attribute for group membership. Example: uniqueMember |
authentication.ldap.groupNamingAttr |
[LDAP attribute] |
The attribute for group name. |